Jump to content

Recommended Posts

Hijackthis log

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:30:04 PM, on 3/2/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16798)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
C:\Program Files (x86)\Consumer Input\dca-ua.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\shutterfly\shutterfly express uploader\shutterfly express uploader.exe
c:\program files (x86)\shutterfly\shutterfly express uploader\sflysvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Liang\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwide.com/?guid={8B370E20-45CA-46E9-A7A7-7841329E6241}&serpv=22
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findwide.com/?guid={8B370E20-45CA-46E9-A7A7-7841329E6241}&serpv=22
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: getsav-in 5.0 - {0B60D63D-2EAD-4823-984B-C5177E94A361} - C:\Users\Liang\AppData\Local\getsav-in\ie\getsav-in_1371730502.dll
O2 - BHO: TidyNetwork - {0E71DEDA-D774-316D-E375-03FD2E1CAD92} - C:\Program Files (x86)\TidyNetwork\petn.dll
O2 - BHO: albrechto - {1881a451-f7fb-44bc-85b2-fcea4b1403e3} - C:\Program Files (x86)\albrechto\albrechtoBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MyWordTool - {45470599-8237-486D-87B5-E89CD6AED154} - C:\Users\Liang\AppData\Roaming\MyWordTool\temp.dat
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Playtopus Games - {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} - C:\Users\Liang\AppData\Local\Playtopus\Playtopus.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll
O3 - Toolbar: FindWide Toolbar - {8AC9FAD5-675E-44B7-97AE-85FFC3B66888} - C:\Program Files (x86)\TNT2\Profiles\10743\passport.dll
O4 - HKLM\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_00FEC87B4C7A2C1440E983D94B5E519E] "C:\Program Files (x86)\Fast Browser\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default"
O4 - HKCU\..\Run: [My Faster PC] C:\Program Files (x86)\ConsumerSoft\My Faster PC\mfpchelper.exe
O4 - HKCU\..\Run: [DefragReminder] C:\Program Files (x86)\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\RunOnce: [PlayTopus Action 1] cmd /c del /F /Q "C:\Users\Liang\AppData\Local\Temp\update.exe"
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: c:\progra~2\optimi~1\optpro~1.dll
O23 - Service: Optimizer Pro Crash Monitor (70e6ca8c) - Unknown owner - c:\progra~2\optimi~1\OptProCrash.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DSUDiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\windows\SysWOW64\irstrtsv.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Norton Anti-Theft (NAT) - Symantec Corporation - C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Network Service (TNSSVC) - Unknown owner - C:\Program Files\Toshiba\LANDriver\TNSSVC.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Update albrechto - Unknown owner - C:\Program Files (x86)\albrechto\updatealbrechto.exe
O23 - Service: Util albrechto - Unknown owner - C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 15836 bytes
 
Link to post
Share on other sites

Welcome to the forum.

First:

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for your help. I followed your instructions and downloaded Malwarebytes and did a scan and removed all malware found. But I have W8 and cannot run DDS, how do I proceed? The Malwarebytes did not fix the problem as some malwares are still hijacking my webpage when I click on a link.

Thanks again,

Link to post
Share on other sites

DDS worked here are the logs, attachtxt and Roguekiller report, Thanks,

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16798  BrowserJavaVersion: 10.40.2
Run by Liang at 20:32:06 on 2014-03-05
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6038.4128 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Toshiba\LANDriver\TNSSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by TOSHIBA
mWindow Title = Internet Explorer provided by TOSHIBA
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: getsav-in 5.0: {0B60D63D-2EAD-4823-984B-C5177E94A361} - C:\Users\Liang\AppData\Local\getsav-in\ie\getsav-in_1371730502.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GoogleChromeAutoLaunch_00FEC87B4C7A2C1440E983D94B5E519E] "C:\Program Files (x86)\Fast Browser\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default"
uRun: [My Faster PC] C:\Program Files (x86)\ConsumerSoft\My Faster PC\mfpchelper.exe
uRun: [DefragReminder] C:\Program Files (x86)\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Liang\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{7CBB82CC-E183-45DA-9CF9-5B0DCAEA4B20} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7CBB82CC-E183-45DA-9CF9-5B0DCAEA4B20}\2375942554335363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7CBB82CC-E183-45DA-9CF9-5B0DCAEA4B20}\2375942554336343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7CBB82CC-E183-45DA-9CF9-5B0DCAEA4B20}\4427F6070214E63686F627D2E4 : DHCPNameServer = 68.87.74.162 68.87.68.162
TCP: Interfaces\{8E621DE2-2F60-4A18-83F6-9D30AF794C62} : DHCPNameServer = 192.168.0.1 192.168.0.2
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {7D2B3E1D-D096-4594-9D8F-A6667F12E0AC} - "C:\Program Files (x86)\Fast Browser\Application\29.0.1531.0\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-BHO: TidyNetwork: {0E71DEDA-D774-316D-E375-03FD2E1CAD92} - 
x64-TB: FindWide Toolbar: {8AC9FAD5-675E-44B7-97AE-85FFC3B66888} - 
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [sRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-5-4 647736]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-6-18 499096]
R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2013-5-4 168608]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\Drivers\NATx64\010A000.009\ccSetx64.sys [2013-10-23 150104]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\Drivers\ctxusbm.sys [2012-12-5 98888]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-7-1 32808]
R2 DSUDiskOptimizer;DSUDiskOptimizer;C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe [2013-9-10 692008]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-5-4 129856]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-5-4 193576]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-5-4 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-5 701512]
R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [2013-10-23 232424]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-9 144368]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-11 3939008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2013-6-8 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [2012-12-15 126392]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-5-4 201872]
R2 TNSSVC;TOSHIBA Network Service;C:\Program Files\TOSHIBA\LANDriver\TNSSVC.exe [2013-5-4 40944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2012-10-8 319400]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-5-4 365376]
R2 UpdateServiceTool;UpdateSoftware;C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe [2014-3-5 6656]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [2013-7-2 1393240]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-9 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-6-9 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130702.001\IDSviA64.sys [2013-7-2 513184]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\windows\System32\Drivers\irstrtdv.sys [2013-5-4 43800]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-10-9 25568]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2014-3-5 25928]
R3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-10-8 3345376]
R3 risdxc;risdxc;C:\windows\System32\Drivers\risdxc64.sys [2013-5-4 105984]
R3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-6-9 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-6-9 1139800]
R3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-6-9 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-6-9 433752]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-8-23 53384]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2012-7-28 458152]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-10-9 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-10-9 188896]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-10-9 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S4 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-6-9 23448]
.
=============== Created Last 30 ================
.
2014-03-06 02:03:16 -------- d-----w- C:\Program Files (x86)\TempInstaller
2014-03-06 02:03:01 -------- d-----w- C:\Users\Liang\AppData\Local\SwvUpdater
2014-03-06 02:02:54 -------- d-----w- C:\Program Files (x86)\Re-markit-soft
2014-03-06 01:58:30 -------- d-----w- C:\Users\Liang\AppData\Roaming\Malwarebytes
2014-03-06 01:58:26 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-06 01:58:25 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-03-06 01:58:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-06 01:57:49 -------- d-----w- C:\Users\Liang\AppData\Local\SearchProtect
2014-03-06 01:57:44 -------- d-----w- C:\Program Files (x86)\YTD Downloader
2014-03-06 01:57:44 -------- d-----w- C:\Program Files (x86)\Bin
2014-03-06 01:57:14 -------- d-----w- C:\Program Files (x86)\sweetpacks bundle uninstaller
2014-03-06 01:56:20 252080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10235.bin
2014-02-15 17:44:22 583680 ----a-w- C:\windows\System32\msdrm.dll
2014-02-15 17:44:22 451072 ----a-w- C:\windows\SysWow64\msdrm.dll
2014-02-13 00:53:00 2232664 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-02-13 00:51:59 3288576 ----a-w- C:\windows\SysWow64\d2d1.dll
2014-02-13 00:51:59 2238976 ----a-w- C:\windows\System32\d3d10warp.dll
2014-02-13 00:51:59 2032640 ----a-w- C:\windows\SysWow64\d3d10warp.dll
.
==================== Find3M  ====================
.
2014-02-17 22:03:37 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:03:37 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-02-01 09:19:49 2241536 ----a-w- C:\windows\System32\wininet.dll
2014-02-01 09:19:36 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-02-01 09:19:36 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-02-01 09:18:25 3960320 ----a-w- C:\windows\System32\jscript9.dll
2014-02-01 09:18:21 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-02-01 09:18:21 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-02-01 07:58:31 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-01 07:58:24 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-02-01 07:57:20 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-01 07:57:16 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-01 07:57:16 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-02-01 07:40:43 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-01 07:34:53 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-01 05:08:52 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2013-12-09 00:45:52 523776 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-12-08 23:59:47 600064 ----a-w- C:\windows\System32\vbscript.dll
2013-12-07 06:37:24 688640 ----a-w- C:\windows\System32\WSShared.dll
2013-12-07 06:37:24 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-07 05:15:46 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-12-07 05:15:46 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
============= FINISH: 20:32:22.08 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 6/4/2013 6:13:55 PM
System Uptime: 3/5/2014 8:21:22 PM (0 hours ago)
.
Motherboard: TOSHIBA |  | PORTEGE Z935
Processor: Intel® Core i3-3227U CPU @ 1.90GHz | Socket BGA1023 | 1901/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 102 GiB total, 43.685 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP24: 1/16/2014 9:52:27 PM - Windows Update
RP25: 2/1/2014 1:34:05 PM - Scheduled Checkpoint
RP26: 2/9/2014 8:30:19 AM - Windows Update
RP27: 2/12/2014 8:41:14 PM - Windows Update
RP28: 2/23/2014 1:09:17 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Reader X (10.1.3)
albrechto
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
D3DX10
Delta Chrome Toolbar
Disk Speedup
Fast Browser
getsav-in
Google Chrome
Google Update Helper
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® PRO/Wireless Driver
Intel® Processor Graphics
Intel® Rapid Start Technology
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® WiDi
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Java 7 Update 40
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
My Faster PC
MyPC Backup 
Norton Anti-Theft
Norton Internet Security
Norton Online Backup
Norton Online Backup ARA
Norton PC Checkup
Norton Security Dashboard
Online Plug-in
Optimizer Pro v3.2
Origin
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
Playtopus
Re-markit
Realtek High Definition Audio Driver
RICOH Media Driver v2.23.17.01
Self-service Plug-in
Shutterfly Express Uploader
SoftwareWatcher bundle
SRS Premium Sound Control Panel
Synaptics Pointing Device Driver
Toshiba App Place
TOSHIBA Application Installer
Toshiba Book Place
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
TOSHIBA Password Utility
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBARegistration
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
YTD Downloader version 1.5
.
==== Event Viewer Messages From Past Week ========
.
3/5/2014 8:21:27 PM, Error: BTHUSB [30]  - The local adapter does not support an important Low Energy controller state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.
3/3/2014 10:29:06 PM, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
.
==== End Of File ===========================
 
 
RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Liang [Admin rights]
Mode : Scan -- Date : 03/05/2014 20:43:42
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] Playtopus Updater.job : C:\Windows\SysWOW64\rundll32.exe - C:\Users\Liang\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest [-][7][x] -> FOUND
[V2][sUSP PATH] EPUpdater : C:\Users\Liang\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [7] -> FOUND
[V2][sUSP PATH] Playtopus Updater : C:\Windows\SysWOW64\rundll32.exe - C:\Users\Liang\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest [-][7][x] -> FOUND
[V2][sUSP PATH] TidyNetwork Update : C:\Users\Liang\AppData\Local\TidyNetwork\petnupdate.exe - CID=TRUS26 AUTOGUID={0E71DEDA-D774-316D-E375-03FD2E1CAD92} [x][x][x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA THNSNF128GMCS +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) Ricoh SD Disk Device +++++
--- User ---
[MBR] 51ec58e675fca70fc66d47df21e28b6f
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3882 Mo
Error reading LL1 MBR! ([0x32] The request is not supported. )
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_03052014_204342.txt >>
 
 
 
 
Link to post
Share on other sites

Make sure you have created a system restore point before you continue!

Please uninstall all of these from your add/remove programs if possible:

Optimizer Pro v3.2
Fast Browser
getsav-in
Disk Speedup
My Faster PC
MyPC Backup


Then..............

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Last..................

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC (Be Back in the AM)

Link to post
Share on other sites

# AdwCleaner v3.020 - Report created 05/03/2014 at 22:23:27

# Updated 27/02/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Liang - SPENONO

# Running from : C:\Users\Liang\Downloads\adwcleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Liang\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\94ded8b03de947

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\Compete

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\mysearchdial

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software\Compete

Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\CompeteInc

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Delta

Key Deleted : HKLM\Software\InstallCore

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\Software\systweak

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16798

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [secondary Start Pages]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [secondary Start Pages]

 

-\\ Google Chrome v33.0.1750.146

 

[ File : C:\Users\Liang\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [13140 octets] - [05/03/2014 21:30:37]

AdwCleaner[R1].txt - [11590 octets] - [05/03/2014 22:20:40]

AdwCleaner[s0].txt - [2077 octets] - [05/03/2014 22:19:09]

AdwCleaner[s1].txt - [9214 octets] - [05/03/2014 22:23:27]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [9274 octets] ##########

 

 

 

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02

Ran by Liang (administrator) on SPENONO on 05-03-2014 22:30:56

Running from C:\Users\Liang\Downloads

Windows 8 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\windows\system32\WLANExt.exe

() C:\Program Files\Toshiba\LANDriver\TNSSVC.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\windows\system32\dashost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\windows\SysWOW64\irstrtsv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe

(Quiknowledge) C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe

(VIS without Co) C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe

() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] - [X]

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)

HKLM\...\Run: [sRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)

HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()

HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()

HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [TOSDCR] - %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe

HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)

HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

ProxyEnable: Internet Explorer proxy is enabled.

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com

URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File

SearchScopes: HKLM - DefaultScope {13667E52-D215-4D11-8775-B9240B4C668C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS

SearchScopes: HKLM - {13667E52-D215-4D11-8775-B9240B4C668C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS

SearchScopes: HKLM-x32 - {13667E52-D215-4D11-8775-B9240B4C668C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS


SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}

SearchScopes: HKCU - {13667E52-D215-4D11-8775-B9240B4C668C} URL = 

SearchScopes: HKCU - {C8B1BE9D-78D2-47BD-A832-EBC7A990A7A8} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10743

SearchScopes: HKCU - {D45A0296-0EFE-4662-91B1-6DC3EF8A6B65} URL = http://search.findwide.com/serp?guid={8B370E20-45CA-46E9-A7A7-7841329E6241}&action=default_search&serpv=22&k={searchTerms}

SearchScopes: HKCU - {D9B4DF74-666C-402E-8536-812A0CC47D65} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130625,19890,0,25,0

BHO: TidyNetwork - {0E71DEDA-D774-316D-E375-03FD2E1CAD92} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File

BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - FindWide Toolbar - {8AC9FAD5-675E-44B7-97AE-85FFC3B66888} - C:\Program Files (x86)\TNT2\Profiles\10743\passport64.dll No File

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

Chrome: 

=======

CHR Extension: (Norton Identity Protection) - C:\Users\Liang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-06-20]

CHR Extension: (Google Wallet) - C:\Users\Liang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-06-09]

CHR HKLM-x32\...\Chrome\Extension: [nkopijddpkmggacdghppacglggodkcod] - C:\Program Files (x86)\albrechto\nkopijddpkmggacdghppacglggodkcod.crx [2013-06-09]

 

==================== Services (Whitelisted) =================

 

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()

R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)

R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-10-19] (Symantec Corporation)

R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)

R2 qksvc; C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe [273000 2014-02-05] (Quiknowledge)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)

R2 TNSSVC; C:\Program Files\Toshiba\LANDriver\TNSSVC.exe [40944 2012-09-07] ()

R2 UpdateServiceTool; C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe [6656 2013-12-02] (VIS without Co)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)

R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-10] (Intel Corporation)

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-17] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-17] (Symantec Corporation)

R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130702.001\IDSvia64.sys [513184 2013-06-04] (Symantec Corporation)

R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.016\ENG64.SYS [126040 2013-06-04] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130702.016\EX64.SYS [2098776 2013-06-04] (Symantec Corporation)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)

R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)

R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)

R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)

R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-20] (Symantec Corporation)

R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)

R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-05 22:30 - 2014-03-05 22:31 - 00020557 _____ () C:\Users\Liang\Downloads\FRST.txt

2014-03-05 22:30 - 2014-03-05 22:30 - 02156544 _____ (Farbar) C:\Users\Liang\Downloads\FRST64.exe

2014-03-05 22:30 - 2014-03-05 22:30 - 00000000 ____D () C:\FRST

2014-03-05 22:29 - 2014-03-05 22:29 - 01145344 _____ (Farbar) C:\Users\Liang\Downloads\FRST (1).exe

2014-03-05 22:28 - 2014-03-05 22:28 - 01145344 _____ (Farbar) C:\Users\Liang\Downloads\FRST.exe

2014-03-05 22:25 - 2014-03-05 22:25 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-03-05 22:20 - 2014-03-05 22:20 - 01244192 _____ () C:\Users\Liang\Downloads\adwcleaner (1).exe

2014-03-05 21:29 - 2014-03-05 22:23 - 00000000 ____D () C:\AdwCleaner

2014-03-05 21:29 - 2014-03-05 21:29 - 01244192 _____ () C:\Users\Liang\Downloads\adwcleaner.exe

2014-03-05 21:26 - 2014-03-05 22:26 - 00000308 _____ () C:\windows\Tasks\Digital Sites.job

2014-03-05 21:26 - 2014-03-05 21:26 - 00002646 _____ () C:\windows\System32\Tasks\Digital Sites

2014-03-05 21:26 - 2014-03-05 21:26 - 00000000 ____D () C:\Users\Liang\AppData\Roaming\0D0S1L2Z1P1B

2014-03-05 21:26 - 2014-03-05 21:26 - 00000000 ____D () C:\Program Files\Quiknowledge

2014-03-05 21:26 - 2014-03-05 21:26 - 00000000 ____D () C:\Program Files (x86)\Quiknowledge

2014-03-05 21:25 - 2014-03-05 21:26 - 00667840 _____ ( ) C:\Users\Liang\Downloads\ZipExtractorSetup.exe

2014-03-05 20:43 - 2014-03-05 20:43 - 00002532 _____ () C:\Users\Liang\Desktop\RKreport[0]_S_03052014_204342.txt

2014-03-05 20:42 - 2014-03-05 20:43 - 00000000 ____D () C:\Users\Liang\Desktop\RK_Quarantine

2014-03-05 20:41 - 2014-03-05 20:41 - 03819008 _____ () C:\Users\Liang\Downloads\RogueKiller.exe

2014-03-05 20:32 - 2014-03-05 20:32 - 00022703 _____ () C:\Users\Liang\Desktop\dds.txt

2014-03-05 20:32 - 2014-03-05 20:32 - 00004007 _____ () C:\Users\Liang\Desktop\attach.txt

2014-03-05 20:31 - 2014-03-05 20:31 - 00688992 ____R (Swearware) C:\Users\Liang\Downloads\dds.scr

2014-03-05 20:02 - 2014-03-05 20:21 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft

2014-03-05 20:02 - 2014-03-05 20:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-03-05 19:58 - 2014-03-05 19:58 - 00001084 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-05 19:58 - 2014-03-05 19:58 - 00000000 ____D () C:\Users\Liang\AppData\Roaming\Malwarebytes

2014-03-05 19:58 - 2014-03-05 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-05 19:58 - 2014-03-05 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-05 19:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2014-03-05 19:57 - 2014-03-05 19:57 - 00000000 ____D () C:\Users\Liang\Downloads\Malwarebytes_AntiMalware_Free_TSV45X5L9

2014-03-05 19:57 - 2014-03-05 19:57 - 00000000 ____D () C:\Program Files (x86)\YTD Downloader

2014-03-05 19:57 - 2014-03-05 19:57 - 00000000 ____D () C:\Program Files (x86)\Bin

2014-03-02 12:30 - 2014-03-02 12:30 - 00015838 _____ () C:\Users\Liang\Downloads\hijackthis.log

2014-03-02 12:29 - 2014-03-02 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Liang\Downloads\HijackThis.exe

2014-03-02 11:04 - 2014-03-02 11:24 - 00000000 ____D () C:\Users\Liang\Desktop\portraits

2014-03-02 10:54 - 2014-03-02 11:05 - 00033280 ___SH () C:\Users\Liang\Desktop\Thumbs.db

2014-03-02 10:51 - 2014-03-02 10:51 - 00000000 ____D () C:\Users\Liang\Documents\Fax

2014-02-15 11:44 - 2013-12-04 17:43 - 00583680 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll

2014-02-15 11:44 - 2013-12-04 17:37 - 00451072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll

2014-02-12 18:53 - 2013-10-31 23:53 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

2014-02-12 18:52 - 2014-02-01 03:20 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-02-12 18:52 - 2014-02-01 03:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-02-12 18:52 - 2014-02-01 03:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-02-12 18:52 - 2014-02-01 03:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll

2014-02-12 18:52 - 2014-02-01 03:19 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-02-12 18:52 - 2014-02-01 03:18 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-02-12 18:52 - 2014-02-01 01:58 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-02-12 18:52 - 2014-02-01 01:58 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-02-12 18:52 - 2014-02-01 01:58 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-02-12 18:52 - 2014-02-01 01:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-02-12 18:52 - 2014-02-01 01:40 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-02-12 18:52 - 2014-02-01 01:34 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-02-12 18:52 - 2014-01-31 23:08 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll

2014-02-12 18:52 - 2013-12-08 18:45 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-02-12 18:52 - 2013-12-08 17:59 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-02-12 18:52 - 2013-12-04 17:43 - 01845248 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2014-02-12 18:52 - 2013-12-04 17:37 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

2014-02-12 18:52 - 2013-11-26 18:19 - 00385614 _____ () C:\windows\system32\ApnDatabase.xml

2014-02-12 18:52 - 2013-11-25 17:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys

2014-02-12 18:52 - 2013-11-19 18:15 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll

2014-02-12 18:51 - 2014-01-12 17:30 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2014-02-12 18:51 - 2014-01-12 17:30 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll

2014-02-12 18:51 - 2013-11-19 17:57 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll

2014-02-05 17:13 - 2014-02-05 17:13 - 00058256 _____ (Quiknowledge) C:\windows\system32\Drivers\qknfd.sys

 

==================== One Month Modified Files and Folders =======

 

2014-03-05 22:31 - 2014-03-05 22:30 - 00020557 _____ () C:\Users\Liang\Downloads\FRST.txt

2014-03-05 22:30 - 2014-03-05 22:30 - 02156544 _____ (Farbar) C:\Users\Liang\Downloads\FRST64.exe

2014-03-05 22:30 - 2014-03-05 22:30 - 00000000 ____D () C:\FRST

2014-03-05 22:30 - 2012-07-26 01:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI

2014-03-05 22:29 - 2014-03-05 22:29 - 01145344 _____ (Farbar) C:\Users\Liang\Downloads\FRST (1).exe

2014-03-05 22:28 - 2014-03-05 22:28 - 01145344 _____ (Farbar) C:\Users\Liang\Downloads\FRST.exe

2014-03-05 22:26 - 2014-03-05 21:26 - 00000308 _____ () C:\windows\Tasks\Digital Sites.job

2014-03-05 22:25 - 2014-03-05 22:25 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-03-05 22:25 - 2013-06-20 08:38 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-05 22:25 - 2012-12-15 00:40 - 00140082 _____ () C:\windows\PFRO.log

2014-03-05 22:25 - 2012-07-26 01:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-03-05 22:24 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\BBI

2014-03-05 22:23 - 2014-03-05 21:29 - 00000000 ____D () C:\AdwCleaner

2014-03-05 22:20 - 2014-03-05 22:20 - 01244192 _____ () C:\Users\Liang\Downloads\adwcleaner (1).exe

2014-03-05 22:08 - 2013-06-20 08:38 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-05 22:02 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\sru

2014-03-05 21:34 - 2013-06-04 17:22 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678481320-1899752745-4195401054-1001

2014-03-05 21:29 - 2014-03-05 21:29 - 01244192 _____ () C:\Users\Liang\Downloads\adwcleaner.exe

2014-03-05 21:26 - 2014-03-05 21:26 - 00002646 _____ () C:\windows\System32\Tasks\Digital Sites

2014-03-05 21:26 - 2014-03-05 21:26 - 00000000 ____D () C:\Users\Liang\AppData\Roaming\0D0S1L2Z1P1B

2014-03-05 21:26 - 2014-03-05 21:26 - 00000000 ____D () C:\Program Files\Quiknowledge

2014-03-05 21:26 - 2014-03-05 21:26 - 00000000 ____D () C:\Program Files (x86)\Quiknowledge

2014-03-05 21:26 - 2014-03-05 21:25 - 00667840 _____ ( ) C:\Users\Liang\Downloads\ZipExtractorSetup.exe

2014-03-05 21:25 - 2013-06-04 17:15 - 00000000 ___RD () C:\Users\Liang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-05 21:24 - 2013-09-28 18:22 - 00000000 ____D () C:\Program Files (x86)\ConsumerSoft

2014-03-05 20:43 - 2014-03-05 20:43 - 00002532 _____ () C:\Users\Liang\Desktop\RKreport[0]_S_03052014_204342.txt

2014-03-05 20:43 - 2014-03-05 20:42 - 00000000 ____D () C:\Users\Liang\Desktop\RK_Quarantine

2014-03-05 20:41 - 2014-03-05 20:41 - 03819008 _____ () C:\Users\Liang\Downloads\RogueKiller.exe

2014-03-05 20:32 - 2014-03-05 20:32 - 00022703 _____ () C:\Users\Liang\Desktop\dds.txt

2014-03-05 20:32 - 2014-03-05 20:32 - 00004007 _____ () C:\Users\Liang\Desktop\attach.txt

2014-03-05 20:31 - 2014-03-05 20:31 - 00688992 ____R (Swearware) C:\Users\Liang\Downloads\dds.scr

2014-03-05 20:23 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\ELAM

2014-03-05 20:21 - 2014-03-05 20:02 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft

2014-03-05 20:21 - 2013-06-20 08:17 - 00000000 ____D () C:\Users\Liang\AppData\Local\Playtopus

2014-03-05 20:20 - 2013-06-20 08:17 - 00000366 _____ () C:\windows\Tasks\Playtopus Updater.job

2014-03-05 20:10 - 2013-06-20 08:39 - 00002073 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-03-05 20:02 - 2014-03-05 20:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-03-05 20:02 - 2012-07-26 02:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy

2014-03-05 20:02 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy

2014-03-05 19:58 - 2014-03-05 19:58 - 00001084 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-05 19:58 - 2014-03-05 19:58 - 00000000 ____D () C:\Users\Liang\AppData\Roaming\Malwarebytes

2014-03-05 19:58 - 2014-03-05 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-05 19:58 - 2014-03-05 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-05 19:57 - 2014-03-05 19:57 - 00000000 ____D () C:\Users\Liang\Downloads\Malwarebytes_AntiMalware_Free_TSV45X5L9

2014-03-05 19:57 - 2014-03-05 19:57 - 00000000 ____D () C:\Program Files (x86)\YTD Downloader

2014-03-05 19:57 - 2014-03-05 19:57 - 00000000 ____D () C:\Program Files (x86)\Bin

2014-03-05 19:54 - 2013-06-04 17:13 - 01951932 _____ () C:\windows\WindowsUpdate.log

2014-03-03 08:22 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AUInstallAgent

2014-03-02 12:30 - 2014-03-02 12:30 - 00015838 _____ () C:\Users\Liang\Downloads\hijackthis.log

2014-03-02 12:29 - 2014-03-02 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Liang\Downloads\HijackThis.exe

2014-03-02 12:29 - 2013-06-04 17:14 - 00000000 ____D () C:\Users\Liang\AppData\Local\VirtualStore

2014-03-02 11:24 - 2014-03-02 11:04 - 00000000 ____D () C:\Users\Liang\Desktop\portraits

2014-03-02 11:05 - 2014-03-02 10:54 - 00033280 ___SH () C:\Users\Liang\Desktop\Thumbs.db

2014-03-02 10:51 - 2014-03-02 10:51 - 00000000 ____D () C:\Users\Liang\Documents\Fax

2014-03-02 10:41 - 2013-06-09 14:03 - 00000000 ____D () C:\Users\Liang\Desktop\English_Office_Professional_Plus_2010_W32_X17-75238

2014-03-02 10:34 - 2014-01-02 21:55 - 00000000 ____D () C:\Users\Liang\Desktop\2013

2014-02-18 19:02 - 2014-01-26 10:43 - 00000000 ____D () C:\Users\Liang\AppData\Roaming\.technic

2014-02-17 16:03 - 2012-07-26 02:14 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-02-17 16:03 - 2012-07-26 02:14 - 00078304 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-15 15:52 - 2014-01-26 10:44 - 02346186 _____ () C:\Users\Liang\Desktop\TechnicLauncher (1).exe

2014-02-15 12:08 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\rescache

2014-02-15 12:03 - 2013-06-20 08:38 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-15 12:03 - 2013-06-20 08:38 - 00003648 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-15 11:59 - 2013-09-15 08:31 - 00000000 ____D () C:\windows\system32\MRT

2014-02-15 11:58 - 2013-06-06 09:31 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-02-09 08:30 - 2013-06-20 08:19 - 00000000 ____D () C:\Users\Liang\AppData\Local\CrashDumps

2014-02-05 17:13 - 2014-02-05 17:13 - 00058256 _____ (Quiknowledge) C:\windows\system32\Drivers\qknfd.sys

 

Some content of TEMP:

====================

C:\Users\Liang\AppData\Local\Temp\9zlzopix.dll

C:\Users\Liang\AppData\Local\Temp\BackupSetup.exe

C:\Users\Liang\AppData\Local\Temp\DefaultAssets.exe

C:\Users\Liang\AppData\Local\Temp\DefaultOfflineContent.exe

C:\Users\Liang\AppData\Local\Temp\NLStubInstallerResources.dll

C:\Users\Liang\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Liang\AppData\Local\Temp\PCCU_Installer.exe

C:\Users\Liang\AppData\Local\Temp\Quarantine.exe

C:\Users\Liang\AppData\Local\Temp\tmp3BA3.exe

C:\Users\Liang\AppData\Local\Temp\vcredist_x64.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-01 13:20

 

==================== End Of Log ============================


 

 

 

 

 

 

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014 02

Ran by Liang at 2014-03-05 22:31:21

Running from C:\Users\Liang\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

 

==================== Installed Programs ======================

 

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden

Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)

albrechto (HKLM\...\albrechto) (Version: 2013.12.07.011955 - albrechto) <==== ATTENTION

Citrix Authentication Manager (x32 Version: 4.0.0.53726 - Citrix Systems, Inc.) Hidden

Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)

Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden

Citrix Receiver Updater (x32 Version: 3.4.0.29577 - Citrix Systems, Inc.) Hidden

Citrix Receiver(Aero) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver(DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver(USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)

Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)

Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden

Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)

Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden

Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)

Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)

Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)

Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)

Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Playtopus (HKCU\...\Playtopus) (Version:  - Playtopus)

Quiknowledge (HKLM-x32\...\Quiknowledge) (Version: 1.9.0.1 - Quiknowledge) <==== ATTENTION

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)

Re-markit (HKLM-x32\...\1904b2e4-5a3b-4bc7-ac8a-12558f9dac0b) (Version:  - Re-markit Software) <==== ATTENTION

RICOH Media Driver v2.23.17.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.23.17.01 - RICOH)

Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden

Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)

Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden

SoftwareWatcher bundle (HKLM-x32\...\SoftwareWatcher bundle) (Version: 2.0.0.3 - SoftwareWatcher)

SRS Premium Sound Control Panel (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.2 - Synaptics Incorporated)

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)

Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6417 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)

TOSHIBA Password Utility (HKLM\...\{320CA1B5-9CD5-4F75-9A25-137B1EDDEB5E}) (Version: 3.01.01.6403 - Toshiba Corporation)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)

TOSHIBA Service Station (HKLM\...\{B483D427-9702-4BE1-B171-756D0C3E230E}) (Version: 2.4.6 - TOSHIBA)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)

TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)

TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)

Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

YTD Downloader version 1.5 (x32 Version: 1.5 - BoozedProgrammer) Hidden

Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION

 

==================== Restore Points  =========================

 

13-02-2014 02:41:14 Windows Update

23-02-2014 19:09:17 Windows Update

06-03-2014 03:34:39 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

2012-07-25 23:26 - 2012-07-25 23:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2284D666-7F32-445C-B5B1-9E6C608BEB36} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2E744C0C-7744-4E6F-BB78-2CE6955C36D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20] (Google Inc.)

Task: {3F4C107E-2E81-495F-B92E-BA971BA02D7B} - System32\Tasks\TidyNetwork Update => C:\Users\Liang\AppData\Local\TidyNetwork\petnupdate.exe

Task: {49409619-D093-4855-BD27-D1EEF183E6F6} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)

Task: {4FAC4737-2507-431D-8743-2309D4D0F945} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-18] (Synaptics Incorporated)

Task: {55D76B15-A87C-46F4-8534-5C5E50F3AF70} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)

Task: {5B58294E-8BB7-4B04-B047-968705F9F5E4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)

Task: {5E87FE95-E42A-4E2A-80BB-EFAC86379AA5} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)

Task: {61FBE89E-BF12-42B4-9448-55C9A30C7637} - System32\Tasks\Digital Sites => C:\Users\Liang\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {804EC074-D7AA-4CD1-A91B-E7B80E5B3FEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20] (Google Inc.)

Task: {864FC914-0DAA-4796-8986-CC73217274C8} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {AFC2FA8F-E821-4651-B6E0-4D6A5EFD4714} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation)

Task: {B259715F-7E1A-4D2B-986B-D4F34C2239E7} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)

Task: {B7678135-3048-42B9-990C-29E147CECA16} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-10-19] (Symantec Corporation)

Task: {BA860ABA-BD11-4725-8DB3-136F62AD6C18} - System32\Tasks\Playtopus Updater => Rundll32.exe C:\Users\Liang\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Liang\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\Playtopus Updater.job => C:\Users\Liang\AppData\Local\PLAYTO~1\Updater.dll

 

==================== Loaded Modules (whitelisted) =============

 

2013-05-04 12:38 - 2012-09-07 11:02 - 00040944 _____ () C:\Program Files\Toshiba\LANDriver\TNSSVC.exe

2012-10-24 00:44 - 2012-10-24 00:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-10-31 16:15 - 2012-10-31 16:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

2012-07-18 19:38 - 2012-07-18 19:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll

2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF10.dll

2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnF11.dll

2012-08-13 20:13 - 2012-08-13 20:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll

2011-08-12 15:57 - 2011-08-12 15:57 - 00437632 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe

2012-07-25 14:44 - 2012-07-25 14:35 - 00129024 _____ () C:\windows\system32\WinMetadata\Windows.UI.winmd

2012-07-25 14:44 - 2012-07-25 14:35 - 00036864 _____ () C:\windows\system32\WinMetadata\Windows.Data.winmd

2012-07-25 14:44 - 2012-07-25 14:35 - 00022016 _____ () C:\windows\system32\WinMetadata\Windows.Foundation.winmd

2014-03-05 20:10 - 2014-03-01 20:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll

2014-03-05 20:10 - 2014-03-01 20:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll

2014-03-05 20:10 - 2014-03-01 20:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll

2014-03-05 20:10 - 2014-03-01 20:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll

2014-03-05 20:10 - 2014-03-01 20:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll

2014-03-05 20:10 - 2014-03-01 20:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll

2013-06-09 21:49 - 2012-05-30 00:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll

2013-05-04 12:29 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-03-05 20:10 - 2014-03-01 20:35 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/05/2014 10:25:40 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".

Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (03/05/2014 10:25:39 PM) (Source: Toshiba App Place) (User: )

Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.

Parameter name: dueTime

Stack Trace:

   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)

   at System.Timers.Timer.set_Enabled(Boolean value)

   at SnappCloud.ActivationReminder.AraClient.PostInit()

   at SnappCloud.ActivationReminder.Program.Main(String[] args)

 

Error: (03/05/2014 08:22:50 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".

Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (03/05/2014 08:22:49 PM) (Source: Toshiba App Place) (User: )

Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.

Parameter name: dueTime

Stack Trace:

   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)

   at System.Timers.Timer.set_Enabled(Boolean value)

   at SnappCloud.ActivationReminder.AraClient.PostInit()

   at SnappCloud.ActivationReminder.Program.Main(String[] args)

 

Error: (03/05/2014 08:07:25 PM) (Source: Application Error) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16798, time stamp: 0x52ec7da1

Faulting module name: dca-bho.dll, version: 1.7.1.8557, time stamp: 0x50af6c01

Exception code: 0xc000000d

Fault offset: 0x00073c6b

Faulting process id: 0x5c80

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

 

Error: (03/05/2014 08:07:10 PM) (Source: Application Error) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16798, time stamp: 0x52ec7da1

Faulting module name: dca-bho.dll, version: 1.7.1.8557, time stamp: 0x50af6c01

Exception code: 0xc000000d

Fault offset: 0x00073c6b

Faulting process id: 0x5688

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

 

Error: (03/05/2014 08:06:53 PM) (Source: Application Error) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16798, time stamp: 0x52ec7da1

Faulting module name: dca-bho.dll, version: 1.7.1.8557, time stamp: 0x50af6c01

Exception code: 0xc000000d

Fault offset: 0x00073c6b

Faulting process id: 0x41f0

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

 

Error: (03/05/2014 08:05:08 PM) (Source: Application Error) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16798, time stamp: 0x52ec7da1

Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950

Exception code: 0xe06d7363

Fault offset: 0x00014b32

Faulting process id: 0x10bc

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

 

Error: (03/03/2014 08:40:35 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80070005

 

Error: (03/03/2014 08:23:11 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80070005

 

 

System errors:

=============

Error: (03/05/2014 10:25:06 PM) (Source: BTHUSB) (User: )

Description: The local adapter does not support an important Low Energy controller state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.

 

Error: (03/05/2014 09:25:10 PM) (Source: Service Control Manager) (User: )

Description: The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (03/05/2014 08:21:27 PM) (Source: BTHUSB) (User: )

Description: The local adapter does not support an important Low Energy controller state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.

 

Error: (03/03/2014 10:29:06 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )

Description: 4

 

Error: (03/03/2014 08:29:45 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )

Description: 4

 

Error: (03/02/2014 02:37:40 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )

Description: 4

 

Error: (03/02/2014 11:34:16 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )

Description: 4

 

Error: (03/01/2014 10:00:05 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )

Description: 4

 

Error: (02/25/2014 07:40:35 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )

Description: 4

 

Error: (02/23/2014 03:24:00 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )

Description: 4

 

 

Microsoft Office Sessions:

=========================

Error: (03/05/2014 10:25:40 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

 

Error: (03/05/2014 10:25:39 PM) (Source: Toshiba App Place)(User: )

Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.

Parameter name: dueTime

Stack Trace:

   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)

   at System.Timers.Timer.set_Enabled(Boolean value)

   at SnappCloud.ActivationReminder.AraClient.PostInit()

   at SnappCloud.ActivationReminder.Program.Main(String[] args)

 

Error: (03/05/2014 08:22:50 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

 

Error: (03/05/2014 08:22:49 PM) (Source: Toshiba App Place)(User: )

Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.

Parameter name: dueTime

Stack Trace:

   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)

   at System.Timers.Timer.set_Enabled(Boolean value)

   at SnappCloud.ActivationReminder.AraClient.PostInit()

   at SnappCloud.ActivationReminder.Program.Main(String[] args)

 

Error: (03/05/2014 08:07:25 PM) (Source: Application Error)(User: )

Description: IEXPLORE.EXE10.0.9200.1679852ec7da1dca-bho.dll1.7.1.855750af6c01c000000d00073c6b5c8001cf38e0ca0fb42eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Consumer Input\dca-bho.dll0f5abc17-a4d4-11e3-be83-606c66a7c3c5

 

Error: (03/05/2014 08:07:10 PM) (Source: Application Error)(User: )

Description: IEXPLORE.EXE10.0.9200.1679852ec7da1dca-bho.dll1.7.1.855750af6c01c000000d00073c6b568801cf38e0c06a189eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Consumer Input\dca-bho.dll05e6a4fb-a4d4-11e3-be83-606c66a7c3c5

 

Error: (03/05/2014 08:06:53 PM) (Source: Application Error)(User: )

Description: IEXPLORE.EXE10.0.9200.1679852ec7da1dca-bho.dll1.7.1.855750af6c01c000000d00073c6b41f001cf38e081f8c157C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Consumer Input\dca-bho.dllfc397ec3-a4d3-11e3-be83-606c66a7c3c5

 

Error: (03/05/2014 08:05:08 PM) (Source: Application Error)(User: )

Description: IEXPLORE.EXE10.0.9200.1679852ec7da1KERNELBASE.dll6.2.9200.1645150988950e06d736300014b3210bc01cf38e030696743C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\KERNELBASE.dllbd503c83-a4d3-11e3-be83-606c66a7c3c5

 

Error: (03/03/2014 08:40:35 PM) (Source: Customer Experience Improvement Program)(User: )

Description: 80070005

 

Error: (03/03/2014 08:23:11 PM) (Source: Customer Experience Improvement Program)(User: )

Description: 80070005

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 28%

Total physical RAM: 6038.14 MB

Available physical RAM: 4331.67 MB

Total Pagefile: 13206.14 MB

Available Pagefile: 11444.95 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB

 

==================== Drives ================================

 

Drive c: (TI10659400C) (Fixed) (Total:101.94 GB) (Free:44.22 GB) NTFS

Drive d: () (Removable) (Total:3.79 GB) (Free:0.75 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 119 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

Please uninstall these from your add/remove programs if possible:
Quiknowledge
albrechto
Zip Extractor Packages
Re-markit



Then.......

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......


Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02

Ran by Liang at 2014-03-06 19:12:48 Run:1

Running from C:\Users\Liang\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM\...\Run: [] - [X]

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File

BHO-x32: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)

Toolbar: HKLM - FindWide Toolbar - {8AC9FAD5-675E-44B7-97AE-85FFC3B66888} - C:\Program Files (x86)\TNT2\Profiles\10743\passport64.dll No File

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe


SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...on.ashx?prefix={searchTerms}

SearchScopes: HKCU - {13667E52-D215-4D11-8775-B9240B4C668C} URL = 

SearchScopes: HKCU - {C8B1BE9D-78D2-47BD-A832-EBC7A990A7A8} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10743

SearchScopes: HKCU - {D45A0296-0EFE-4662-91B1-6DC3EF8A6B65} URL = http://search.findwide.com/serp?guid={8B370E20-45CA-46E9-A7A7-7841329E6241}&action=default_search&serpv=22&k={searchTerms}

SearchScopes: HKCU - {D9B4DF74-666C-402E-8536-812A0CC47D65} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130625,19890,0,25,0

BHO: TidyNetwork - {0E71DEDA-D774-316D-E375-03FD2E1CAD92} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File

BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)

CHR HKLM-x32\...\Chrome\Extension: [nkopijddpkmggacdghppacglggodkcod] - C:\Program Files (x86)\albrechto\nkopijddpkmggacdghppacglggodkcod.crx [2013-06-09]

R2 qksvc; C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe [273000 2014-02-05] (Quiknowledge)

R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge)

C:\ProgramData\boost_interprocess

C:\Program Files\Quiknowledge

C:\Program Files (x86)\Quiknowledge

C:\windows\system32\Drivers\qknfd.sys

C:\Program Files (x86)\TidyNetwork

C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678481320-1899752745-4195401054-1001

C:\Users\Liang\AppData\Roaming\0D0S1L2Z1P1B

C:\Program Files\Quiknowledge

C:\Program Files (x86)\Quiknowledge

C:\Users\Liang\Downloads\ZipExtractorSetup.exe

C:\windows\system32\Drivers\qknfd.sys

C:\Users\Liang\AppData\Local\Temp\9zlzopix.dll

C:\Users\Liang\AppData\Local\Temp\BackupSetup.exe

C:\Users\Liang\AppData\Local\Temp\DefaultAssets.exe

C:\Users\Liang\AppData\Local\Temp\DefaultOfflineContent.exe

C:\Users\Liang\AppData\Local\Temp\NLStubInstallerResources.dll

C:\Users\Liang\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Liang\AppData\Local\Temp\PCCU_Installer.exe

C:\Users\Liang\AppData\Local\Temp\Quarantine.exe

C:\Users\Liang\AppData\Local\Temp\tmp3BA3.exe

C:\Users\Liang\AppData\Local\Temp\vcredist_x64.exe

Task: {61FBE89E-BF12-42B4-9448-55C9A30C7637} - System32\Tasks\Digital Sites => C:\Users\Liang\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE 

Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Liang\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE 

Task: {3F4C107E-2E81-495F-B92E-BA971BA02D7B} - System32\Tasks\TidyNetwork Update => C:\Users\Liang\AppData\Local\TidyNetwork\petnupdate.exe

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

C:\windows\system32\GroupPolicy\Machine => Moved successfully.

C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} => Key not found.

HKCR\Wow6432Node\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8AC9FAD5-675E-44B7-97AE-85FFC3B66888} => Value deleted successfully.

HKCR\CLSID\{8AC9FAD5-675E-44B7-97AE-85FFC3B66888} => Key deleted successfully.

HKCR\PROTOCOLS\Filter\application/x-ica => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

"C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe" => File/Directory not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{13667E52-D215-4D11-8775-B9240B4C668C} => Key deleted successfully.

HKCR\CLSID\{13667E52-D215-4D11-8775-B9240B4C668C} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8B1BE9D-78D2-47BD-A832-EBC7A990A7A8} => Key deleted successfully.

HKCR\CLSID\{C8B1BE9D-78D2-47BD-A832-EBC7A990A7A8} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D45A0296-0EFE-4662-91B1-6DC3EF8A6B65} => Key deleted successfully.

HKCR\CLSID\{D45A0296-0EFE-4662-91B1-6DC3EF8A6B65} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D9B4DF74-666C-402E-8536-812A0CC47D65} => Key deleted successfully.

HKCR\CLSID\{D9B4DF74-666C-402E-8536-812A0CC47D65} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E71DEDA-D774-316D-E375-03FD2E1CAD92} => Key deleted successfully.

HKCR\CLSID\{0E71DEDA-D774-316D-E375-03FD2E1CAD92} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} => Key not found.

HKCR\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nkopijddpkmggacdghppacglggodkcod => Key deleted successfully.

"C:\Program Files (x86)\albrechto\nkopijddpkmggacdghppacglggodkcod.crx" => File/Directory not found.

qksvc => Service not found.

qknfd => Unable to stop service

qknfd => Service deleted successfully.

 

"C:\ProgramData\boost_interprocess" directory move:

 

C:\ProgramData\boost_interprocess\Nobu64AgentService => Moved successfully.

C:\ProgramData\boost_interprocess\Nobu64TrayIcon => Moved successfully.

"C:\ProgramData\boost_interprocess" => Directory moved successfully.

 

"C:\Program Files\Quiknowledge" => File/Directory not found.

"C:\Program Files (x86)\Quiknowledge" => File/Directory not found.

"C:\windows\system32\Drivers\qknfd.sys" => File/Directory not found.

"C:\Program Files (x86)\TidyNetwork" => File/Directory not found.

C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678481320-1899752745-4195401054-1001 => Moved successfully.

"C:\Users\Liang\AppData\Roaming\0D0S1L2Z1P1B" => File/Directory not found.

"C:\Program Files\Quiknowledge" => File/Directory not found.

"C:\Program Files (x86)\Quiknowledge" => File/Directory not found.

C:\Users\Liang\Downloads\ZipExtractorSetup.exe => Moved successfully.

"C:\windows\system32\Drivers\qknfd.sys" => File/Directory not found.

C:\Users\Liang\AppData\Local\Temp\9zlzopix.dll => Moved successfully.

C:\Users\Liang\AppData\Local\Temp\BackupSetup.exe => Moved successfully.

C:\Users\Liang\AppData\Local\Temp\DefaultAssets.exe => Moved successfully.

C:\Users\Liang\AppData\Local\Temp\DefaultOfflineContent.exe => Moved successfully.

C:\Users\Liang\AppData\Local\Temp\NLStubInstallerResources.dll => Moved successfully.

C:\Users\Liang\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

C:\Users\Liang\AppData\Local\Temp\PCCU_Installer.exe => Moved successfully.

C:\Users\Liang\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\Liang\AppData\Local\Temp\tmp3BA3.exe => Moved successfully.

C:\Users\Liang\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61FBE89E-BF12-42B4-9448-55C9A30C7637} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61FBE89E-BF12-42B4-9448-55C9A30C7637} => Key deleted successfully.

C:\Windows\System32\Tasks\Digital Sites => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Key deleted successfully.

C:\windows\Tasks\Digital Sites.job => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F4C107E-2E81-495F-B92E-BA971BA02D7B} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F4C107E-2E81-495F-B92E-BA971BA02D7B} => Key deleted successfully.

C:\Windows\System32\Tasks\TidyNetwork Update => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update => Key deleted successfully.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 


Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.07.01

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16798

Liang :: SPENONO [administrator]

 

Protection: Enabled

 

3/6/2014 7:18:58 PM

mbam-log-2014-03-06 (19-18-58).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 245324

Time elapsed: 3 minute(s), 18 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

You are the man, the malicious malware is gone now. Thanks a bunch.

Liang

 

 

 

Link to post
Share on other sites

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.