Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome requires continual manual reset of proxy settings


  • This topic is locked This topic is locked
21 replies to this topic

#1 rebecca

rebecca

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 15 June 2014 - 10:51 AM

Starting a new thread for a previous issue, because the problems in the title of my original thread are no longer ongoing - but I'll copy/paste my original post here as well, just for the sake of completeness:

 

Trying to help a young friend 'fix' her laptop. She knows it's old, but it's all she has, so I'd like to do the best I can. It's a second-hand computer for her, and I don't think she really knows what some of the programs are. She had installed a bunch of toolbars, which I've removed with Revo Uninstaller whenever I could find entries for them, and some trial programs that were supposed to speed up the computer. I have made a backup of her data, but as far as she's concerned, the computer can be wiped clean - there's nothing installed that she can't reinstall again if she needs to. I would be a very happy camper if she had an installation disc (Vista 64-bit, home premium), but she doesn't, so turning to you is my best option.

 

Both Firefox and Chrome started out with recurring problems with the proxy server refusing connections. I can go into settings and tell the programs NOT to use a proxy server, and this is mostly working now, particularly with FF (Chrome still resets itself to proxy every so often when I reopen the browser).

 

FF's homepage keeps resetting itself to mywebsearch.com (Chrome's used to, but one of my many attempted interventions apparently worked in that browser), and nothing I do has been able to change that. Even more annoying is the fact that out of the blue, I'll suddenly get 3-4 new tabs opening up (www.lpcloudbox30.com/), asking me to 'please install the new video player'. For each of those tabs, a corresponding tab opens with the message "Reported Web Forgery! This web page at www.lpmxp2012.com has been reported as a web forgery and has been blocked based on  your security preferences." This doesn't happen when I click on a link or anything, the tabs just open up as I'm scrolling down a page (cnn, bleeping computer - sites that I don't have any problems with when using my own computer).

 

This morning, I was finally able to download/install/run Spybot S&D on this laptop. It found more toolbars than I knew existed, and I elected to have it 'fix' the 54 problems it found. Spybot S&D ran again after a reboot, still showing 2 problems, but I didn't see where I could click to fix those.

 

Right now, the only one of the original problems seems to be that Google Chrome still keeps resetting itself to use a proxy server. This happens not only every time I restart Chrome, but even every time I open a new tab! Based on what I've found online, it sounds like this is likely a result of some kind of infection, so following is my current DDS log.

 

Thank you for any help!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16555
Run by Owner at 11:12:17 on 2014-06-15
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.3932.2118 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Owner\AppData\Roaming\ContentExplorer\ContentExplorer.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWaz4llGStJjpJsOkyWbEp1RKjieFpMPsrUsZImtFN5NmBxJh7ghwZXN8GMgvYaiJNAAHOXeitQZkRs_CvImyjCxKEItGUuLyRPU5Brbz8eBzsSbR3fuwlgFTNUlp926A,,&q={searchTerms}
uSearch Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWaz4llGStJjpJsOkyWbEp1RKjieFpMPsrUsZImtFN5NmBxJh7ghwZXN8GMgvYaiJNAAHOXeitQZkRs_CvImyjCxKEItGUuLyRPU5Brbz8eBzsSbR3fuwlgFTNUlp926A,,&q={searchTerms}
mStart Page = hxxp://www.toshiba.ca/welcome
mDefault_Page_URL = hxxp://www.toshiba.ca/welcome
uProxyServer = hxxp=127.0.0.1:50140;https=127.0.0.1:50140
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxWaz4llGStJjpJsOkyWbEp1RKjieFpMPsrUsZImtFN5NmBxJh7ghwZXN8GMgvYaiJNAAHOXeitQZkRs_CvImyjCxKEItGUuLyRPU5Brbz8eBzsSbR3fuwlgFTNUlp926A,,&q={searchTerms}
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Assistant BHO: {5848763c-2668-44ca-adbe-2999a6ee2858} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: dowunLOaditikeeeP: {AA043427-C331-E14A-A703-A66C22BD1094} -
BHO: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} -
TB: RadioRage: {78BA36C9-6036-482B-B48D-ECCA6F964B84} -
TB: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ContentExplorer] "C:\Users\Owner\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
mRun: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Plugin Install] "C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe"
mRun: [BISA.exe] "C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe" /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mRun: [fst_ca_88] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{C914EA9E-7AC7-4E17-BD9E-9C87A61CACEF} : DHCPNameServer = 192.168.0.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-mStart Page = hxxp://www.toshiba.ca/welcome
x64-mDefault_Page_URL = hxxp://www.toshiba.ca/welcome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: dowunLOaditikeeeP: {AA043427-C331-E14A-A703-A66C22BD1094} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
x64-Run: [TPCHWMsg] C:\Program Files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1    www.spywareinfo.com
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9k68cqug.default-1402826588608\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2010-10-20 12368]
R0 aswNdis2;avast! Firewall NDIS Driver;C:\Windows\System32\drivers\aswNdis2.sys [2014-3-12 328944]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-2 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-2 208416]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-6-26 504912]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-10-4 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-7-2 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2009-8-28 423240]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg [2014-4-10 36216]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-29 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-8-28 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-20 50344]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-6-26 20544]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-3-6 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-8-28 269648]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2013-3-23 517632]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-6-15 1153368]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [2011-2-22 689464]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-6-26 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]
R2 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-4-9 803696]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-3-23 14472]
R2 Unchecky;Unchecky;C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [2014-6-15 107624]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2009-8-28 22104]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-6-26 32832]
S2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2014-3-12 113704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RadioRage_4jService;RadioRageService;C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbarsvc.exe [2013-5-30 42504]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2008-10-9 5120]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-06-15 07:07:41    95414520    ----a-w-    C:\Windows\System32\mrt.exe
2014-06-14 12:28:58    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-14 12:28:58    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-29 22:29:28    64752    ----a-w-    C:\Windows\System32\drivers\aswrdr.sys
2014-05-29 22:29:28    423240    ----a-w-    C:\Windows\System32\drivers\aswsp.sys
2014-05-29 22:29:28    1039096    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-05-29 22:28:55    65264    ----a-w-    C:\Windows\System32\drivers\aswTdi.sys
2014-05-29 22:28:55    208416    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-05-29 22:28:54    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-29 22:28:54    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-05-29 22:28:54    334648    ----a-w-    C:\Windows\System32\aswBoot.exe
2014-05-29 22:28:54    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-05-29 22:28:52    43152    ----a-w-    C:\Windows\avastSS.scr
2014-05-28 18:53:05    17857536    ----a-w-    C:\Windows\System32\mshtml.dll
2014-05-28 18:37:06    2338816    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-28 18:35:43    10890240    ----a-w-    C:\Windows\System32\ieframe.dll
2014-05-28 18:31:53    1348608    ----a-w-    C:\Windows\System32\urlmon.dll
2014-05-28 18:31:31    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-28 18:30:24    1494016    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-28 18:30:06    237056    ----a-w-    C:\Windows\System32\url.dll
2014-05-28 18:29:57    86016    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-05-28 18:29:28    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-05-28 18:29:19    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2014-05-28 18:29:19    2148352    ----a-w-    C:\Windows\System32\iertutil.dll
2014-05-28 18:29:11    816640    ----a-w-    C:\Windows\System32\jscript.dll
2014-05-28 18:29:09    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-05-28 18:28:40    55296    ----a-w-    C:\Windows\System32\msfeedsbs.dll
2014-05-28 18:28:38    453120    ----a-w-    C:\Windows\System32\dxtmsft.dll
2014-05-28 18:28:34    282112    ----a-w-    C:\Windows\System32\dxtrans.dll
2014-05-28 18:28:30    11264    ----a-w-    C:\Windows\System32\msfeedssync.exe
2014-05-28 18:28:20    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-05-28 18:28:10    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-28 18:28:02    12800    ----a-w-    C:\Windows\System32\mshta.exe
2014-05-28 18:27:30    248320    ----a-w-    C:\Windows\System32\ieui.dll
2014-05-28 16:48:31    12356608    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-05-28 16:39:36    1810432    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-28 16:38:21    9711104    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-05-28 16:33:46    1106432    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-05-28 16:32:59    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-28 16:32:25    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-28 16:31:33    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2014-05-28 16:31:17    65536    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-05-28 16:30:53    421376    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-05-28 16:30:53    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-05-28 16:30:44    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2014-05-28 16:30:31    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-05-28 16:30:25    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-05-28 16:30:08    353792    ----a-w-    C:\Windows\SysWow64\dxtmsft.dll
2014-05-28 16:30:00    41472    ----a-w-    C:\Windows\SysWow64\msfeedsbs.dll
2014-05-28 16:29:58    223232    ----a-w-    C:\Windows\SysWow64\dxtrans.dll
2014-05-28 16:29:49    10752    ----a-w-    C:\Windows\SysWow64\msfeedssync.exe
2014-05-28 16:29:44    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-05-28 16:29:31    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-28 16:29:27    11776    ----a-w-    C:\Windows\SysWow64\mshta.exe
2014-05-28 16:28:35    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-05-16 07:53:18    341848    ----a-w-    C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2014-04-26 18:21:07    622592    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-26 16:01:22    502784    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-04-05 09:10:28    1422784    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-04-01 02:46:48    130712    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46:48    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-31 13:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-25 16:30:37    12900864    ----a-w-    C:\Windows\System32\shell32.dll
2014-03-25 13:26:04    11587584    ----a-w-    C:\Windows\SysWow64\shell32.dll
.
============= FINISH: 11:12:51.29 ===============
 


Edited by rebecca, 15 June 2014 - 10:52 AM.


BC AdBot (Login to Remove)

 


#2 rebecca

rebecca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 15 June 2014 - 01:49 PM

In case it's of any relevance, the two items that Spybot S&D is unable to fix are:

 

Delta.Toolbar

(SBI $ACF354C8) Program directory

C:\ProgramData\BrowserProtect\

and

Win32.BitGuard

(SBI $93F166B5) Program directory

C:\ProgramData\BitGuard\



#3 rebecca

rebecca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 19 June 2014 - 07:16 AM

The two entries Spybot S&D had been unable to clean were taken care of by Adwcleaner. But the Google Chrome proxy problem persists, so I'm still hoping for help here. BTW, the same connection problem shows up using Chrome portable, which I just tried installing out of curiosity.

Thank you!


Edited by rebecca, 19 June 2014 - 07:26 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 19 June 2014 - 08:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Wait for further instructions.

#5 rebecca

rebecca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 24 June 2014 - 07:17 AM

Thank you, nasdaq!

FRST.txt is pasted below. Can't figure out how to attach the other file, so I'll work on that after posting this.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Owner (administrator) on OWNER-PC on 24-06-2014 08:05:03
Running from C:\Users\Owner\Desktop\farbar
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(Radialpoint Inc.) C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
( ) C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Bell) C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ContentExplorer) C:\Users\Owner\AppData\Roaming\ContentExplorer\ContentExplorer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1451520 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [420176 2009-09-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3890208 2014-06-14] (AVAST Software)
HKLM-x32\...\Run: [BISA.exe] => C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe [4318520 2011-01-06] (Bell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1794356833-3312726103-881339829-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-1794356833-3312726103-881339829-1000\...\Run: [ContentExplorer] => C:\Users\Owner\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2421488 2014-06-24] (ContentExplorer)
HKU\S-1-5-21-1794356833-3312726103-881339829-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-1794356833-3312726103-881339829-1000\...\MountPoints2: {4b52e940-8789-11e0-8661-00235a0ddd3d} - G:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49311;https=127.0.0.1:49311
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - No File
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9k68cqug.default-1402826588608
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 - C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Virus Total Scan Url - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9k68cqug.default-1402826588608\Extensions\jid0-Zrdows144DsXKaBqst5UOMrBKq0@jetpack.xpi [2014-06-19]
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2014-01-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-07-02]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Bell Internet Service Advisor) - C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U39) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-09]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-09]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-09]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-09]
CHR Extension: (Beautify for Trello) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmoihbfiilgkkgcogbblhhanjjaocil [2014-06-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-05-29] (AVAST Software)
S2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [113704 2014-03-12] (AVAST Software)
R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2009-03-06] (TOSHIBA CORPORATION) [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1449984 2008-10-16] (Intel® Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [269648 2009-09-10] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-06-12] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-06-12] (Alcatel-Lucent) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [826368 2008-10-16] (Intel® Corporation) [File not signed]
R2 RSELSVC; C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [55808 2009-02-19] (TOSHIBA Corporation) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ServicepointService; C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [689464 2011-01-06] (Radialpoint Inc.)
R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [251392 2009-04-14] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [84480 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [107624 2014-06-15] (RaMMicHaeL)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-29] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-03-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-29] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2010-09-07] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [328944 2014-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-05-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-29] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-05-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-29] ()
R0 LPCFilter; C:\Windows\SysWOW64\DRIVERS\LPCFilter.sys [32040 2008-05-07] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22104 2009-09-10] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S4 BHDrvx64; \??\C:\Windows\system32\drivers\NISx64\1005000.087\BHDrvx64.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-24 08:04 - 2014-06-24 08:05 - 00000000 ____D () C:\Users\Owner\Desktop\farbar
2014-06-24 07:59 - 2014-06-24 08:05 - 00000000 ____D () C:\FRST
2014-06-24 07:58 - 2014-06-24 07:58 - 02082816 _____ (Farbar) C:\Users\Owner\Downloads\FRST64(1).exe
2014-06-24 07:57 - 2014-06-24 07:57 - 00415744 _____ (Farbar) C:\Users\Owner\Downloads\FSS.exe
2014-06-19 07:42 - 2014-06-19 07:42 - 00451752 ____R () C:\Windows\system32\Drivers\etc\hosts.20140619-074256.backup
2014-06-19 07:25 - 2014-06-19 07:27 - 00000000 ____D () C:\AdwCleaner
2014-06-19 06:38 - 2014-06-19 06:38 - 00001886 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-19 06:38 - 2014-06-19 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-19 06:38 - 2014-06-19 06:38 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-15 14:54 - 2014-06-15 14:54 - 00511782 _____ () C:\Users\Owner\Downloads\Autoruns.zip
2014-06-15 11:10 - 2014-06-24 08:00 - 00000000 ____D () C:\Users\Owner\Desktop\junk
2014-06-15 09:01 - 2014-06-15 09:03 - 00000526 _____ () C:\Windows\wininit.ini
2014-06-15 08:33 - 2014-06-15 08:12 - 00001864 _____ () C:\Windows\system32\Drivers\etc\hosts.20140615-083314.backup
2014-06-15 08:16 - 2014-06-15 08:30 - 00001068 _____ () C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
2014-06-15 08:16 - 2014-06-15 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-06-15 08:15 - 2014-06-19 07:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-15 08:15 - 2014-06-15 08:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-15 08:02 - 2014-06-15 08:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DivX
2014-06-15 08:01 - 2014-06-15 08:23 - 00000829 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2014-06-15 08:01 - 2014-06-15 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-06-15 08:01 - 2014-06-15 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-06-15 08:01 - 2014-06-15 08:01 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-06-15 06:29 - 2014-06-15 06:29 - 04917366 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe.part
2014-06-15 06:29 - 2014-06-15 06:29 - 00001727 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-15 06:29 - 2014-06-15 06:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-15 06:22 - 2014-06-15 06:22 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-06-14 10:22 - 2014-06-14 10:22 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-06-14 08:11 - 2014-06-14 08:12 - 00016169 _____ () C:\Users\Owner\Downloads\hijackthis.log
2014-06-14 06:47 - 2014-04-26 14:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-14 06:47 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-14 06:46 - 2014-04-05 05:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-14 06:46 - 2014-03-10 02:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-14 06:46 - 2014-03-10 02:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-14 06:46 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-14 06:46 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-14 06:45 - 2014-05-28 14:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-14 06:45 - 2014-05-28 14:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-14 06:45 - 2014-05-28 14:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-14 06:45 - 2014-05-28 14:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-14 06:45 - 2014-05-28 14:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-14 06:45 - 2014-05-28 14:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-14 06:45 - 2014-05-28 14:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-14 06:45 - 2014-05-28 14:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-14 06:45 - 2014-05-28 14:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-14 06:45 - 2014-05-28 14:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-14 06:45 - 2014-05-28 14:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-14 06:45 - 2014-05-28 14:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-14 06:45 - 2014-05-28 14:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-14 06:45 - 2014-05-28 14:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-14 06:45 - 2014-05-28 14:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-14 06:45 - 2014-05-28 14:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-14 06:45 - 2014-05-28 12:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-14 06:45 - 2014-05-28 12:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-14 06:45 - 2014-05-28 12:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-14 06:45 - 2014-05-28 12:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-14 06:45 - 2014-05-28 12:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-14 06:45 - 2014-05-28 12:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-14 06:45 - 2014-05-28 12:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-14 06:45 - 2014-05-28 12:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-14 06:45 - 2014-05-28 12:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-14 06:45 - 2014-05-28 12:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-14 06:45 - 2014-05-28 12:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-14 06:45 - 2014-05-28 12:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-14 06:45 - 2014-05-28 12:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-14 06:45 - 2014-05-28 12:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-14 06:45 - 2014-05-28 12:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-14 06:45 - 2014-05-28 12:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-14 06:44 - 2014-05-28 14:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-14 06:44 - 2014-05-28 14:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-14 06:44 - 2014-05-28 14:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-14 06:44 - 2014-05-28 14:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-14 06:44 - 2014-05-28 14:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-14 06:44 - 2014-05-28 12:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-14 06:44 - 2014-05-28 12:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-14 06:44 - 2014-05-28 12:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-14 06:44 - 2014-05-28 12:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-14 06:44 - 2014-05-28 12:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-14 06:42 - 2014-06-14 06:42 - 00000423 _____ () C:\Users\Owner\Desktop\Downloads - Shortcut.lnk
2014-06-14 06:40 - 2014-06-14 06:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2014-06-14 06:39 - 2014-06-14 06:39 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-06-14 06:39 - 2014-06-14 06:39 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-06-14 06:14 - 2014-06-19 08:23 - 00000829 _____ () C:\Windows\setupact.log
2014-06-14 06:14 - 2014-06-14 06:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-14 06:09 - 2014-06-19 07:32 - 00002926 _____ () C:\Windows\PFRO.log
2014-05-29 22:27 - 2014-06-24 07:54 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-29 22:27 - 2014-05-29 22:27 - 00000781 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-29 22:27 - 2014-05-29 22:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-29 18:28 - 2014-05-29 18:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-29 18:28 - 2014-05-29 18:28 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-29 18:06 - 2014-06-15 14:57 - 00001070 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2014-05-29 18:06 - 2014-05-29 18:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

==================== One Month Modified Files and Folders =======

2014-06-24 08:05 - 2014-06-24 08:04 - 00000000 ____D () C:\Users\Owner\Desktop\farbar
2014-06-24 08:05 - 2014-06-24 07:59 - 00000000 ____D () C:\FRST
2014-06-24 08:04 - 2009-06-26 04:37 - 01270524 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 08:00 - 2014-06-15 11:10 - 00000000 ____D () C:\Users\Owner\Desktop\junk
2014-06-24 07:58 - 2014-06-24 07:58 - 02082816 _____ (Farbar) C:\Users\Owner\Downloads\FRST64(1).exe
2014-06-24 07:57 - 2014-06-24 07:57 - 00415744 _____ (Farbar) C:\Users\Owner\Downloads\FSS.exe
2014-06-24 07:54 - 2014-05-29 22:27 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-24 07:54 - 2013-03-06 14:21 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 07:54 - 2013-03-06 14:21 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 07:54 - 2013-03-06 14:21 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 07:54 - 2013-03-06 14:21 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 07:54 - 2012-12-28 11:25 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-24 07:54 - 2012-12-28 11:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-24 07:54 - 2009-11-08 01:08 - 00002896 _____ () C:\Windows\System32\Tasks\{9F4B6890-7DFA-44D5-9474-92A3510D3D8F}
2014-06-24 07:54 - 2009-09-07 14:49 - 00003250 _____ () C:\Windows\System32\Tasks\Driver Robot
2014-06-24 07:54 - 2009-09-07 14:49 - 00000466 _____ () C:\Windows\Tasks\Driver Robot.job
2014-06-24 07:50 - 2014-04-23 17:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ContentExplorer
2014-06-24 07:47 - 2012-10-04 13:05 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-24 07:45 - 2011-07-09 14:19 - 00004648 _____ () C:\Windows\system32\spsys.log
2014-06-24 07:45 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 07:45 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 07:45 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 08:27 - 2006-11-02 11:42 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-19 08:25 - 2006-11-02 08:46 - 00815820 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-19 08:23 - 2014-06-14 06:14 - 00000829 _____ () C:\Windows\setupact.log
2014-06-19 07:42 - 2014-06-19 07:42 - 00451752 ____R () C:\Windows\system32\Drivers\etc\hosts.20140619-074256.backup
2014-06-19 07:41 - 2014-06-15 08:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-19 07:36 - 2006-11-02 11:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-19 07:33 - 2006-11-02 08:34 - 00451752 ____R () C:\Windows\system32\Drivers\etc\hosts.20140619-074218.backup
2014-06-19 07:32 - 2014-06-14 06:09 - 00002926 _____ () C:\Windows\PFRO.log
2014-06-19 07:27 - 2014-06-19 07:25 - 00000000 ____D () C:\AdwCleaner
2014-06-19 06:44 - 2014-01-13 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 06:38 - 2014-06-19 06:38 - 00001886 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-19 06:38 - 2014-06-19 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-19 06:38 - 2014-06-19 06:38 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-19 06:38 - 2010-09-10 18:25 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-15 14:57 - 2014-05-29 18:06 - 00001070 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2014-06-15 14:54 - 2014-06-15 14:54 - 00511782 _____ () C:\Users\Owner\Downloads\Autoruns.zip
2014-06-15 09:03 - 2014-06-15 09:01 - 00000526 _____ () C:\Windows\wininit.ini
2014-06-15 08:30 - 2014-06-15 08:16 - 00001068 _____ () C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
2014-06-15 08:29 - 2014-06-15 08:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-15 08:23 - 2014-06-15 08:01 - 00000829 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2014-06-15 08:16 - 2014-06-15 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-06-15 08:12 - 2014-06-15 08:33 - 00001864 _____ () C:\Windows\system32\Drivers\etc\hosts.20140615-083314.backup
2014-06-15 08:02 - 2014-06-15 08:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DivX
2014-06-15 08:02 - 2014-06-15 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-06-15 08:02 - 2011-07-09 17:04 - 00000000 ____D () C:\Program Files\DivX
2014-06-15 08:02 - 2011-07-09 17:03 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-06-15 08:02 - 2011-07-09 17:02 - 00000000 ____D () C:\ProgramData\DivX
2014-06-15 08:01 - 2014-06-15 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-06-15 08:01 - 2014-06-15 08:01 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-06-15 06:29 - 2014-06-15 06:29 - 04917366 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe.part
2014-06-15 06:29 - 2014-06-15 06:29 - 00001727 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-15 06:29 - 2014-06-15 06:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-15 06:29 - 2009-07-29 21:32 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-15 06:22 - 2014-06-15 06:22 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-06-15 03:27 - 2009-08-06 16:20 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-15 03:11 - 2013-08-16 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-15 03:07 - 2009-06-26 05:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-15 03:07 - 2006-11-02 08:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-14 10:22 - 2014-06-14 10:22 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-06-14 08:51 - 2009-08-06 16:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-14 08:51 - 2009-08-06 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-14 08:28 - 2012-12-28 11:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-14 08:28 - 2011-11-13 21:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-14 08:12 - 2014-06-14 08:11 - 00016169 _____ () C:\Users\Owner\Downloads\hijackthis.log
2014-06-14 07:29 - 2014-05-21 22:22 - 00000000 ____D () C:\ProgramData\dowunLOaditikeeeP
2014-06-14 06:42 - 2014-06-14 06:42 - 00000423 _____ () C:\Users\Owner\Desktop\Downloads - Shortcut.lnk
2014-06-14 06:40 - 2014-06-14 06:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2014-06-14 06:39 - 2014-06-14 06:39 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-06-14 06:39 - 2014-06-14 06:39 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-06-14 06:39 - 2011-06-18 11:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-14 06:31 - 2014-05-21 22:22 - 00000000 ____D () C:\ProgramData\bd826aa52adc8a6a
2014-06-14 06:14 - 2014-06-14 06:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 22:34 - 2009-07-29 21:15 - 00000000 ____D () C:\Users\Owner\Tracing
2014-05-29 22:33 - 2009-09-13 18:26 - 00000000 ____D () C:\Windows\Minidump
2014-05-29 22:33 - 2009-05-08 19:30 - 00000000 ____D () C:\Windows\Panther
2014-05-29 22:27 - 2014-05-29 22:27 - 00000781 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-29 22:27 - 2014-05-29 22:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-29 21:31 - 2010-09-10 18:25 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-29 21:30 - 2006-11-02 11:21 - 00339008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-29 18:29 - 2011-07-02 09:59 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-29 18:29 - 2009-08-28 17:34 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-29 18:29 - 2009-08-28 17:34 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-05-29 18:28 - 2014-05-29 18:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-29 18:28 - 2014-05-29 18:28 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-29 18:28 - 2013-04-02 01:35 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-29 18:28 - 2013-04-02 01:35 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-29 18:28 - 2011-01-23 17:03 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-29 18:28 - 2009-08-28 17:34 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-29 18:28 - 2009-08-28 17:34 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-05-29 18:15 - 2012-12-18 14:45 - 00000000 ____D () C:\Program Files\McAfee
2014-05-29 18:15 - 2009-05-08 04:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-29 18:06 - 2014-05-29 18:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-29 17:55 - 2009-07-29 03:08 - 00087608 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-28 14:53 - 2014-06-14 06:45 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 14:37 - 2014-06-14 06:45 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 14:35 - 2014-06-14 06:44 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 14:31 - 2014-06-14 06:45 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 14:31 - 2014-06-14 06:45 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 14:30 - 2014-06-14 06:44 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 14:30 - 2014-06-14 06:44 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 14:29 - 2014-06-14 06:45 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 14:29 - 2014-06-14 06:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 14:29 - 2014-06-14 06:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 14:29 - 2014-06-14 06:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 14:29 - 2014-06-14 06:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 14:29 - 2014-06-14 06:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 14:28 - 2014-06-14 06:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 14:28 - 2014-06-14 06:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 14:28 - 2014-06-14 06:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 14:28 - 2014-06-14 06:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 14:28 - 2014-06-14 06:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 14:28 - 2014-06-14 06:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 14:28 - 2014-06-14 06:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 14:27 - 2014-06-14 06:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 12:48 - 2014-06-14 06:45 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-28 12:39 - 2014-06-14 06:45 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-28 12:38 - 2014-06-14 06:44 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-28 12:33 - 2014-06-14 06:45 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-28 12:32 - 2014-06-14 06:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-28 12:32 - 2014-06-14 06:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-28 12:31 - 2014-06-14 06:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-28 12:31 - 2014-06-14 06:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-28 12:30 - 2014-06-14 06:45 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-28 12:30 - 2014-06-14 06:45 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-28 12:30 - 2014-06-14 06:45 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-28 12:30 - 2014-06-14 06:45 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-28 12:30 - 2014-06-14 06:45 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-28 12:30 - 2014-06-14 06:45 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-28 12:30 - 2014-06-14 06:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-28 12:29 - 2014-06-14 06:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-28 12:29 - 2014-06-14 06:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-28 12:29 - 2014-06-14 06:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-28 12:29 - 2014-06-14 06:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-28 12:29 - 2014-06-14 06:44 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-28 12:28 - 2014-06-14 06:45 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

Files to move or delete:
====================
C:\Users\Owner\xobglu16.dll
C:\Users\Owner\xobglu32.dll


Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\DivXSetup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-24 08:00

==================== End Of Log ============================

#6 rebecca

rebecca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 24 June 2014 - 07:21 AM

OK, attached is the Addition.txt

Thanks again!

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 24 June 2014 - 08:39 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1794356833-3312726103-881339829-1000\...\Run: [ContentExplorer] => C:\Users\Owner\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2421488 2014-06-24] (ContentExplorer)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - No File
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U39) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [107624 2014-06-15] (RaMMicHaeL)
S4 BHDrvx64; \??\C:\Windows\system32\drivers\NISx64\1005000.087\BHDrvx64.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(ContentExplorer) C:\Users\Owner\AppData\Roaming\ContentExplorer\ContentExplorer.exe
C:\Users\Owner\AppData\Local\Temp\DivXSetup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Task: {0105BBAA-3777-400B-8DF0-91B24856B4A9} - \LaunchApp No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

If this computer is connected through a Router the router may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html

Keep me posted.

#8 rebecca

rebecca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 24 June 2014 - 09:17 AM

I hvan't done anything with/to the router, becuase the other 4 computers that use it in this house aren't having any problems. This laptop belongs to a friend, and it came to me "infected". If you think there's a real concern about
my router having picked up an otherwise-undetectable infection from this laptop, then I will go ahead and follow the steps you described above. But if it's okay with you, I'd rather see if the laptop's problem can be fixed by itself first. Incidentally, google chrome still gives me the "Unable to connect to the proxy server" popup.

Fixlog.txt follows:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Owner at 2014-06-24 10:04:43 Run:1
Running from C:\Users\Owner\Desktop\farbar
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1794356833-3312726103-881339829-1000\...\Run: [ContentExplorer] => C:\Users\Owner\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2421488 2014-06-24] (ContentExplorer)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - No File
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U39) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [107624 2014-06-15] (RaMMicHaeL)
S4 BHDrvx64; \??\C:\Windows\system32\drivers\NISx64\1005000.087\BHDrvx64.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(ContentExplorer) C:\Users\Owner\AppData\Roaming\ContentExplorer\ContentExplorer.exe
C:\Users\Owner\AppData\Local\Temp\DivXSetup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Task: {0105BBAA-3777-400B-8DF0-91B24856B4A9} - \LaunchApp No Task File <==== ATTENTION

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1794356833-3312726103-881339829-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ContentExplorer => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
'HKCR\PROTOCOLS\Handler\symres' => Key deleted successfully.
'HKCR\CLSID\{AA1061FE-6C41-421f-9344-69640C9732AB}' => Key deleted successfully.
'HKCR\Wow6432Node\PROTOCOLS\Handler\symres'=> Key not found.
'HKCR\Wow6432Node\CLSID\{AA1061FE-6C41-421f-9344-69640C9732AB}' => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
Unchecky => Service stopped successfully.
Unchecky => Service deleted successfully.
BHDrvx64 => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe => No running process found
C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe => No running process found
[5568] C:\Users\Owner\AppData\Roaming\ContentExplorer\ContentExplorer.exe => Process closed successfully.
C:\Users\Owner\AppData\Local\Temp\DivXSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0105BBAA-3777-400B-8DF0-91B24856B4A9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0105BBAA-3777-400B-8DF0-91B24856B4A9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp' => Key deleted successfully.

==== End of Fixlog ====

Edited by rebecca, 24 June 2014 - 09:19 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 24 June 2014 - 01:04 PM

I think Chrome uses the Internet Explorer proxy setting.

You might find something like this in IE. Uncheck the proxy server.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:5577 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

#10 rebecca

rebecca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 24 June 2014 - 02:11 PM

THANK YOU, nasdaq! Unchecking the proxy server in IE seems to have done the trick - Chrome is working properly again, even after rebooting the computer. You're awesome! Case closed!

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 25 June 2014 - 07:09 AM


One last check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 01 July 2014 - 08:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 01 July 2014 - 10:29 AM

This topic has been re-opened at the request of the person who originally posted.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 07 July 2014 - 06:53 AM

Are you still with me?

#15 rebecca

rebecca
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 08 July 2014 - 07:28 AM

Yes, nasdaq, I'm still here! The computer was just brought back to me last night, and I was hoping to follow your final instructions above and post the log here this morning, but for some reason, I am unable to access the forums from any browser on either the laptop in question OR either of my own two home laptops. I can open the thread at work, so it's obviously not a glitch at the bleepingcomputer.com end, but I'm not sure how to deal with the problem at home.

In any case, I'll print out your instructions and take them home wtih me tonight, run Security Check, and save the resulting .txt file to a flash drive, to post from work tomorrow. I tried sending you private messages through your profile/link here, and both of those got Failure-Daemon notices, too...

Thank you for your patience, and I will post back tomorrow!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users