Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not remove PUP.Optional Spigot. Also PUP.Optional.Outbrowse


  • This topic is locked This topic is locked
8 replies to this topic

#1 spodekmodek

spodekmodek

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 07 August 2014 - 03:37 PM

Hi Folks-

Been trying to eradicate PUP.Optional.Spigot virus. Now the Outbrowse has shown up.

Have tried to use Malawarebytes, Kaspersky Rootkit killer, AdWdleaner. Gets rid of it but shows up almost immediately. 

Seems to be in this location-

 

 PUP.Optional.Spigot.A, C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "https://search.yahoo.com/?type=994519&fr=spigot-yhp-ch",), Replaced,[267b049c215a3006d998c51aa4607a86]

 

______________________________________  

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.17028  BrowserJavaVersion: 10.65.2
Run by Ericsun at 16:14:01 on 2014-08-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1494 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdfviewerplus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [PDFHook] c:\program files\nuance\pdfviewerplus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdfviewerplus\RegistryController.exe
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonQuickMenu] c:\program files\canon\quick menu\CNQMMAIN.EXE /logon
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdfviewerplus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{47802951-2400-4785-8BD1-5637D005E9EC} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ericsun\appdata\roaming\mozilla\firefox\profiles\9149vt5d.steve frank\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\my image garden\addon\cig\npmigfpi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\winamp detect\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-26 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-26 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-26 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-26 369584]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2012-3-15 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-26 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-26 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-26 46808]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-3-15 47640]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-8-6 273960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-1-22 88576]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-1-22 184192]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-6-22 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-22 1343400]
.
=============== Created Last 30 ================
.
2014-08-07 19:47:27 -------- d-----w- c:\users\ericsun\dwhelper
2014-08-06 01:20:57 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{adad1f7b-60d1-4d62-847e-b08d2389f69d}\mpengine.dll
2014-08-05 23:11:58 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-05 23:11:44 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-05 23:11:44 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-05 23:11:43 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-05 23:11:43 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-22 18:28:18 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-22 18:26:49 -------- d-----w- C:\AdwCleaner
2014-07-17 13:40:49 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-12 21:33:18 -------- d-----w- c:\users\ericsun\appdata\roaming\IrfanView
2014-07-12 21:33:18 -------- d-----w- c:\program files\IrfanView
2014-07-11 22:03:38 -------- d-----w- c:\program files\uTorrent
2014-07-11 21:04:30 -------- d-----w- c:\users\ericsun\appdata\roaming\uTorrent
2014-07-09 13:50:51 -------- d-----w- c:\users\ericsun\.swt
2014-07-09 13:49:51 -------- d-----w- c:\users\ericsun\appdata\roaming\Azureus
2014-07-09 08:20:02 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-07-09 08:20:02 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-09 08:20:02 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-07-09 08:20:01 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
.
==================== Find3M  ====================
.
2014-08-07 19:19:52 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-07 19:19:51 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-07 21:33:01 103832 ----a-w- c:\users\ericsun\GoToAssistDownloadHelper.exe
2014-06-19 00:53:52 1766400 ----a-w- c:\windows\system32\wininet.dll
2014-06-19 00:52:46 2863616 ----a-w- c:\windows\system32\jscript9.dll
2014-06-19 00:52:42 61440 ----a-w- c:\windows\system32\iesetup.dll
2014-06-19 00:52:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-06-19 00:52:19 1440768 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-19 00:30:35 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:34:26 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 16:14:44.46 ===============
 
 

 



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 12 August 2014 - 03:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543666 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:35 AM

Posted 13 August 2014 - 12:54 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#4 spodekmodek

spodekmodek
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 13 August 2014 - 04:20 PM

Can't thank you enough Nasdaq

The PUP Spigot bug has temporarily disappeared but will probably be back. 
However this is a Java script which keeps showing up as malware in Mozilla.

 

AdWcleaner shows :  File : C:\Users\Ericsun\AppData\Roaming\Mozilla\Firefox\Profiles\9149vt5d.steve frank\prefs.js ]

 

Thanks very much!

 

________________ 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by Ericsun (administrator) on STEVEFRANK on 13-08-2014 17:06:39
Running from C:\Users\Ericsun\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Dropbox, Inc.) C:\Users\Ericsun\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-1531440668-513292944-2101247418-1002\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ericsun\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ericsun\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ericsun\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ericsun\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ericsun\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ericsun\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ericsun\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ericsun\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDAC4E4814DB6CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Ericsun\AppData\Roaming\Mozilla\Firefox\Profiles\9149vt5d.steve frank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin: @qq.com/TXSSO -> C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Ericsun\AppData\Roaming\Mozilla\Firefox\Profiles\9149vt5d.steve frank\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-26]
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Crackle) - C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2013-11-07]
CHR Extension: (Google Wallet) - C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Users\Ken\AppData\Local\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx [2013-08-23]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 NBService; C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe [792112 2007-04-13] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-13] (Malwarebytes Corporation)
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 17:05 - 2014-08-13 17:06 - 00032698 _____ () C:\Users\Ericsun\Desktop\Addition.txt
2014-08-13 17:04 - 2014-08-13 17:06 - 00014859 _____ () C:\Users\Ericsun\Desktop\FRST.txt
2014-08-13 17:04 - 2014-08-13 17:06 - 00000000 ____D () C:\FRST
2014-08-13 17:02 - 2014-08-13 17:03 - 01092096 _____ (Farbar) C:\Users\Ericsun\Desktop\FRST.exe
2014-08-12 22:36 - 2014-08-12 22:36 - 00001653 _____ () C:\Users\Ericsun\Desktop\AdwCleaner[R7].txt
2014-08-09 15:11 - 2014-08-09 15:16 - 43598854 _____ () C:\Users\Ericsun\Desktop\aznursride.flv
2014-08-07 20:26 - 2014-08-07 20:26 - 00000000 ____D () C:\Users\Ericsun\AppData\Local\Adobe
2014-08-07 16:38 - 2014-08-07 16:38 - 00080997 _____ () C:\Users\Ericsun\Desktop\Can not remove PUP.Optional Spigot. Also PUP.Optional.Outbrowse - Virus, Trojan, Spyware, and Malware Removal Logs.htm
2014-08-07 15:47 - 2014-08-07 15:47 - 00000000 ____D () C:\Users\Ericsun\dwhelper
2014-08-07 15:35 - 2014-08-07 15:35 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-07 15:35 - 2014-08-07 15:35 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-07 15:35 - 2014-08-07 15:35 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-06 11:20 - 2014-08-06 11:20 - 00002546 _____ () C:\Users\Ericsun\Desktop\Japanese Femdom Tube Search (1116 videos), page 28.lnk
2014-08-05 19:11 - 2014-08-13 10:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 19:11 - 2014-08-05 19:11 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-05 19:11 - 2014-08-05 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-05 19:11 - 2014-08-05 19:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 19:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-05 19:11 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-05 19:11 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-04 11:03 - 2014-08-04 11:03 - 00025936 _____ () C:\Users\Ericsun\Desktop\Corporate Gifts, Client Gifts, Employee Incentives   SELECT.htm
2014-08-03 09:44 - 2014-08-03 09:44 - 00059501 _____ () C:\Users\Ericsun\Desktop\Who’s Right and Wrong in the Middle East  - NYTimes.com.htm
2014-07-30 22:07 - 2014-07-30 22:07 - 00012875 _____ () C:\Users\Ericsun\Desktop\NEWLY RENOVATED $2000 Studio and Alcove Apartments.htm
2014-07-28 22:55 - 2014-07-28 22:55 - 00045717 _____ () C:\Users\Ericsun\Desktop\Four Types of Progressive Lenses (No-Line Bifocals).htm
2014-07-26 16:24 - 2014-07-26 19:00 - 00000000 ____D () C:\Users\Ericsun\Desktop\Keith Tokyo 100th
2014-07-25 12:57 - 2014-07-28 19:25 - 00000000 ____D () C:\Users\Ericsun\Desktop\irfan
2014-07-22 14:32 - 2014-08-08 20:10 - 00000000 ____D () C:\Users\Ericsun\Desktop\Virus ware
2014-07-22 14:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-22 14:26 - 2014-08-12 22:36 - 00000000 ____D () C:\AdwCleaner
2014-07-20 15:40 - 2014-07-24 21:54 - 00000000 ____D () C:\Users\Ericsun\Desktop\T shirts
2014-07-17 09:41 - 2014-07-17 09:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-17 09:40 - 2014-07-17 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 09:40 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-17 09:40 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-17 09:40 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-17 09:40 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-17 09:29 - 2014-07-21 15:53 - 00000000 ____D () C:\Users\Ericsun\Desktop\Real Estate Vids
2014-07-16 12:58 - 2014-07-16 12:58 - 00002522 _____ () C:\Users\Ericsun\Desktop\Act! Premium (Web) - Log on.lnk
2014-07-15 12:48 - 2014-08-12 11:14 - 00000000 ____D () C:\Users\Ericsun\Desktop\michael
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2020-10-10 09:35 - 2014-07-10 22:37 - 255723338 _____ () C:\Users\Ericsun\Copy of D_V_0003.ASF
2014-08-13 17:06 - 2014-08-13 17:05 - 00032698 _____ () C:\Users\Ericsun\Desktop\Addition.txt
2014-08-13 17:06 - 2014-08-13 17:04 - 00014859 _____ () C:\Users\Ericsun\Desktop\FRST.txt
2014-08-13 17:06 - 2014-08-13 17:04 - 00000000 ____D () C:\FRST
2014-08-13 17:03 - 2014-08-13 17:02 - 01092096 _____ (Farbar) C:\Users\Ericsun\Desktop\FRST.exe
2014-08-13 16:31 - 2012-03-15 12:28 - 01966568 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 16:22 - 2012-12-12 11:55 - 00000390 _____ () C:\Windows\Tasks\WpsNotifyTask_Ken.job
2014-08-13 16:12 - 2012-12-12 11:55 - 00000390 _____ () C:\Windows\Tasks\WpsUpdateTask_Ken.job
2014-08-13 16:10 - 2012-05-23 14:47 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 10:43 - 2014-08-05 19:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 07:10 - 2012-05-23 14:47 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 22:45 - 2009-07-14 00:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 22:45 - 2009-07-14 00:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 22:38 - 2013-11-13 10:58 - 00000000 ___RD () C:\Users\Ericsun\Dropbox
2014-08-12 22:38 - 2013-11-13 10:55 - 00000000 ____D () C:\Users\Ericsun\AppData\Roaming\Dropbox
2014-08-12 22:38 - 2012-03-15 14:36 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-12 22:38 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 22:38 - 2009-07-14 00:39 - 00046396 _____ () C:\Windows\setupact.log
2014-08-12 22:37 - 2012-03-15 13:07 - 00110302 _____ () C:\Windows\PFRO.log
2014-08-12 22:36 - 2014-08-12 22:36 - 00001653 _____ () C:\Users\Ericsun\Desktop\AdwCleaner[R7].txt
2014-08-12 22:36 - 2014-07-22 14:26 - 00000000 ____D () C:\AdwCleaner
2014-08-12 11:14 - 2014-07-15 12:48 - 00000000 ____D () C:\Users\Ericsun\Desktop\michael
2014-08-10 19:40 - 2013-06-12 22:45 - 00000000 ____D () C:\Users\Ericsun\AppData\Roaming\vlc
2014-08-10 19:39 - 2013-10-18 21:53 - 00000000 ____D () C:\Users\Ericsun\Desktop\new folder
2014-08-09 15:16 - 2014-08-09 15:11 - 43598854 _____ () C:\Users\Ericsun\Desktop\aznursride.flv
2014-08-09 14:22 - 2013-11-13 10:56 - 00000000 ____D () C:\Users\Ericsun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-08 20:10 - 2014-07-22 14:32 - 00000000 ____D () C:\Users\Ericsun\Desktop\Virus ware
2014-08-08 19:45 - 2013-06-13 18:25 - 00000000 ____D () C:\Users\Ericsun\Desktop\Douglas Elliman Network System_files
2014-08-07 20:26 - 2014-08-07 20:26 - 00000000 ____D () C:\Users\Ericsun\AppData\Local\Adobe
2014-08-07 19:57 - 2013-07-04 13:31 - 00000000 ____D () C:\Users\Ericsun\AppData\Roaming\dvdcss
2014-08-07 16:38 - 2014-08-07 16:38 - 00080997 _____ () C:\Users\Ericsun\Desktop\Can not remove PUP.Optional Spigot. Also PUP.Optional.Outbrowse - Virus, Trojan, Spyware, and Malware Removal Logs.htm
2014-08-07 15:47 - 2014-08-07 15:47 - 00000000 ____D () C:\Users\Ericsun\dwhelper
2014-08-07 15:47 - 2013-06-06 15:52 - 00000000 ____D () C:\Users\Ericsun
2014-08-07 15:35 - 2014-08-07 15:35 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-07 15:35 - 2014-08-07 15:35 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-07 15:35 - 2014-08-07 15:35 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-07 15:35 - 2014-07-03 18:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-07 15:19 - 2012-05-23 14:47 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-07 15:19 - 2012-03-15 12:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-07 15:00 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Speech
2014-08-06 11:20 - 2014-08-06 11:20 - 00002546 _____ () C:\Users\Ericsun\Desktop\Japanese Femdom Tube Search (1116 videos), page 28.lnk
2014-08-05 19:11 - 2014-08-05 19:11 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-05 19:11 - 2014-08-05 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-05 19:11 - 2014-08-05 19:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 13:36 - 2013-10-21 20:33 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-05 09:19 - 2013-07-26 18:18 - 00000000 ____D () C:\Users\Ericsun\Desktop\DVD Fabbed
2014-08-04 11:03 - 2014-08-04 11:03 - 00025936 _____ () C:\Users\Ericsun\Desktop\Corporate Gifts, Client Gifts, Employee Incentives   SELECT.htm
2014-08-03 09:44 - 2014-08-03 09:44 - 00059501 _____ () C:\Users\Ericsun\Desktop\Who’s Right and Wrong in the Middle East  - NYTimes.com.htm
2014-07-31 23:43 - 2012-06-21 16:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 22:51 - 2013-09-30 22:27 - 00000000 ____D () C:\Users\Ericsun\Desktop\Maron
2014-07-30 22:07 - 2014-07-30 22:07 - 00012875 _____ () C:\Users\Ericsun\Desktop\NEWLY RENOVATED $2000 Studio and Alcove Apartments.htm
2014-07-28 22:55 - 2014-07-28 22:55 - 00045717 _____ () C:\Users\Ericsun\Desktop\Four Types of Progressive Lenses (No-Line Bifocals).htm
2014-07-28 19:25 - 2014-07-25 12:57 - 00000000 ____D () C:\Users\Ericsun\Desktop\irfan
2014-07-26 19:00 - 2014-07-26 16:24 - 00000000 ____D () C:\Users\Ericsun\Desktop\Keith Tokyo 100th
2014-07-25 03:01 - 2012-06-21 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 21:54 - 2014-07-20 15:40 - 00000000 ____D () C:\Users\Ericsun\Desktop\T shirts
2014-07-24 21:54 - 2013-06-18 11:49 - 00000000 ____D () C:\Users\Ericsun\Desktop\Miscellaneous Anything
2014-07-22 14:25 - 2014-07-11 17:04 - 00000000 ____D () C:\Users\Ericsun\AppData\Roaming\uTorrent
2014-07-21 15:53 - 2014-07-17 09:29 - 00000000 ____D () C:\Users\Ericsun\Desktop\Real Estate Vids
2014-07-20 14:47 - 2013-06-17 22:38 - 00000000 ____D () C:\Users\Ericsun\Movies to Burn
2014-07-17 09:41 - 2014-07-17 09:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-17 09:40 - 2014-07-17 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 09:40 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Java
2014-07-16 12:58 - 2014-07-16 12:58 - 00002522 _____ () C:\Users\Ericsun\Desktop\Act! Premium (Web) - Log on.lnk
2014-07-15 14:02 - 2014-07-12 11:54 - 00000000 ____D () C:\Users\Ericsun\Desktop\globe
 
Some content of TEMP:
====================
C:\Users\Ericsun\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0zvzlb.dll
C:\Users\Ericsun\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 00:39
 
==================== End Of Log ============================

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:35 AM

Posted 14 August 2014 - 08:17 AM

AdWcleaner shows : File : C:\Users\Ericsun\AppData\Roaming\Mozilla\Firefox\Profiles\9149vt5d.steve frank\prefs.js

This is normal all users have a prefs.js file that Firefox uses.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin: @qq.com/TXSSO -> C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Clean the Java Cache. Tutorial here.
http://www.java.com/en/download/help/plugin_cache.xml
<<<>>>

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

#6 spodekmodek

spodekmodek
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 14 August 2014 - 09:32 PM

Thanks Nasdaq
The JS script was listed when I ran ADwcleaner so I figured it was "unnatural".
 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by Ericsun at 2014-08-14 21:52:28 Run:1
Running from C:\Users\Ericsun\Desktop\Virus ware\Frst
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin: @qq.com/TXSSO -> C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
 
 
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
FF Plugin: @microsoft.com/GENUINE -> disabled No File not found.
"HKLM\Software\MozillaPlugins\@qq.com/npqscall" => Key deleted successfully.
C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll not found.
"HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx" => Key deleted successfully.
C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll not found.
"HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic" => Key deleted successfully.
C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll not found.
"HKLM\Software\MozillaPlugins\@qq.com/TXSSO" => Key deleted successfully.
C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll not found.
C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll not found.
C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll not found.
c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll not found.
LMIInfo => Service deleted successfully.
RimUsb => Service deleted successfully.
 
==== End of Fixlog ====
 
 
===
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by Ericsun at 2014-08-14 21:52:28 Run:1
Running from C:\Users\Ericsun\Desktop\Virus ware\Frst
Boot Mode: Normal
 
==============================================
Security Check
 
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin: @qq.com/TXSSO -> C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
 
 
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
FF Plugin: @microsoft.com/GENUINE -> disabled No File not found.
"HKLM\Software\MozillaPlugins\@qq.com/npqscall" => Key deleted successfully.
C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll not found.
"HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx" => Key deleted successfully.
C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll not found.
"HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic" => Key deleted successfully.
C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll not found.
"HKLM\Software\MozillaPlugins\@qq.com/TXSSO" => Key deleted successfully.
C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll not found.
C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll not found.
C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll not found.
c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll not found.
LMIInfo => Service deleted successfully.
RimUsb => Service deleted successfully.
 
==== End of Fixlog ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:35 AM

Posted 15 August 2014 - 07:42 AM

Run the Security Check tool and post the log for my review.

 

How is the computer running now?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:35 AM

Posted 21 August 2014 - 08:14 AM

If all is well.
 
To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe.
===


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:35 AM

Posted 27 August 2014 - 10:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users