Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe I have been HIJACKED ..I want to post my HJT log


  • This topic is locked This topic is locked
8 replies to this topic

#1 carmen.koshman

carmen.koshman

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 19 July 2015 - 10:07 AM

A couple days ago I started having problems with my internet and my IE not going where I wanted it too.

Also my computer could be being monitored ....I would like to find that out as well. I have attached my HJT log. can you please have a lokk at it and let me knoiw. Thank you very much

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:16 AM

Posted 20 July 2015 - 09:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

p.s.
HijackThis is no longer supported.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 PM

Posted 20 July 2015 - 09:19 AM

EDIT: Nasdaq was first


Edited by TB-Psychotic, 20 July 2015 - 09:19 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 carmen.koshman

carmen.koshman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 20 July 2015 - 10:12 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Toshiba (administrator) on TOSHIBA-PC on 20-07-2015 22:00:14
Running from C:\Users\Toshiba\Desktop
Loaded Profiles: Toshiba (Available Profiles: Toshiba)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\System32\GFNEXSrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_209_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVAST Software) C:\Users\Toshiba\Desktop\aswmbr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-07-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-05-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-05-23] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [dx5044D108.dat]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2015-05-26]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-265031417-2782916168-3745025912-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-265031417-2782916168-3745025912-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-265031417-2782916168-3745025912-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKU\S-1-5-21-265031417-2782916168-3745025912-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\.DEFAULT -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-265031417-2782916168-3745025912-1000 -> {A6CB72B5-80DE-4683-828E-D56CAECDB833} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-02-24] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} ->  No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-06] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-265031417-2782916168-3745025912-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-265031417-2782916168-3745025912-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-265031417-2782916168-3745025912-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 61.19.248.150 203.155.33.1 192.168.1.1
Tcpip\..\Interfaces\{3C3C2E44-CD6E-4D3E-A719-9CF04F065454}: [DhcpNameServer] 10.0.0.1 61.19.248.150 203.155.33.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-10-16] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-10-16] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-22] (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-265031417-2782916168-3745025912-1000: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
FF user.js: detected! => C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\user.js [2014-11-12]
FF Extension: Ads Removal - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\Extensions\adsremoval@adsremoval.net [2014-01-11]
FF Extension: No Name - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\extensions\ascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\extensions\iobitascsurfingprotection@iobit.com [not found]

Chrome:
=======
CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-24]
CHR Extension: (Google Docs) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-08]
CHR Extension: (Google Drive) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-17]
CHR Extension: (YouTube) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-17]
CHR Extension: (Google Search) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-17]
CHR Extension: (Google Sheets) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-24]
CHR Extension: (Skype Click to Call) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-08]
CHR Extension: (Google Wallet) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-17]
CHR HKLM-x32\...\Chrome\Extension: [ldfhiidahikppjbljabpabcajjncelfj] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-23] (Nero AG)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-12] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Bfilter; C:\windows\System32\drivers\Bfilter.sys [46912 2013-07-15] (Baidu, Inc.)
R1 Bfmon; C:\windows\System32\drivers\Bfmon.sys [32064 2013-07-15] (Baidu, Inc.)
R1 Bprotect; C:\windows\System32\drivers\Bprotect.sys [100960 2013-08-16] (Baidu, Inc.)
S3 BprotectEx; No ImagePath
S3 catchme; No ImagePath
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-24] (REALiX™)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-20] (Malwarebytes Corporation)
S3 PCFApiUtil; No ImagePath
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3709656 2015-07-18] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-12-12] (Synaptics Incorporated)
U3 aswMBR; \??\C:\Users\Toshiba\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Toshiba\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 22:00 - 2015-07-20 22:01 - 00019084 _____ C:\Users\Toshiba\Desktop\FRST.txt
2015-07-20 21:57 - 2015-07-20 21:57 - 00000577 _____ C:\Users\Toshiba\Desktop\aswMBR.txt
2015-07-20 21:53 - 2015-07-20 22:00 - 00000000 ___DC C:\FRST
2015-07-20 21:52 - 2015-07-20 21:53 - 02134528 _____ (Farbar) C:\Users\Toshiba\Desktop\FRST64.exe
2015-07-20 21:36 - 2015-07-20 21:38 - 05200384 _____ (AVAST Software) C:\Users\Toshiba\Desktop\aswmbr.exe
2015-07-20 02:11 - 2015-07-20 02:11 - 00003136 _____ C:\windows\System32\Tasks\{35BE1A0A-06E0-4345-B7D0-9BE02BBD386B}
2015-07-20 01:49 - 2015-07-20 01:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Toshiba\Desktop\HijackThis.exe
2015-07-20 01:48 - 2015-07-20 01:50 - 00201030 _____ C:\Users\Toshiba\Desktop\lspfix.zip
2015-07-20 01:38 - 2015-07-20 13:04 - 00000168 _____ C:\windows\setupact.log
2015-07-20 01:38 - 2015-07-20 01:38 - 00000000 _____ C:\windows\setuperr.log
2015-07-19 23:47 - 2015-07-20 01:50 - 00000000 ____D C:\Users\Toshiba\Desktop\backups
2015-07-19 23:27 - 2015-07-20 01:36 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-19 22:02 - 2015-07-19 23:38 - 00010555 _____ C:\Users\Toshiba\Desktop\hijackthis.log
2015-07-19 21:20 - 2015-07-20 21:21 - 00051750 _____ C:\windows\WindowsUpdate.log
2015-07-19 17:52 - 2015-07-19 17:52 - 04496600 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2015-07-19 17:52 - 2015-07-19 17:52 - 03234520 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2015-07-19 17:52 - 2015-07-19 17:52 - 03195416 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
2015-07-19 17:52 - 2015-07-19 17:52 - 02930904 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll
2015-07-19 17:52 - 2015-07-19 17:52 - 02862488 _____ C:\windows\system32\Drivers\RTAIODAT.DAT
2015-07-19 17:52 - 2015-07-19 17:52 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2015-07-19 17:52 - 2015-07-19 17:52 - 01748184 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
2015-07-19 17:52 - 2015-07-19 17:52 - 01576976 _____ (Conexant Systems Inc.) C:\windows\system32\CX64APO.dll
2015-07-19 17:52 - 2015-07-19 17:52 - 00166616 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 13028864 _____ (Intel Corporation) C:\windows\system32\ig4icd64.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 11245520 _____ (Intel Corporation) C:\windows\SysWOW64\igd10umd32.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 11117808 _____ (Intel Corporation) C:\windows\SysWOW64\igdumd32.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 10811392 _____ (Intel Corporation) C:\windows\SysWOW64\ig4icd32.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 05906536 _____ (Intel Corporation) C:\windows\system32\GfxUI.exe
2015-07-19 17:40 - 2015-07-19 17:40 - 05375448 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2015-07-19 17:40 - 2015-07-19 17:40 - 00513640 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.exe
2015-07-19 17:40 - 2015-07-19 17:40 - 00444008 _____ (Intel Corporation) C:\windows\system32\igfxpers.exe
2015-07-19 17:40 - 2015-07-19 17:40 - 00442880 _____ (Intel Corporation) C:\windows\system32\igfxdev.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00440320 _____ (Intel Corporation) C:\windows\system32\igfxrell.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00439808 _____ (Intel Corporation) C:\windows\system32\igfxrfra.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00439808 _____ (Intel Corporation) C:\windows\system32\igfxresn.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00439296 _____ (Intel Corporation) C:\windows\system32\igfxrrus.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00439296 _____ (Intel Corporation) C:\windows\system32\igfxrrom.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrsky.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrptg.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrplk.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrnld.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrita.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrhrv.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrdeu.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrhun.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrfin.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrcsy.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrtrk.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrsve.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrslv.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrptb.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrnor.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00437248 _____ (Intel Corporation) C:\windows\system32\igfxrtha.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00437248 _____ (Intel Corporation) C:\windows\system32\igfxrdan.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00435712 _____ (Intel Corporation) C:\windows\system32\igfxrheb.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00435712 _____ (Intel Corporation) C:\windows\system32\igfxrara.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00432128 _____ (Intel Corporation) C:\windows\system32\igfxrjpn.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00431104 _____ (Intel Corporation) C:\windows\system32\igfxrkor.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00429056 _____ (Intel Corporation) C:\windows\system32\igfxrcht.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00428544 _____ (Intel Corporation) C:\windows\system32\igfxrchs.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00410112 _____ (Intel Corporation) C:\windows\system32\igfxTMM.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00401512 _____ (Intel Corporation) C:\windows\system32\hkcmd.exe
2015-07-19 17:40 - 2015-07-19 17:40 - 00384512 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00330752 _____ (Intel Corporation) C:\windows\SysWOW64\igfxdv32.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00286208 _____ (Intel Corporation) C:\windows\system32\igfxrenu.lrc
2015-07-19 17:40 - 2015-07-19 17:40 - 00280680 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2015-07-19 17:40 - 2015-07-19 17:40 - 00256616 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2015-07-19 17:40 - 2015-07-19 17:40 - 00187496 _____ (Intel Corporation) C:\windows\system32\difx64.exe
2015-07-19 17:40 - 2015-07-19 17:40 - 00175104 _____ (Intel Corporation) C:\windows\system32\gfxSrvc.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00173672 _____ (Intel Corporation) C:\windows\system32\igfxtray.exe
2015-07-19 17:40 - 2015-07-19 17:40 - 00142336 _____ (Intel Corporation) C:\windows\system32\igfxdo.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00126976 _____ (Intel Corporation) C:\windows\system32\igfxcpl.cpl
2015-07-19 17:40 - 2015-07-19 17:40 - 00116224 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4229.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00101376 _____ C:\windows\system32\igdde64.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00081408 _____ C:\windows\SysWOW64\igdde32.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00031984 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00025088 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2015-07-19 17:40 - 2015-07-19 17:40 - 00017082 _____ C:\windows\system32\iglhxs64.vp
2015-07-19 17:40 - 2015-07-19 17:40 - 00009728 _____ ( ) C:\windows\system32\IGFXDEVLib.dll
2015-07-19 14:50 - 2015-07-19 15:06 - 00000847 _____ C:\Users\Toshiba\Desktop\Stinger_19072015_145038.html
2015-07-19 14:42 - 2015-07-19 14:42 - 00024056 _____ C:\Users\Toshiba\Desktop\Test Placement.dotx
2015-07-19 12:09 - 2015-07-20 21:34 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-19 12:09 - 2015-07-19 12:09 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-19 12:09 - 2015-07-19 12:09 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-19 12:09 - 2015-07-19 12:09 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-18 18:47 - 2015-07-18 18:51 - 00415707 _____ C:\Users\Toshiba\Desktop\Fix IE.zip
2015-07-18 16:47 - 2015-07-19 12:51 - 00000000 ____D C:\windows\Minidump
2015-07-18 15:05 - 2015-07-18 15:05 - 03709656 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\rtwlane.sys
2015-07-18 10:11 - 2015-07-18 10:11 - 00001420 _____ C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-07-16 12:23 - 2015-07-16 12:23 - 00039445 _____ C:\Users\Toshiba\Desktop\Harry Potter Word Search for Kids - 22 words to find with a Harry Potter theme.htm
2015-07-16 12:23 - 2015-07-16 12:23 - 00000000 ____D C:\Users\Toshiba\Desktop\Harry Potter Word Search for Kids - 22 words to find with a Harry Potter theme_files
2015-07-15 01:44 - 2015-07-15 01:44 - 00005499 _____ C:\Users\Toshiba\Desktop\h-BILL-COSBY-960x540.jpeg
2015-07-14 22:00 - 2015-07-14 22:00 - 02270870 _____ C:\Users\Toshiba\Desktop\Free Email Templates - 99designs.zip
2015-07-13 22:08 - 2015-07-13 22:09 - 00008704 _____ C:\Users\Toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-04 19:49 - 2015-07-04 20:01 - 00000000 ____D C:\ProgramData\Auslogics
2015-06-24 19:56 - 2015-06-24 19:56 - 00000000 ___DC C:\IObit
2015-06-24 01:26 - 2015-06-24 01:26 - 02918104 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2015-06-24 01:26 - 2015-06-24 01:26 - 01316056 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2015-06-22 13:59 - 2015-06-22 13:59 - 00007584 _____ C:\Users\Toshiba\Desktop\LIST OF CONJUNCTIONS.htm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 21:18 - 2013-07-18 01:04 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-20 13:12 - 2009-07-14 11:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 13:12 - 2009-07-14 11:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 13:05 - 2015-02-24 11:01 - 00002882 _____ C:\windows\System32\Tasks\Driver Booster SkipUAC (Toshiba)
2015-07-20 13:04 - 2013-07-18 01:04 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 13:04 - 2009-07-14 12:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-20 12:44 - 2013-09-02 23:21 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Skype
2015-07-20 01:38 - 2013-07-17 04:54 - 00000000 ____D C:\Users\Toshiba
2015-07-20 01:37 - 2014-05-26 10:58 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\ProductData
2015-07-20 01:37 - 2013-11-27 16:01 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\IObit
2015-07-20 01:37 - 2009-07-14 12:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-07-20 01:37 - 2009-07-14 10:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-07-20 01:36 - 2014-05-04 14:05 - 00000000 ___DC C:\Qoobox
2015-07-20 01:36 - 2013-11-27 16:01 - 00000000 ____D C:\ProgramData\ProductData
2015-07-20 01:35 - 2009-07-14 10:20 - 00000000 ____D C:\windows\registration
2015-07-20 01:33 - 2013-07-17 05:48 - 00000000 ___RD C:\MSOCache
2015-07-19 21:23 - 2011-02-19 06:48 - 00000000 ____D C:\windows\Panther
2015-07-19 20:38 - 2014-11-12 06:47 - 00002912 _____ C:\windows\System32\Tasks\Uninstaller_SkipUac_Toshiba
2015-07-19 17:53 - 2015-02-24 11:01 - 00002117 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-07-19 17:52 - 2013-07-17 18:19 - 00000000 ____D C:\windows\SysWOW64\RTCOM
2015-07-19 17:40 - 2015-04-27 08:34 - 12694808 _____ (Intel Corporation) C:\windows\system32\igdumd64.dll
2015-07-19 17:40 - 2011-04-05 09:54 - 12937864 _____ (Intel Corporation) C:\windows\system32\igd10umd64.dll
2015-07-19 17:40 - 2011-04-05 09:29 - 00110592 _____ (Intel Corporation) C:\windows\system32\hccutils.dll
2015-07-19 17:40 - 2011-04-05 09:29 - 00064000 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.dll
2015-07-19 17:40 - 2011-04-05 09:28 - 09007616 _____ (Intel Corporation) C:\windows\system32\igfxress.dll
2015-07-19 15:07 - 2014-07-24 14:27 - 00000114 ___RH C:\Users\Toshiba\Desktop\Stinger.opt
2015-07-19 15:07 - 2014-01-12 01:25 - 00000000 ____D C:\Program Files\stinger
2015-07-19 12:07 - 2014-08-19 11:10 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Adobe
2015-07-18 19:11 - 2009-07-14 10:20 - 00000000 ____D C:\windows\system32\NDF
2015-07-18 16:55 - 2009-07-14 12:13 - 00799572 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-18 03:07 - 2013-07-18 01:01 - 00000000 ____D C:\Users\Toshiba\AppData\Local\CrashDumps
2015-07-17 22:26 - 2013-07-17 05:21 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Google
2015-07-17 14:08 - 2015-05-17 08:54 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-17 14:08 - 2014-01-20 10:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 08:13 - 2013-07-18 01:04 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 08:13 - 2013-07-18 01:04 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-08 07:57 - 2013-10-09 05:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-08 07:57 - 2013-07-17 18:42 - 00000000 ____D C:\ProgramData\Skype
2015-07-07 04:43 - 2014-11-12 06:47 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-07-07 04:43 - 2013-07-19 17:57 - 00000000 ____D C:\windows\system32\Macromed
2015-07-07 04:43 - 2013-07-17 18:32 - 00000000 ____D C:\windows\SysWOW64\Macromed
2015-07-07 04:42 - 2011-02-18 15:27 - 00000000 ____D C:\ProgramData\Adobe
2015-07-07 04:42 - 2009-07-14 10:20 - 00000000 ____D C:\windows\servicing
2015-07-06 13:27 - 2014-12-17 04:40 - 00000000 ____D C:\Program Files\McAfee
2015-07-06 10:28 - 2015-05-24 03:38 - 00000000 ____D C:\Program Files\CCleaner
2015-07-05 12:10 - 2009-07-14 12:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-06-26 16:42 - 2013-07-17 18:33 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-26 16:40 - 2011-02-18 15:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-26 16:32 - 2013-08-22 15:38 - 00000000 ____D C:\Program Files (x86)\Veetle

==================== Files in the root of some directories =======

2013-08-18 17:24 - 2013-08-18 17:24 - 0000000 _____ () C:\Users\Toshiba\AppData\Roaming\bitlord_log.txt
2015-07-13 22:08 - 2015-07-13 22:09 - 0008704 _____ () C:\Users\Toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-01 16:27 - 2015-03-01 16:27 - 0000017 _____ () C:\Users\Toshiba\AppData\Local\resmon.resmoncfg
2013-09-02 23:43 - 2013-09-02 23:43 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-16 19:45

==================== End of log ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:16 AM

Posted 20 July 2015 - 12:54 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-265031417-2782916168-3745025912-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-265031417-2782916168-3745025912-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} ->  No File
Toolbar: HKU\S-1-5-21-265031417-2782916168-3745025912-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-265031417-2782916168-3745025912-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\user.js [2014-11-12]
FF Extension: Ads Removal - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\Extensions\adsremoval@adsremoval.net [2014-01-11]
FF Extension: No Name - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\extensions\ascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\extensions\iobitascsurfingprotection@iobit.com [not found]
CHR HKLM-x32\...\Chrome\Extension: [ldfhiidahikppjbljabpabcajjncelfj] - No Path Or update_url value
S3 BprotectEx; No ImagePath
S3 catchme; No ImagePath
S3 PCFApiUtil; No ImagePath
U3 aswMBR; \??\C:\Users\Toshiba\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Toshiba\AppData\Local\Temp\aswVmm.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Did you also run the AdwCleaner tool I have suggested?

How is the computer running now?

Edited by nasdaq, 20 July 2015 - 12:54 PM.


#6 carmen.koshman

carmen.koshman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 20 July 2015 - 01:17 PM

Thank you very much....my computer hasnt run this good in a long time...it,s quick....web pages load right now...it,s runs cooler

It,s great ...Thank you



#7 carmen.koshman

carmen.koshman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 20 July 2015 - 01:32 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Toshiba at 2015-07-21 01:25:23 Run:1
Running from C:\Users\Toshiba\Desktop
Loaded Profiles: Toshiba (Available Profiles: Toshiba)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763- 00608CC02F24 } =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-265031417-2782916168-3745025912-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-265031417-2782916168-3745025912-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} ->  No File
Toolbar: HKU\S-1-5-21-265031417-2782916168-3745025912-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-265031417-2782916168-3745025912-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\user.js [2014-11-12]
FF Extension: Ads Removal - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\Extensions\adsremoval@adsremoval.net [2014-01-11]
FF Extension: No Name - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\extensions\ascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\extensions\iobitascsurfingprotection@iobit.com [not found]
CHR HKLM-x32\...\Chrome\Extension: [ldfhiidahikppjbljabpabcajjncelfj] - No Path Or update_url value
S3 BprotectEx; No ImagePath
S3 catchme; No ImagePath
S3 PCFApiUtil; No ImagePath
U3 aswMBR; \??\C:\Users\Toshiba\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Toshiba\AppData\Local\Temp\aswVmm.sys [X]

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763- 00608CC02F24 } => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-265031417-2782916168-3745025912-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-265031417-2782916168-3745025912-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => key removed successfully
HKU\S-1-5-21-265031417-2782916168-3745025912-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-265031417-2782916168-3745025912-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\user.js not found.
C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\Extensions\adsremoval@adsremoval.net not found.
C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\extensions\ascsurfingprotection@iobit.com not found.
C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\2ep1266r.default\extensions\iobitascsurfingprotection@iobit.com not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ldfhiidahikppjbljabpabcajjncelfj" => key removed successfully
BprotectEx => Service removed successfully
catchme => Service removed successfully
PCFApiUtil => Service removed successfully
aswMBR => Service not found.
aswVmm => Service not found.
EmptyTemp: => 719.7 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 01:26:43 ====

 

 

It,s running great...thanks



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:16 AM

Posted 21 July 2015 - 06:47 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:16 AM

Posted 27 July 2015 - 07:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users