Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Proxy Set Up Without Knowledge [Solved]

Started by HelpAppreciated , May 18 2014 10:46 AM
proxy

  • This topic is locked This topic is locked
28 replies to this topic

#16 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 26 May 2014 - 11:02 AM

Hello HelpAppreciated, 
 
The issue with your Microsoft Teredo Tunneling Adapter appears to be resolved. However, it looks as if the proxy (127.0.0.1:5060) has returned. This is unlikely caused by malware. Nothing in your logs suggest malware is present on your computer.

  • Have you reinstalled the two programmes?
  • Do you use a browser proxy? 

We can continue troubleshooting to find the cause of this proxy. Let me know what you wish to do
 
 
STEP 1
A5RLVbX.png CCleaner Options

  • Open CCleaner (Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type C:\Program Files\CCleaner\CCleaner.exe and clickOK).
  • Click Applications.
  • Scroll down to Windows
  • Uncheck MS Search (if checked). 
  • Close the programme. 
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
======================================================

STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Thoughts on proxy?
  • Was MS Search checked in CCleaner?
  • AdwCleaner[S0].txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

    Advertisements

Register to Remove

#17 HelpAppreciated

HelpAppreciated

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 26 May 2014 - 03:02 PM

Hello,

 

I have not reinstalled Internet Calls or Hotspot Shield. I'm not sure how the proxy has returned when I see that it doesn't show. Am I looking at the right thing? Where exactly do I disable the proxy? 

 

I don't know what a browser proxy is, so I'm assuming that I don't use it.

 

MS Search was checked and I now have unchecked it. What does it do?

 

Here is the log:

 

# AdwCleaner v3.211 - Report created 26/05/2014 at 16:54:54
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bozkurt - TOSHIBA-PC
# Running from : C:\Users\Bozkurt\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\Bozkurt\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\PIP
Key Deleted : [x64] HKLM\SOFTWARE\Software
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2982 octets] - [26/05/2014 16:52:27]
AdwCleaner[S0].txt - [2805 octets] - [26/05/2014 16:54:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2865 octets] ##########

#18 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 27 May 2014 - 03:45 AM

Hello HelpAppreciated, 
 

I'm not sure how the proxy has returned when I see that it doesn't show. Am I looking at the right thing?

From your MiniToolBox log, ProxyServer: 127.0.0.1:5060
 

I don't know what a browser proxy is, so I'm assuming that I don't use it.

Also known as a Web Proxy. Hidemyass.com is a well known example. 
 

MS Search was checked and I now have unchecked it. What does it do?

Running CCleaner with this option checked was causing the issue with your Search Index. 
 
It looks as if you checked the option to Reset IE Proxy Settings in MiniToolBox - so you may not see the proxy at the moment. How are you monitoring your proxy settings? Internet Options > Connections > LAN settings?
 
Please continue monitoring your proxy settings. If you see the proxy return, please run the following tool:
 
cicnSfj.png TCPView

  • Please download TCPView and extract the contents to your desktop
  • Right-Click TCPView.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Read the EULA and click Accept.
  • Wait 20 seconds. 
  • Click File, followed by Save As.
  • Name the file TCPView Text and save the file to your desktop
  • Attach the file in your next reply. 
     

------------------------------------
 
In the meantime, please do the following: 
 
STEP 1
CXrghb6.png Update/Remove Java

  • Download the latest version of j8JVMVP.jpg Java from here.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for and uninstall the following programmes (if present):
    • Java 7 Update 45
    • Java 7 Update 51
    • Java™ 6 Update 27
       

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan will take a significant amount of time to complete. Please do not browse the Internet whilst your resident protection is disabled.

  • Please download ESET Online Scan and save the file to your desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then press Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Click Hide advanced settings. Your settings should match that of the image below.
  • Ensure Remove found threats is unchecked.
    3Crnyln.png
  • Allow virus signature database to download and for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did Java update/remove successfully? 
  • MBAM Scan log
  • ESET Online Scan log
  • TCPView Text (if applicable)

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#19 HelpAppreciated

HelpAppreciated

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 27 May 2014 - 03:01 PM

Hello,

 

How are you monitoring your proxy settings? Internet Options > Connections > LAN settings?

Yes, but I don't see a proxy enabled.

 

Malware Bytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 27/05/2014
Scan Time: 4:37:27 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.27.10
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bozkurt
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335059
Time Elapsed: 21 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.SlickSavings.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp, Quarantined, [9a75ed6702796bcb88ec641892708f71], 
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
The next log will be posted later.

#20 HelpAppreciated

HelpAppreciated

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 27 May 2014 - 05:06 PM

Here is the ESET log:

 

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

#21 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 27 May 2014 - 08:59 PM

Hello HelpAppreciated,
 

Yes, but I don't see a proxy enabled.

This is because you checked the Reset option in MiniToolBox: "Reset IE Proxy Settings": IE Proxy Settings were reset.
 
Unfortunately, as there is no further indication in your logs, discovering the cause is not going to be particularly straight forward. Continue monitoring your proxy settings each time you use your computer. If you notice the proxy returns, run TCPView as instructed in my previous post. 
 
------------------------------------
 
Your MBAM & ESET logs are good. The items detected were either remnants of a Potentially Unwanted Programme, an item already quarantined, or an installer for a programme already installed. 
 
Lets get one last check with FRST

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#22 HelpAppreciated

HelpAppreciated

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 28 May 2014 - 04:49 AM

Hello,

 

Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Bozkurt (administrator) on TOSHIBA-PC on 28-05-2014 06:38:51
Running from C:\Users\Bozkurt\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\windows\System32\SPReview\SPReview.exe [301568 2013-05-01] (Microsoft Corporation)
HKU\S-1-5-21-2475566040-1620998011-1919036322-1001\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2475566040-1620998011-1919036322-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2475566040-1620998011-1919036322-1001\...\MountPoints2: {44ecedd2-7254-11e3-a8c3-00266c9dd8dc} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2475566040-1620998011-1919036322-1001\...\MountPoints2: {9514dfcd-8837-11e2-a7b4-00266c9dd8dc} - G:\LaunchU3.exe -a
Startup: C:\Users\Bozkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?ncid=customie9
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x727F25757877CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...1I7TSCA_enCA519
SearchScopes: HKCU - {9A24538E-620B-4289-92B8-DDF593A2F0F9} URL = http://search.yahoo....p={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 216.8.137.101 216.8.137.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1211151.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - E:\Bozkurt\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Bozkurt\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn\ []
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.ca/
CHR StartupUrls: "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Extension: (Google Docs) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-19]
CHR Extension: (Google Drive) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-19]
CHR Extension: (Google Search) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-19]
CHR Extension: (AdBlock) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-01-19]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Hover Zoom) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2013-08-27]
CHR Extension: (Gmail) - C:\Users\Bozkurt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-23]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-05-23]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-14] (Symantec Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20140527.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20140527.016\ENG64.SYS [126040 2014-05-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20140527.016\EX64.SYS [2099288 2014-05-07] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
S3 ALSysIO; \??\C:\Users\Toshiba\AppData\Local\Temp\ALSysIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-28 06:38 - 2014-05-28 06:38 - 00000000 ____D () C:\Users\Bozkurt\Desktop\FRST-OlderVersion
2014-05-28 06:32 - 2014-05-28 06:32 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Bioench
2014-05-28 06:28 - 2014-05-28 06:29 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Elec
2014-05-27 21:43 - 2014-05-27 22:19 - 00000000 ____D () C:\Users\Bozkurt\Desktop\RTC
2014-05-27 19:05 - 2014-05-27 19:05 - 00000433 _____ () C:\Users\Bozkurt\Desktop\EsetScanThatBelongsToMe.txt
2014-05-27 17:43 - 2014-05-27 17:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 17:41 - 2014-05-27 17:41 - 02347384 _____ (ESET) C:\Users\Bozkurt\Desktop\esetsmartinstaller_enu.exe
2014-05-27 16:33 - 2014-05-28 06:22 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 16:31 - 2014-05-27 16:31 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-27 16:31 - 2014-05-27 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-27 16:31 - 2014-05-27 16:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 16:31 - 2014-05-27 16:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-27 16:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-27 16:31 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-27 16:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-27 16:30 - 2014-05-27 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bozkurt\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-27 16:23 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-27 16:23 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-05-27 16:23 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-05-27 16:23 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-05-27 16:21 - 2014-05-27 16:21 - 00921512 _____ (Oracle Corporation) C:\Users\Bozkurt\Desktop\chromeinstall-7u55.exe
2014-05-26 18:02 - 2014-05-26 18:02 - 00001199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-05-26 18:01 - 2014-05-26 18:01 - 00000000 ____D () C:\Users\Bozkurt\Desktop\paint.net.4.0.5226.41987.install
2014-05-26 17:32 - 2014-05-26 17:36 - 00064000 _____ () C:\Users\Bozkurt\Desktop\june_2014_exam_schedule.xls
2014-05-26 16:52 - 2014-05-26 16:55 - 00000000 ____D () C:\AdwCleaner
2014-05-26 16:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-26 16:51 - 2014-05-26 16:51 - 01327971 _____ () C:\Users\Bozkurt\Desktop\AdwCleaner.exe
2014-05-25 23:25 - 2014-05-25 23:26 - 00019456 _____ () C:\Users\Bozkurt\Desktop\Result.txt
2014-05-25 23:24 - 2014-05-25 23:24 - 00982016 _____ (Farbar) C:\Users\Bozkurt\Desktop\MiniToolBox.exe
2014-05-25 23:19 - 2014-05-25 23:19 - 00000149 _____ () C:\Users\Bozkurt\Desktop\regfix.reg
2014-05-25 23:18 - 2014-05-25 23:18 - 00000207 _____ () C:\windows\tweaking.com-regbackup-TOSHIBA-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-05-25 23:16 - 2014-05-25 23:16 - 00002210 _____ () C:\Users\Bozkurt\Desktop\Tweaking.com - Registry Backup.lnk
2014-05-25 23:16 - 2014-05-25 23:16 - 00000000 ____D () C:\Users\Bozkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-05-25 23:16 - 2014-05-25 23:16 - 00000000 ____D () C:\RegBackup
2014-05-25 23:15 - 2014-05-25 23:15 - 04057608 _____ () C:\Users\Bozkurt\Desktop\tweaking.com_registry_backup_setup.exe
2014-05-25 23:15 - 2014-05-25 23:15 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-05-24 11:01 - 2014-05-24 11:01 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-05-23 22:48 - 2014-05-23 23:04 - 00050959 _____ () C:\Users\Bozkurt\Desktop\sfcdetails.txt
2014-05-23 22:44 - 2014-05-23 22:48 - 00000137 _____ () C:\Users\Bozkurt\Desktop\querysfc.bat
2014-05-23 22:40 - 2014-05-23 22:40 - 00007024 _____ () C:\Users\Bozkurt\Desktop\reglook.txt
2014-05-23 22:39 - 2014-05-23 22:39 - 00000181 _____ () C:\Users\Bozkurt\Desktop\regfind.bat
2014-05-22 20:19 - 2014-05-22 20:19 - 00001456 _____ () C:\Users\Bozkurt\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-05-22 18:23 - 2014-05-28 06:39 - 00022964 _____ () C:\Users\Bozkurt\Desktop\FRST.txt
2014-05-22 18:23 - 2014-05-22 18:24 - 00040720 _____ () C:\Users\Bozkurt\Desktop\Addition.txt
2014-05-22 18:22 - 2014-05-28 06:38 - 02066944 _____ (Farbar) C:\Users\Bozkurt\Desktop\FRST64.exe
2014-05-22 18:22 - 2014-05-28 06:38 - 00000000 ____D () C:\FRST
2014-05-19 23:30 - 2014-05-20 00:00 - 00010706 _____ () C:\Users\Bozkurt\Desktop\QuizUp-Template.xlsx
2014-05-18 12:36 - 2014-05-18 12:45 - 00014328 _____ () C:\Users\Bozkurt\Desktop\hijackthis.log
2014-05-18 12:29 - 2014-05-18 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bozkurt\Desktop\HiJackThis.exe
2014-05-14 00:18 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-14 00:18 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-14 00:18 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-14 00:18 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-14 00:18 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-14 00:18 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-13 22:20 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-13 22:19 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-13 22:19 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-13 22:19 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-13 22:19 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-13 22:19 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-13 22:19 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-13 22:19 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-13 22:19 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-13 22:19 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-13 22:19 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-13 22:19 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-13 22:19 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-13 22:19 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-13 22:19 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-13 22:19 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-13 22:19 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-13 22:19 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-13 22:19 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-13 22:19 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-13 22:19 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-13 22:19 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-13 22:19 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-13 22:19 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-13 22:19 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-13 22:19 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-13 22:19 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-13 22:19 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-13 22:19 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-13 22:19 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-13 22:19 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-13 22:19 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-13 22:19 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-13 22:19 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-12 08:51 - 2014-05-28 06:33 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Radish Plant Lab
2014-05-09 21:47 - 2014-05-10 06:23 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Certificates
2014-05-08 22:28 - 2014-05-08 22:28 - 11855575 _____ () C:\Users\Bozkurt\Desktop\Chemistry_Tests.zip
2014-05-06 00:53 - 2014-05-14 17:16 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-04-30 18:37 - 2014-04-30 18:37 - 00003306 _____ () C:\windows\System32\Tasks\{B042D8D1-A45F-4EE7-98F7-0402F7C4ACFE}
 
==================== One Month Modified Files and Folders =======
 
2014-05-28 06:39 - 2014-05-22 18:23 - 00022964 _____ () C:\Users\Bozkurt\Desktop\FRST.txt
2014-05-28 06:38 - 2014-05-28 06:38 - 00000000 ____D () C:\Users\Bozkurt\Desktop\FRST-OlderVersion
2014-05-28 06:38 - 2014-05-22 18:22 - 02066944 _____ (Farbar) C:\Users\Bozkurt\Desktop\FRST64.exe
2014-05-28 06:38 - 2014-05-22 18:22 - 00000000 ____D () C:\FRST
2014-05-28 06:37 - 2013-01-19 18:12 - 00000000 ____D () C:\Users\Bozkurt\AppData\Local\CrashDumps
2014-05-28 06:36 - 2013-01-19 17:39 - 00000000 ____D () C:\Users\Bozkurt\Desktop\FL Work
2014-05-28 06:33 - 2014-05-12 08:51 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Radish Plant Lab
2014-05-28 06:32 - 2014-05-28 06:32 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Bioench
2014-05-28 06:29 - 2014-05-28 06:28 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Elec
2014-05-28 06:23 - 2013-01-19 16:47 - 00000000 ____D () C:\Users\Bozkurt\AppData\Local\Adobe
2014-05-28 06:23 - 2013-01-19 15:48 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 06:22 - 2014-05-27 16:33 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 06:22 - 2014-01-29 18:43 - 00000574 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2475566040-1620998011-1919036322-1001.job
2014-05-28 06:22 - 2013-08-14 21:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 06:22 - 2012-02-13 16:09 - 01796281 ____N () C:\windows\WindowsUpdate.log
2014-05-27 22:20 - 2013-01-20 18:50 - 00000000 ____D () C:\Users\Bozkurt\AppData\Roaming\Skype
2014-05-27 22:19 - 2014-05-27 21:43 - 00000000 ____D () C:\Users\Bozkurt\Desktop\RTC
2014-05-27 19:05 - 2014-05-27 19:05 - 00000433 _____ () C:\Users\Bozkurt\Desktop\EsetScanThatBelongsToMe.txt
2014-05-27 17:43 - 2014-05-27 17:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 17:41 - 2014-05-27 17:41 - 02347384 _____ (ESET) C:\Users\Bozkurt\Desktop\esetsmartinstaller_enu.exe
2014-05-27 17:15 - 2009-07-14 00:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 17:15 - 2009-07-14 00:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 17:10 - 2013-01-19 15:48 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 17:08 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-27 16:31 - 2014-05-27 16:31 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-27 16:31 - 2014-05-27 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-27 16:31 - 2014-05-27 16:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 16:31 - 2014-05-27 16:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-27 16:31 - 2014-05-27 16:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bozkurt\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-27 16:27 - 2010-03-16 03:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-27 16:25 - 2013-09-09 21:54 - 00000000 ____D () C:\Program Files\Java
2014-05-27 16:24 - 2013-11-17 20:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-27 16:21 - 2014-05-27 16:21 - 00921512 _____ (Oracle Corporation) C:\Users\Bozkurt\Desktop\chromeinstall-7u55.exe
2014-05-27 06:51 - 2012-07-23 11:38 - 00750152 _____ () C:\windows\system32\perfh00C.dat
2014-05-27 06:51 - 2012-07-23 11:38 - 00153852 _____ () C:\windows\system32\perfc00C.dat
2014-05-27 06:51 - 2009-07-14 01:13 - 01668256 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-26 20:58 - 2013-10-05 12:28 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Stuff (1)
2014-05-26 18:04 - 2013-01-20 16:31 - 00000000 ____D () C:\Users\Bozkurt\AppData\Local\Paint.NET
2014-05-26 18:02 - 2014-05-26 18:02 - 00001199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-05-26 18:02 - 2013-01-20 16:31 - 00000000 ____D () C:\Program Files\Paint.NET
2014-05-26 18:01 - 2014-05-26 18:01 - 00000000 ____D () C:\Users\Bozkurt\Desktop\paint.net.4.0.5226.41987.install
2014-05-26 17:57 - 2013-05-25 17:37 - 01632660 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-05-26 17:36 - 2014-05-26 17:32 - 00064000 _____ () C:\Users\Bozkurt\Desktop\june_2014_exam_schedule.xls
2014-05-26 16:55 - 2014-05-26 16:52 - 00000000 ____D () C:\AdwCleaner
2014-05-26 16:51 - 2014-05-26 16:51 - 01327971 _____ () C:\Users\Bozkurt\Desktop\AdwCleaner.exe
2014-05-26 16:49 - 2013-02-09 01:26 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-26 16:49 - 2013-02-09 01:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-26 10:29 - 2013-01-22 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Google
2014-05-26 10:06 - 2013-01-22 12:55 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 10:06 - 2013-01-22 12:55 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-25 23:26 - 2014-05-25 23:25 - 00019456 _____ () C:\Users\Bozkurt\Desktop\Result.txt
2014-05-25 23:24 - 2014-05-25 23:24 - 00982016 _____ (Farbar) C:\Users\Bozkurt\Desktop\MiniToolBox.exe
2014-05-25 23:19 - 2014-05-25 23:19 - 00000149 _____ () C:\Users\Bozkurt\Desktop\regfix.reg
2014-05-25 23:18 - 2014-05-25 23:18 - 00000207 _____ () C:\windows\tweaking.com-regbackup-TOSHIBA-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-05-25 23:16 - 2014-05-25 23:16 - 00002210 _____ () C:\Users\Bozkurt\Desktop\Tweaking.com - Registry Backup.lnk
2014-05-25 23:16 - 2014-05-25 23:16 - 00000000 ____D () C:\Users\Bozkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-05-25 23:16 - 2014-05-25 23:16 - 00000000 ____D () C:\RegBackup
2014-05-25 23:15 - 2014-05-25 23:15 - 04057608 _____ () C:\Users\Bozkurt\Desktop\tweaking.com_registry_backup_setup.exe
2014-05-25 23:15 - 2014-05-25 23:15 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-05-24 20:02 - 2013-01-20 18:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-24 20:02 - 2013-01-20 18:49 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 11:01 - 2014-05-24 11:01 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-05-24 10:56 - 2014-03-15 11:40 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-05-24 10:56 - 2014-03-15 11:40 - 00002290 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-05-24 10:56 - 2014-03-15 11:40 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-05-24 10:56 - 2013-12-22 13:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-23 23:04 - 2014-05-23 22:48 - 00050959 _____ () C:\Users\Bozkurt\Desktop\sfcdetails.txt
2014-05-23 22:48 - 2014-05-23 22:44 - 00000137 _____ () C:\Users\Bozkurt\Desktop\querysfc.bat
2014-05-23 22:40 - 2014-05-23 22:40 - 00007024 _____ () C:\Users\Bozkurt\Desktop\reglook.txt
2014-05-23 22:39 - 2014-05-23 22:39 - 00000181 _____ () C:\Users\Bozkurt\Desktop\regfind.bat
2014-05-22 20:19 - 2014-05-22 20:19 - 00001456 _____ () C:\Users\Bozkurt\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-05-22 18:24 - 2014-05-22 18:23 - 00040720 _____ () C:\Users\Bozkurt\Desktop\Addition.txt
2014-05-20 00:00 - 2014-05-19 23:30 - 00010706 _____ () C:\Users\Bozkurt\Desktop\QuizUp-Template.xlsx
2014-05-18 12:45 - 2014-05-18 12:36 - 00014328 _____ () C:\Users\Bozkurt\Desktop\hijackthis.log
2014-05-18 12:36 - 2013-01-19 17:39 - 00000000 ____D () C:\Users\Bozkurt\AppData\Local\VirtualStore
2014-05-18 12:29 - 2014-05-18 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bozkurt\Desktop\HiJackThis.exe
2014-05-14 22:34 - 2014-01-29 18:43 - 00003608 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2475566040-1620998011-1919036322-1001
2014-05-14 17:19 - 2013-01-19 17:39 - 00000000 ___RD () C:\Users\Bozkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 17:19 - 2013-01-19 17:39 - 00000000 ___RD () C:\Users\Bozkurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 17:16 - 2014-05-06 00:53 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-14 00:19 - 2012-02-13 16:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-13 22:46 - 2013-08-14 21:27 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 22:46 - 2013-01-19 15:43 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 22:46 - 2013-01-19 15:43 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 07:26 - 2014-05-27 16:31 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-27 16:31 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-27 16:31 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-10 23:47 - 2014-04-19 19:25 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Accounting Hacks
2014-05-10 06:23 - 2014-05-09 21:47 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Certificates
2014-05-09 02:14 - 2014-05-13 22:19 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-13 22:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-08 22:28 - 2014-05-08 22:28 - 11855575 _____ () C:\Users\Bozkurt\Desktop\Chemistry_Tests.zip
2014-05-07 16:44 - 2013-01-19 15:48 - 00003896 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 16:44 - 2013-01-19 15:48 - 00003644 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 00:40 - 2014-05-14 00:18 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-14 00:18 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-14 00:18 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-14 00:18 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-14 00:18 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 00:18 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-01 22:59 - 2014-03-27 20:15 - 00000000 ____D () C:\Users\Bozkurt\Desktop\Photo Club
2014-04-30 20:26 - 2013-02-19 01:04 - 00000132 _____ () C:\Users\Bozkurt\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-04-30 18:37 - 2014-04-30 18:37 - 00003306 _____ () C:\windows\System32\Tasks\{B042D8D1-A45F-4EE7-98F7-0402F7C4ACFE}
2014-04-30 18:33 - 2013-01-19 15:43 - 00000000 ____D () C:\windows\SysWOW64\Macromed
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-26 23:26
 
==================== End Of Log ============================
 
Here is the Addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Bozkurt at 2014-05-28 06:39:26
Running from C:\Users\Bozkurt\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.2 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.30739 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.11.0827 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GoToMeeting 6.3.0.1415 (HKCU\...\GoToMeeting) (Version: 6.3.0.1415 - CitrixOnline)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java™ SE Development Kit 6 Update 27 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160270}) (Version: 1.6.0.270 - Oracle)
JCreator LE 5.00 (HKLM-x32\...\JCreator LE_is1) (Version:  - Xinox Software)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{5C7025FD-6BD0-4E48-8948-696E26AF6F15}) (Version: 2.5.299 - Sony)
Media Go Video Playback Engine 1.120.107.05010 (HKLM-x32\...\{8227BCD8-AA43-B935-7134-2732A298364A}) (Version: 1.120.107.05010 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{A6A4A258-0A48-4F76-B8F1-61F0514594DD}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Minecraft 1.4.5 (HKLM-x32\...\Minecraft 1.4.5) (Version:  - )
MKVToolNix 6.1.0 (HKLM-x32\...\MKVToolNix) (Version: 6.1.0 - Moritz Bunkus)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - )
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation)
paint.net 4.0 Pre-Release (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Python 3.2 pygame-1.9.2a0 (HKLM-x32\...\{265E2F1D-0025-45DF-B83B-8320466108A8}) (Version: 1.9.2 - Pete Shinners, Rene Dudfield, Marcus von Appen, Bob Pendleton, others...)
Python 3.2.3 (HKLM-x32\...\{789C9644-9F82-44d3-B4CA-AC31F46F5882}) (Version: 3.2.3150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.3.201402131509 - Sony Mobile Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.10.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
02-05-2014 14:22:59 Windows Update
06-05-2014 04:52:48 Windows Update
14-05-2014 04:13:30 Windows Update
26-05-2014 21:48:31 Paint.NET v3.5.10
26-05-2014 21:59:55 Removed Paint.NET v3.5.10
26-05-2014 22:01:57 paint.net 4.0 (β 4.0.5226.41987)
27-05-2014 20:22:37 Installed Java 7 Update 55
27-05-2014 20:24:43 Removed Java 7 Update 45 (64-bit)
27-05-2014 20:26:19 Removed Java™ 6 Update 27
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {04D45A69-F18E-4AB3-83C7-4A7D3C925512} - System32\Tasks\G2MUpdateTask-S-1-5-21-2475566040-1620998011-1919036322-1001 => C:\Users\Bozkurt\AppData\Local\Citrix\GoToMeeting\1415\g2mupdate.exe [2014-05-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {100F9B1A-9265-4310-A6AB-DA11849A88F9} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)
Task: {37FFFFB7-25F3-4B73-A6A4-6A2214DEFB6C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {66D3CA70-CFD7-4AF8-8AA7-B1A2CA1E2000} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {7742033B-78F5-4DDE-A2DC-6C4CC0C8268C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7A0EC2A2-F28D-4060-ADBD-2929D39EE6BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.)
Task: {9292E921-919E-4EA8-959C-0F0D727C8C4D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {AA8C4CC1-0483-4D47-A757-74DC15508DD0} - System32\Tasks\AdobeAAMUpdater-1.0-Toshiba-PC-Bozkurt => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {B3C80602-7645-4444-AEE5-7243D3803033} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {CBA78C8A-30C4-4930-9CBC-FCD8DE124701} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19] (Google Inc.)
Task: {F2586065-CD72-4B53-8160-FA9B61ABBF5D} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)
Task: {F260FCD8-7D4E-4C6C-9B53-2F5E494CF868} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2475566040-1620998011-1919036322-1001.job => C:\Users\Bozkurt\AppData\Local\Citrix\GoToMeeting\1415\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-14 23:15 - 2012-09-18 15:27 - 00192512 ____N () C:\windows\System32\zlhp1020.dll
2014-02-20 00:00 - 2012-09-18 16:27 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2010-02-05 21:44 - 2010-02-05 21:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-06-18 16:06 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll
2014-05-22 18:15 - 2014-05-13 19:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-22 18:15 - 2014-05-13 19:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-22 18:15 - 2014-05-13 19:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-22 18:15 - 2014-05-13 19:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-22 18:15 - 2014-05-13 19:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Users^Bozkurt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk => C:\windows\pss\Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk.Startup
MSCONFIG\startupreg: AdobeBridge => 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\Bozkurt\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: InternetCalls => "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Teco => "%PROGRAMFILES%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TosNC => %PROGRAMFILES%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/28/2014 06:22:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 5.7.0.1018, time stamp: 0x52cb21c9
Faulting module name: RPCRT4.dll, version: 6.1.7601.18205, time stamp: 0x51dba4dc
Exception code: 0xc0020043
Fault offset: 0x000000000008a5d3
Faulting process id: 0x8f4
Faulting application start time: 0xSUPERAntiSpyware.exe0
Faulting application path: SUPERAntiSpyware.exe1
Faulting module path: SUPERAntiSpyware.exe2
Report Id: SUPERAntiSpyware.exe3
 
Error: (05/27/2014 05:43:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/27/2014 05:43:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/27/2014 05:41:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/27/2014 04:26:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents.  hr = 0x8007000d, The data is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {a60dcd91-ec6c-4171-99d7-77b03dc9b831}
 
Error: (05/27/2014 04:24:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents.  hr = 0x8007000d, The data is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {a60dcd91-ec6c-4171-99d7-77b03dc9b831}
 
Error: (05/27/2014 04:22:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents.  hr = 0x8007000d, The data is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {a60dcd91-ec6c-4171-99d7-77b03dc9b831}
 
Error: (05/26/2014 05:48:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {26c6e1eb-4f7d-47af-a4fb-86d67531cbcd}
 
Error: (05/24/2014 10:56:40 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/24/2014 10:56:40 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (05/27/2014 06:39:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
 
Error: (05/27/2014 04:33:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
%%1062
 
Error: (05/27/2014 04:33:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Computer Browser service terminated with service-specific error %%2184.
 
Error: (05/27/2014 04:33:20 PM) (Source: BROWSER) (EventID: 8017) (User: )
Description: The browser has failed to start because the dependent service LanmanServer had invalid service status 3.
Status             Meaning
  1              Service Stopped
 
  2              Start Pending
 
  3              Stop Pending
 
  4              Running
 
  5              Continue Pending
 
  6              Pause Pending
 
  7              Paused
 
Error: (05/27/2014 04:13:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
%%1062
 
Error: (05/27/2014 04:13:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Computer Browser service terminated with service-specific error %%2184.
 
Error: (05/27/2014 04:13:23 PM) (Source: BROWSER) (EventID: 8017) (User: )
Description: The browser has failed to start because the dependent service LanmanServer had invalid service status 3.
Status             Meaning
  1              Service Stopped
 
  2              Start Pending
 
  3              Stop Pending
 
  4              Running
 
  5              Continue Pending
 
  6              Pause Pending
 
  7              Paused
 
Error: (05/27/2014 04:13:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
%%1062
 
Error: (05/27/2014 04:13:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Computer Browser service terminated with service-specific error %%2184.
 
Error: (05/27/2014 04:13:21 PM) (Source: BROWSER) (EventID: 8017) (User: )
Description: The browser has failed to start because the dependent service LanmanServer had invalid service status 3.
Status             Meaning
  1              Service Stopped
 
  2              Start Pending
 
  3              Stop Pending
 
  4              Running
 
  5              Continue Pending
 
  6              Pause Pending
 
  7              Paused
 
 
Microsoft Office Sessions:
=========================
Error: (05/28/2014 06:22:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SUPERAntiSpyware.exe5.7.0.101852cb21c9RPCRT4.dll6.1.7601.1820551dba4dcc0020043000000000008a5d38f401cf79f0054b3d1aC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\windows\system32\RPCRT4.dllff5ef9b4-e651-11e3-9a1d-00266c9dd8dc
 
Error: (05/27/2014 05:43:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bozkurt\Desktop\esetsmartinstaller_enu.exe
 
Error: (05/27/2014 05:43:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bozkurt\Desktop\esetsmartinstaller_enu.exe
 
Error: (05/27/2014 05:41:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bozkurt\Desktop\esetsmartinstaller_enu.exe
 
Error: (05/27/2014 04:26:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x8007000d, The data is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {a60dcd91-ec6c-4171-99d7-77b03dc9b831}
 
Error: (05/27/2014 04:24:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x8007000d, The data is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {a60dcd91-ec6c-4171-99d7-77b03dc9b831}
 
Error: (05/27/2014 04:22:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x8007000d, The data is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {a60dcd91-ec6c-4171-99d7-77b03dc9b831}
 
Error: (05/26/2014 05:48:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {26c6e1eb-4f7d-47af-a4fb-86d67531cbcd}
 
Error: (05/24/2014 10:56:40 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/24/2014 10:56:40 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 58%
Total physical RAM: 3894.84 MB
Available physical RAM: 1628.27 MB
Total Pagefile: 7787.87 MB
Available Pagefile: 5394.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: (S3A8573D007) (Fixed) (Total:579.04 GB) (Free:484.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (VERBATIM HD) (Fixed) (Total:1862.56 GB) (Free:1737.81 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 5EB45491)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=579 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 3A010982)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=0C)
 
==================== End Of Log ============================
 
Thank you for your help. Do I uninstall all those programs that I've installed or should I keep some and use regularly?

#23 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 28 May 2014 - 11:44 AM

Hello HelpAppreciated,
 
Regarding the source of the proxy - I assume it has yet to return. Once we have updated your system and removed our tools, I will let you know what I think the best way to proceed is. 
 

Thank you for your help. Do I uninstall all those programs that I've installed or should I keep some and use regularly?

I will issue instructions on how to remove our tools in my next post. 
 
From your FRST log, I can see you are using MSCONFIG as a Startup Manager. I would not advise this. Please refer to the following thread. Autoruns and WinPatrol are both excellent programmes (albeit, require research in understanding how the programmes work). 

Spoiler

 
STEP 1
CXrghb6.png Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • Adobe Reader 9.5.3 
    • Java SE Development Kit 7 Update 45
    • Java™ SE Development Kit 6 Update 27
  • Follow the prompts and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button 29Fou9c.jpg and type Java Control Panel (or javacpl) in the search bar. 
  • Press the Windows Key pdKOQKY.pngon your keyboard at the same time. Type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) AVOiBNU.jpg appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Confirmation you had no issues with the instructions. 
  • checkup.txt
  • Comments on how your computer is performing. 

Note: There are important steps to follow. Please ensure you continue following this topic until I give you the "All Clean".


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#24 HelpAppreciated

HelpAppreciated

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 28 May 2014 - 04:28 PM

Hello,

 

I'm not sure what you mean by using MSCONFIG as a Startup Manager. If it's a default setting then I guess that's what's being used, but I didn't do anything to set it as a Startup Manager intentionally. I have installed WinPatrol but I'm not sure what you want me to do...

 

I have done the important Windows update. Should I update the optional ones too?

 

Here is the checkup log:

 

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 
Still no sign of the proxy.

#25 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 28 May 2014 - 07:32 PM

Hello HelpAppreciated,
 
MSCONFIG is a system configuration utility, designed to help troubleshoot and diagnose startup issues in Windows. Using MSCONFIG, one can disable a programme from starting up. Using the programme as a startup manager (a tool to control which programmes start when you turn on your computer), rather than a diagnostic tool is not advisable. If you click the spoiler drop down box in my previous post, you will see a list of programmes currently disabled by MSCONFIG from starting up. Perhaps the other user of your computer made the changes? 
 
WinPatrol includes many features. The programme is designed to alert the end user on events happening "behind the scenes". If you intend on using WinPatrol, I would suggest you read the documentation on the programme in order to gain a better understanding of how it works. As new software or changes are made to your computer, you will be prompted by WinPatrol to allow or disallow the change. Reading the documentation will help you make the correct decision. This is particularly important if your machine were to become infected. If used correctly, WinPatrol can effectively stop an infection before any damage is done. For a list of features included in both versions of WinPatrol (free & paid), please visit this page. I am more than happy to answer questions on the programme should you have any.
 

Lets reverse the changes made in MSCONFIG (which I assume were done by a different user of your computer) and, using WinPatrol, disable the unnecessary programmes from starting up. 
 
STEP 1
F0hoanr.png MSCONFIG

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type msconfig and click OK.
  • If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
  • In the Startup tab, click Enable All, followed by OK.
  • If prompted, click Restart.
     

STEP 2
1Vc5ho7.png WinPatrol Startup Manager

  • Open WinPatrol.
  • Click Startup Programs.
  • Click the programme you wish to disable from starting up, and click Disable.
  • You may wish to consult the list of programmes previously disabled from startup.
    • HP Deskjet 3050 J610 series
    • AdobeBridge
    • APSDaemon
    • BitTorrent
    • InternetCalls
    • QuickTime Task
    • RESTART_STICKY_NOTES
    • Skype
    • SmartFaceVWatcher
    • Sony PC Companion/Background
    • swg (GoogleToolbarNotifier)
    • Teco
    • TosNC
    • TosReelTimeMonitor
    • TWebCamera
  • Close the programme. Reboot if prompted. 
     

STEP 3
Z2qgMOy.png OTL

  • Please download OTL and save the file to your desktop.
  • Double-click OTL.exe to run the programme. Ensure all other windows are closed
  • Copy the entire contents of the codebox below and paste into the 1wDyQ2v.png textbox.:OTL 
    :OTL

:Commands
[emptytemp]
[emptyjava]
[clearallrestorepoints]
  • Click the j7yFJut.png button.
  • Let the programme run and reboot your computer if prompted
     

STEP 4
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Reset System Settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
 

I have done the important Windows update. Should I update the optional ones too?

Unless the update involves the installation of Bing software, I will generally install optional updates. Each update comes with a unique identification number (kbxxxxxx). If you wish to look further into the exact nature of the update, note down the identification number and Google it. Microsoft provides comprehensive articles on every Windows Update. 
 

Still no sign of the proxy.

There are no more steps to follow once you have completed the above. At this point in time, I would usually issue my "All Clean" speech and send the user on their way. However, as we have yet to discover the cause of the proxy, I would like to leave this open for the next couple of days. 
 
Please hold back on installing Hotspot Shield and Internet Calls. Continue using your computer normally, and perhaps check your proxy settings before switching off your computer each time. Should you see the proxy return, please download and run TCPView (as instructed here) and post the results. 
 
If after 48 hours there is still no sign, please let me know. At this point, I will issue my "All Clean" speech and we can wrap things up. Checking the Reset IE Proxy Settings option when we ran MiniToolBox may well have stopped the proxy returning. Unfortunately, it's incredibly difficult pinpointing the source of a single setting when there are no indications in any of the logs. 
 
Please let me know if you are happy with everything discussed above.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

    Advertisements

Register to Remove

#26 HelpAppreciated

HelpAppreciated

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 30 May 2014 - 04:25 PM

Hello,

 

Thank you for your instruction and help. I have followed the steps mentioned in the previous post. 

 

When should I reinstall the two programs?

 

Is there anything I should regularly do with Malwarebytes? Should I uninstall SUPERAntiSpyware or keep both?

 

There are still some programs left like Tweaking.com - Registry Backup, MiniToolBox, HiJackThis, etc. Should I uninstall those?

 

Thanks again for all your help! :)


#27 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 31 May 2014 - 09:38 AM

Hello HelpAppreciated,
 

When should I reinstall the two programs?

That's completely up to you. There's no reason not to reinstall now.
 

Is there anything I should regularly do with Malwarebytes? Should I uninstall SUPERAntiSpyware or keep both?

As you checked the Free 14 Day Trial whilst installing Malwarebytes, Real Time Protection and Malicious Website Blocking are currently enabled. Once your trial finishes, these modules will be disabled. However, Malwarebytes will still function as an on-demand scanner. I recommend updating and running a Threat Scan once or twice a week. You may wish to purchase the Premium version if you feel satisfied with the product. GfiJrQ9.png Malwarebytes Premium is (in my opinion) the best paid for anti-malware product. 
 
rdXRUpk.png SUPERAntiSpyware (SAS) was once a high-end security programme. However, it has slipped behind competitors and is not a programme I would recommend today. If you are looking for an on-demand scanner to supplement Malwarebytes, I recommend 7D2ig3K.png Emsisoft Anti-Malware, which has a freeware (on-demand scanner) and paid for (real time production) version. The paid for version is considered an anti-virus, so I would advise against purchasing it unless you uninstall your current anti-virus. If you wish to keep SUPERAntiSpyware, there is nothing wrong with keeping both it and Malwarebytes installed.

 

There are still some programs left like Tweaking.com - Registry Backup, MiniToolBox, HiJackThis, etc. Should I uninstall those?

  • Tweaking.com Registry Backup and MiniToolBox can be dragged into the Recycle Bin.
  • Any .bat or other files I had you create can be dragged into the Recycle Bin as well.
  • HijackThis can be uninstalled via Programs and Features
     

Thanks again for all your help!   :)

You are more than welcome. 
 
If at any point in the future you spot the proxy (127.0.0.1:5060) return, you are welcome to run TCPView, request this thread reopened and post the results. 
 
======================================================
 
All Clean!
Congratulations, your computer appears clean!    :thumbup:
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. Below I have compiled a list of resources you may find useful. The articles document information on computer security/maintenance, common infection vectors and how you can stay safe on the Internet.

The following security/maintenance programmes come highly recommended in the security community.

  • JEP5iWI.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
  • 6YRrgUC.png Malwarebytes Anti-Malware Premium incorporates real-time protection and is designed to run alongside your anti-virus. 
  • j1OLIec.png SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • A5RLVbX.png CCleaner (portable) is a handy temp file cleaner. Avoid the built-in registry cleaner => see this article for information. 
  • DgW1XL2.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • hkxnADR.png StartupLite will scan your computer for unnecessary startup programmes. Disabling identified programmes may improve boot-time
  • jv4nhMJ.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • KsUqI5A.png AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
     

Wary of a particular file/website? Need a second opinion? Scan the file/URL using these free online scanner services:

-- Should you have any questions on the above tools, or computer security in general, please feel free to ask
 
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using WhatTheTech.
 
Safe Surfing.    :thumbup:
LiquidTension.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#28 HelpAppreciated

HelpAppreciated

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 31 May 2014 - 07:16 PM

Thank you again for your assistance LiquidTension. Your help was very much appreciated! ;)


#29 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 June 2014 - 04:35 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: proxy

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·