Jump to content


Photo

Firefox is configured to use a proxy server that is refusing connections. (Popped up out of nowhere)

Firefox proxy random

  • This topic is locked This topic is locked
14 replies to this topic

#1 The Mighty Quinn

The Mighty Quinn

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 31 May 2013 - 12:23 PM

Hi guys!
 
So, last night I jumped on FIrefox, but got an error saying "Firefox is configured to use a proxy server that is refusing connections." I'd never saw that before, and was confused as to why that would pop up. Anyway, I went into the browser settings and put things right, but, I am a little concerned about how that happned in the first place. No one has messed with the Firefox conenction options ever on here, so I guess I'm wondering if any one has any idea as to what may have casued this? Has anyone had this happen to them? Could this mean someone remotely changed the settings?
 
Any thoughts are greatly appreciated! Thanks for reading :)
 
-- Fireofx is version 21.0
-- Windows 7 SP1 Home Premium
 
- Oh & sorry if this is posted in the wrong spot. I wasn't too sure on where it should go.
 
 
 
Edit: Please read the Instructions and post the requested logs (MBAM, DDS, Security Check). We need the information in order to help you.  (This spot is fine)


Edited by cnm, 31 May 2013 - 12:37 PM.


#2 The Mighty Quinn

The Mighty Quinn

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 31 May 2013 - 01:12 PM

Sorry about that, cnm! -- And hello again :)

 

Here are the logs:

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Aaron :: KOOLROCK-SKI [administrator]

31/05/2013 2:58:35 PM
mbam-log-2013-05-31 (14-58-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219695
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

 

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus                         
PC Tools Spyware Doctor with AntiVirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 PC Tools Spyware Doctor 9.1
 SpywareBlaster 5.0    
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader XI  
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Aaron at 15:09:08 on 2013-05-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.3891.1485 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\StikyNot.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Aaron\Desktop\SecurityCheck.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\svchost.exe -k defragsvc
C:\windows\SysWOW64\notepad.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uProxyServer = localhost:21320
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
uPolicies-Explorer: NoDriveTypeAutorun = dword:12
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.2.1 142.177.2.130 192.168.1.1
TCP: Interfaces\{DD10B4AD-8A33-4AB1-BBDD-F9912ED36432} : DHCPNameServer = 192.168.2.1 0.0.0.0
TCP: Interfaces\{E1A8F0EB-41FB-4C8A-9B8A-4998A8F5ED8B} : DHCPNameServer = 192.168.2.1 142.177.2.130 192.168.1.1
TCP: Interfaces\{E1A8F0EB-41FB-4C8A-9B8A-4998A8F5ED8B}\0716271626F6C616 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E1A8F0EB-41FB-4C8A-9B8A-4998A8F5ED8B}\27564656D6074796F6E6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E1A8F0EB-41FB-4C8A-9B8A-4998A8F5ED8B}\374797D696563747 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E1A8F0EB-41FB-4C8A-9B8A-4998A8F5ED8B}\46C696E6B6 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.




x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: WB - <no file>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cdyqsb3p.default\

FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-22 11:38; {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}; C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cdyqsb3p.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
FF - ExtSQL: 2013-05-01 10:47; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF - ExtSQL: 2013-05-31 14:04; superstart@enjoyfreeware.org; C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cdyqsb3p.default\extensions\superstart@enjoyfreeware.org
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-5 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-5 189936]
R0 PCTCore;PCTools KDS;C:\windows\System32\drivers\PCTCore64.sys [2013-5-1 413448]
R0 pctDS;PC Tools Data Store;C:\windows\System32\drivers\pctDS64.sys [2013-5-1 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\windows\System32\drivers\pctEFA64.sys [2013-5-1 1096176]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-2-24 28504]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2011-3-8 1025808]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2011-3-8 378432]
R1 pctgntdi;pctgntdi;C:\windows\System32\drivers\pctgntdi64.sys [2013-5-1 347016]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\windows\System32\drivers\PCTSD64.sys [2013-5-1 253256]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2011-3-8 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2011-3-8 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-12 46808]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2013-5-1 580728]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-8 2320920]
R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-2-6 585728]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-3-8 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 PCTBD;PC Tools Browser Defender Driver;C:\windows\System32\drivers\PCTBD64.sys [2012-3-19 77144]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-3-8 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-3-8 325152]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2011-3-8 1103904]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-3-20 793048]
S3 pctplsm;pctplsm;C:\windows\System32\drivers\pctplsm64.sys [2013-5-1 87968]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-3-8 232992]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2013-5-1 403416]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2013-5-1 1162360]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-5-28 1817560]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-5-28 1033688]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-5-28 171928]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-4-25 1255736]
S4 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-8 51512]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
.
=============== Created Last 30 ================
.
2013-05-31 16:35:16    --------    d-----w-    C:\Users\Aaron\AppData\Roaming\SUPERAntiSpyware.com
2013-05-31 16:34:40    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-05-31 16:34:40    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-05-28 20:48:43    17272    ----a-w-    C:\windows\System32\sdnclean64.exe
2013-05-28 20:48:31    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-26 00:37:42    --------    d-----w-    C:\Users\Aaron\.thumbnails
2013-05-26 00:33:49    --------    d-----w-    C:\Users\Aaron\AppData\Local\fontconfig
2013-05-26 00:33:48    --------    d-----w-    C:\Users\Aaron\AppData\Local\gegl-0.2
2013-05-26 00:33:48    --------    d-----w-    C:\Users\Aaron\.gimp-2.8
2013-05-26 00:23:48    --------    d-----w-    C:\Program Files\GIMP 2
2013-05-17 17:46:03    --------    d-----w-    C:\Program Files\iPod
2013-05-17 17:46:02    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 17:46:02    --------    d-----w-    C:\Program Files\iTunes
2013-05-17 17:46:02    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-05-15 19:10:10    --------    d-----w-    C:\Users\Aaron\AppData\Roaming\Motorola
2013-05-15 19:09:15    --------    d-----w-    C:\Program Files\Common Files\Motorola Shared
2013-05-15 19:09:12    --------    d-----w-    C:\Program Files (x86)\Motorola
2013-05-15 18:47:52    9460464    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0BB9B340-F9D9-4FA6-82F8-BA2E671B1C4D}\mpengine.dll
2013-05-15 18:37:58    1767424    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-05-15 18:37:57    2242048    ----a-w-    C:\windows\System32\wininet.dll
2013-05-12 14:24:02    --------    d-----w-    C:\Program Files (x86)\2K Games
2013-05-06 21:59:22    --------    d-----w-    C:\Users\Aaron\AppData\Roaming\Groovedown_Uninstall
2013-05-06 21:59:22    --------    d-----w-    C:\Users\Aaron\AppData\Roaming\Groovedown
2013-05-04 20:51:10    --------    d-sh--w-    C:\$RECYCLE.BIN
.
==================== Find3M  ====================
.
2013-05-16 17:09:54    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 17:09:54    692104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07    72016    ----a-w-    C:\windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07    65336    ----a-w-    C:\windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07    189936    ----a-w-    C:\windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07    1025808    ----a-w-    C:\windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06    80816    ----a-w-    C:\windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37    41664    ----a-w-    C:\windows\avastSS.scr
2013-05-02 05:06:08    278800    ------w-    C:\windows\System32\MpSigStub.exe
2013-04-18 02:04:22    108448    ----a-w-    C:\windows\System32\WindowsAccessBridge-64.dll
2013-04-18 02:04:21    971680    ----a-w-    C:\windows\System32\deployJava1.dll
2013-04-18 02:04:21    1092512    ----a-w-    C:\windows\System32\npdeployJava1.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\windows\System32\win32k.sys
2013-04-05 06:50:36    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-04-05 06:50:31    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-04-05 06:50:31    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-04-05 05:26:26    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-04-05 04:29:45    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 17:50:32    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-04-04 08:35:05    95648    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04:06    5550424    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-03-19 05:53:58    48640    ----a-w-    C:\windows\System32\wwanprotdim.dll
2013-03-19 05:53:58    230400    ----a-w-    C:\windows\System32\wwansvc.dll
2013-03-19 05:46:56    43520    ----a-w-    C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\windows\System32\smss.exe
2013-03-06 01:05:06    861088    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-03-06 01:05:06    782240    ----a-w-    C:\windows\SysWow64\deployJava1.dll
.
============= FINISH: 15:09:49.67 ===============
 

 

 

 



#3 The Mighty Quinn

The Mighty Quinn

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 31 May 2013 - 01:27 PM

I just checked IE out of curiosity & the same thing happened with that as well. In the Internet options, "proxy server" was checked off, with the address set to "local host" and the port was "21320". ( I have a screenshot if needed)

 

--Sorry to keep writing, I'm not sure if this is helpful or not. Thanks again for having a look :)

 

--EDIT : After some digging, it looks like it may be due to Spybot 2.1 having an integrated proxy. The same thing happened to a guy who just installed it.


Edited by The Mighty Quinn, 31 May 2013 - 01:40 PM.


#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,218 posts

Posted 01 June 2013 - 08:01 PM

You maybe right. 
Bring up Spybot-S&D. Open the Settings section and go to the Settings page. Locate the Use proxy entry in the Automation – Web update category, and disable it. If you cannot see the Settings section, start Spybot-S&D in advanced mode (see your Start menu group for Spybot-S&D).

Please create a Restore point. Give it a description like "Before AdwCleaner". How to create Restore Point.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 The Mighty Quinn

The Mighty Quinn

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 02 June 2013 - 10:21 AM

Hi cnm,

 

 

I couldn't find the "Automation – Web update" category in the settings, but I found the "use Spybot proxy" in the "Internet Protection" tab. I unchecked it like you asked.

 

-- Just for an experiment, I re-enabled the Spybot proxy, and restarted the computer...just to see if the proxy error message would pop up again. When I tried IE it popped up, but Firefox was working normally. Just thought that was kind of interesting, and now I'm paranoid again haha.

 

Here is the log you asked for. Thanks again!!

 

 

 

# AdwCleaner v2.301 - Logfile created 06/02/2013 at 11:51:30
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Aaron - KOOLROCK-SKI
# Boot Mode : Normal
# Running from : C:\Users\Aaron\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\ProgramData\adawaretb
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Users\Aaron\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cdyqsb3p.default\adawaretb
Folder Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cdyqsb3p.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cdyqsb3p.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1696 octets] - [02/06/2013 11:51:30]

########## EOF - C:\AdwCleaner[S1].txt - [1756 octets] ##########
 



#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,218 posts

Posted 02 June 2013 - 10:30 AM

Are things normal now?  Does your proxy stop being changed?  Is IE normal with Spybot proxy disabled?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 The Mighty Quinn

The Mighty Quinn

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 02 June 2013 - 10:39 AM

Yep! The proxy isn't popping up anymore, & IE is normal when the proxy is disabled :)  I'm just trying to re-create the Firefox proxy error with the Spybot Proxy lol. I keep telling myself that someone changed it remotely, even though nothing was found; just because activating the Spybot proxy doesn't affect it. Weird, I know!! lol.

 

-- I was looking around about the grusskartencenter.com entry that the Adwcleaner found, and came across a tool called "RogueKiller". -- Would it be okay to run that? Or would you stay away from it?

 

Thanks so much for all of you help! :)



#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,218 posts

Posted 02 June 2013 - 11:05 AM

RogueKiller is a good program and no harm running it, although I don't see any sign of rogue.  Usually a rogue will pop up something demanding that you pay to have malware removed.  A grusskartencenter key was found but it was just a leftover.
 
Download RogueKiller (by tigzy) and save it to your the desktop

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad

 

After that:
Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 The Mighty Quinn

The Mighty Quinn

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 02 June 2013 - 11:27 AM

Ohhhhh I see!

 

Here is the RogueKiller log :)  I'll run Combofix right after I post this.

 

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aaron [Admin rights]
Mode : Scan -- Date : 06/02/2013 13:23:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSX ATA Device +++++
--- User ---
[MBR] 6da937e1db42d88e3b3585b9b07998b7
[BSP] e6c0ad5271b35b125a50d0f3bc1d7d80 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 596964 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1225656320 | Size: 12015 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06022013_02d1323.txt >>
RKreport[1]_S_06022013_02d1323.txt


 



#10 The Mighty Quinn

The Mighty Quinn

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 02 June 2013 - 11:58 AM

Heres' the ComboFix log :)

 

 

 

ComboFix 13-06-02.02 - Aaron 02/06/2013  13:32:32.12.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.3891.2547 [GMT -3:00]
Running from: c:\users\Aaron\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-02 to 2013-06-02  )))))))))))))))))))))))))))))))
.
.
2013-06-02 16:41 . 2013-06-02 16:41    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-06-02 16:41 . 2013-06-02 16:41    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-31 19:11 . 2013-05-31 19:12    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-05-31 19:03 . 2013-05-31 19:03    --------    d-----w-    c:\programdata\Ad-Aware Antivirus
2013-05-31 19:00 . 2013-05-31 19:00    --------    d-----w-    c:\programdata\Lavasoft
2013-05-31 19:00 . 2013-05-31 19:03    --------    d-----w-    c:\program files (x86)\Ad-Aware Antivirus
2013-05-31 18:59 . 2013-05-31 18:59    --------    d-----w-    c:\programdata\Downloaded Installations
2013-05-31 18:59 . 2013-05-31 18:59    --------    d-----w-    c:\users\Aaron\AppData\Local\adawarebp
2013-05-31 18:59 . 2013-05-31 18:59    --------    d-----w-    c:\programdata\Ad-Aware Browsing Protection
2013-05-31 18:59 . 2013-05-31 18:59    --------    d-----w-    c:\program files (x86)\Toolbar Cleaner
2013-05-31 18:57 . 2013-05-31 18:57    --------    d-----w-    c:\users\Aaron\AppData\Roaming\LavasoftStatistics
2013-05-31 18:56 . 2013-05-31 18:57    14456    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-05-31 18:56 . 2013-05-31 18:57    47496    ----a-w-    c:\windows\system32\sbbd.exe
2013-05-31 18:56 . 2013-05-31 23:05    --------    d-----w-    c:\users\Aaron\AppData\Roaming\Ad-Aware Antivirus
2013-05-31 16:35 . 2013-05-31 16:35    --------    d-----w-    c:\users\Aaron\AppData\Roaming\SUPERAntiSpyware.com
2013-05-31 16:34 . 2013-05-31 16:34    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-05-28 20:48 . 2009-01-25 16:14    17272    ----a-w-    c:\windows\system32\sdnclean64.exe
2013-05-28 20:48 . 2013-05-28 20:48    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2013-05-26 00:37 . 2013-05-26 00:37    --------    d-----w-    c:\users\Aaron\.thumbnails
2013-05-26 00:33 . 2013-05-26 00:33    --------    d-----w-    c:\users\Aaron\AppData\Local\fontconfig
2013-05-26 00:33 . 2013-05-26 01:11    --------    d-----w-    c:\users\Aaron\.gimp-2.8
2013-05-26 00:33 . 2013-05-26 00:33    --------    d-----w-    c:\users\Aaron\AppData\Local\gegl-0.2
2013-05-26 00:23 . 2013-05-26 00:24    --------    d-----w-    c:\program files\GIMP 2
2013-05-17 17:46 . 2013-05-17 17:46    --------    d-----w-    c:\program files\iPod
2013-05-17 17:46 . 2013-05-17 17:46    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 17:46 . 2013-05-17 17:46    --------    d-----w-    c:\program files\iTunes
2013-05-17 17:46 . 2013-05-17 17:46    --------    d-----w-    c:\program files (x86)\iTunes
2013-05-15 19:10 . 2013-05-15 19:10    --------    d-----w-    c:\users\Aaron\AppData\Roaming\Motorola
2013-05-15 19:09 . 2013-05-15 19:09    --------    d-----w-    c:\program files\Common Files\Motorola Shared
2013-05-15 19:09 . 2013-05-15 19:19    --------    d-----w-    c:\program files (x86)\Motorola
2013-05-15 18:47 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB9B340-F9D9-4FA6-82F8-BA2E671B1C4D}\mpengine.dll
2013-05-15 18:37 . 2013-04-05 06:50    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-05-15 18:37 . 2013-04-05 05:28    1767424    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-05-15 18:37 . 2013-04-05 06:52    2242048    ----a-w-    c:\windows\system32\wininet.dll
2013-05-15 18:37 . 2013-04-05 06:50    19231232    ----a-w-    c:\windows\system32\mshtml.dll
2013-05-15 18:37 . 2013-04-05 06:50    15404032    ----a-w-    c:\windows\system32\ieframe.dll
2013-05-12 14:24 . 2013-05-12 14:49    --------    d-----w-    c:\users\Aaron\AppData\Roaming\InstallShield Installation Information
2013-05-12 14:24 . 2013-05-12 14:24    --------    d-----w-    c:\program files (x86)\2K Games
2013-05-12 02:06 . 2013-05-12 02:06    --------    d-----w-    c:\users\Aaron\AppData\Roaming\InstallShield
2013-05-06 21:59 . 2013-05-06 21:59    --------    d-----w-    c:\users\Aaron\AppData\Roaming\Groovedown
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 17:09 . 2013-04-23 15:56    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 17:09 . 2013-04-23 15:56    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 18:45 . 2011-03-08 21:31    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-09 08:59 . 2013-03-06 00:48    189936    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-06 00:48    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-02-25 01:37    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2011-03-08 21:06    378432    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-03-08 21:05    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-03-08 21:05    1025808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2011-03-08 21:06    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2011-03-08 21:05    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2011-03-08 21:05    41664    ----a-w-    c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-03-08 21:05    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-05-02 05:06 . 2011-03-08 21:12    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-18 02:04 . 2013-04-18 02:04    108448    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-18 02:04 . 2013-04-18 02:04    311200    ----a-w-    c:\windows\system32\javaws.exe
2013-04-18 02:04 . 2013-04-18 02:04    188832    ----a-w-    c:\windows\system32\javaw.exe
2013-04-18 02:04 . 2013-04-18 02:04    188320    ----a-w-    c:\windows\system32\java.exe
2013-04-18 02:04 . 2012-01-13 17:06    971680    ----a-w-    c:\windows\system32\deployJava1.dll
2013-04-18 02:04 . 2012-01-13 17:06    1092512    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-04-13 05:49 . 2013-05-15 18:36    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 18:36    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 18:36    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 18:36    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 18:36    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:36    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-29 17:07    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 17:50 . 2011-03-19 23:54    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-04 08:35 . 2013-04-18 02:08    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-20 03:23 . 2013-03-20 03:23    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-03-20 03:23 . 2013-03-20 03:23    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-03-20 03:23 . 2013-03-20 03:23    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-03-20 03:23 . 2013-03-20 03:23    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-03-20 03:23 . 2013-03-20 03:23    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-03-20 03:23 . 2013-03-20 03:23    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-03-20 03:23 . 2013-03-20 03:23    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-20 03:23 . 2013-03-20 03:23    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-03-20 03:23 . 2013-03-20 03:23    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-03-20 03:23 . 2013-03-20 03:23    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-03-20 03:23 . 2013-03-20 03:23    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-20 03:23 . 2013-03-20 03:23    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-03-20 03:23 . 2013-03-20 03:23    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-03-20 03:23 . 2013-03-20 03:23    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-03-20 03:23 . 2013-03-20 03:23    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-03-20 03:23 . 2013-03-20 03:23    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-03-20 03:23 . 2013-03-20 03:23    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-03-20 03:23 . 2013-03-20 03:23    441856    ----a-w-    c:\windows\system32\html.iec
2013-03-20 03:23 . 2013-03-20 03:23    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-03-20 03:23 . 2013-03-20 03:23    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-03-20 03:23 . 2013-03-20 03:23    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-03-20 03:23 . 2013-03-20 03:23    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-20 03:23 . 2013-03-20 03:23    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-03-20 03:23 . 2013-03-20 03:23    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-03-20 03:23 . 2013-03-20 03:23    235008    ----a-w-    c:\windows\system32\url.dll
2013-03-20 03:23 . 2013-03-20 03:23    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-03-20 03:23 . 2013-03-20 03:23    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-03-20 03:23 . 2013-03-20 03:23    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-03-20 03:23 . 2013-03-20 03:23    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-03-20 03:23 . 2013-03-20 03:23    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-03-20 03:23 . 2013-03-20 03:23    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-03-20 03:23 . 2013-03-20 03:23    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-03-20 03:23 . 2013-03-20 03:23    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-03-20 03:23 . 2013-03-20 03:23    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-20 03:23 . 2013-03-20 03:23    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-03-20 03:23 . 2013-03-20 03:23    149504    ----a-w-    c:\windows\system32\occache.dll
2013-03-20 03:23 . 2013-03-20 03:23    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-03-20 03:23 . 2013-03-20 03:23    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-03-20 03:23 . 2013-03-20 03:23    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-03-20 03:23 . 2013-03-20 03:23    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-03-20 03:23 . 2013-03-20 03:23    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-03-20 03:23 . 2013-03-20 03:23    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-03-20 03:23 . 2013-03-20 03:23    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-03-20 03:23 . 2013-03-20 03:23    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-03-20 03:23 . 2013-03-20 03:23    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-03-20 03:23 . 2013-03-20 03:23    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-03-20 03:23 . 2013-03-20 03:23    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-03-20 03:23 . 2013-03-20 03:23    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-20 03:23 . 2013-03-20 03:23    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-03-20 02:36 . 2013-03-20 02:36    388096    ----a-r-    c:\users\Aaron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-19 06:04 . 2013-04-10 02:01    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 02:01    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 02:01    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 02:01    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 02:01    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 02:01    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-06 01:05 . 2012-05-27 15:01    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 01:05 . 2011-03-09 02:01    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 SBRE;SBRE; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
R3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm64.sys [2012-11-01 87968]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-10-31 403416]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-25 1255736]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-29 249200]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-31 14456]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-10-22 413448]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-10-31 347016]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-07 143088]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-03-18 1236336]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-10-23 580728]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-02-06 585728]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-10-23 77144]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-27 1103904]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-10-24 17:10]
.
2012-03-06 c:\windows\Tasks\GlaryUpdate.job
- c:\program files (x86)\Glary Utilities\webupdate.exe [2011-10-24 17:13]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 21:40]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 21:40]
.
2012-11-08 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-08-23 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 508216]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 913720]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 705368]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uInternet Settings,ProxyServer = localhost:21320
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: bell.ca\secureq
TCP: DhcpNameServer = 192.168.2.1 142.177.2.130 192.168.1.1
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cdyqsb3p.default\

FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-22 11:38; {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}; c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cdyqsb3p.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
FF - ExtSQL: 2013-05-01 10:47; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; c:\program files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF - ExtSQL: 2013-05-31 14:04; superstart@enjoyfreeware.org; c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\cdyqsb3p.default\extensions\superstart@enjoyfreeware.org
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-02  13:52:04
ComboFix-quarantined-files.txt  2013-06-02 16:52
.
Pre-Run: 139,448,463,360 bytes free
Post-Run: 139,242,500,096 bytes free
.
- - End Of File - - C5F48C07E7153F1612443B4BD762F947
 



#11 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,218 posts

Posted 02 June 2013 - 12:46 PM

Everything still OK?

 

You are not using a proxy so please do this:

Run RogueKiller again and click Fix Proxy.  Post the log.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#12 The Mighty Quinn

The Mighty Quinn

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 02 June 2013 - 02:34 PM

Yep! Everything seems fine.  -- So, I shouldn't be worried about someone seeing all my data (banking, credit cards, etc.) then?

 

Here's the log after I clicked "Fix Proxy":

 

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aaron [Admin rights]
Mode : Scan -- Date : 06/02/2013 16:30:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSX ATA Device +++++
--- User ---
[MBR] 6da937e1db42d88e3b3585b9b07998b7
[BSP] e6c0ad5271b35b125a50d0f3bc1d7d80 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 596964 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1225656320 | Size: 12015 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06022013_02d1630.txt >>
RKreport[1]_S_06022013_02d1630.txt


 



#13 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,218 posts

Posted 02 June 2013 - 02:42 PM

There is no indication of anything having run that could steal your info - but of course it never hurts to change your passwords.  Use long ones, 12 or more characters, and don't use the same one for more than one site.
 
I think you are in good shape now and can please clean up our tools:
Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. 

Delete RogueKiller, the DDS files, and Security Check folder from your Desktop.

 

Run AdwCleaner and click Uninstall.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#14 The Mighty Quinn

The Mighty Quinn

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 02 June 2013 - 03:30 PM

Done & done! Thanks so much for your help again, cnm. I really appreciate it! :)



#15 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,218 posts

Posted 02 June 2013 - 04:34 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button