It was suggested to post the HijackThis file here.
Please help and take it slow, I am a noob at this.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:54:38 PM, on 15-Oct-14
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17278)
FIREFOX: 33.0 (x86 nl)
Boot mode: Normal
Running processes:
C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
C:UsersToshAppDataRoaminguTorrentuTorrent.exe
C:Program Files (x86)TOSHIBAPasswordUtilityreadLM.exe
C:Program Files (x86)AVGAVG2014avgui.exe
C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe
C:WindowsSysWOW64ctfmon.exe
C:Program Files (x86)SRWare Ironchrome.exe
C:Program Files (x86)SRWare Ironchrome.exe
C:Program Files (x86)SRWare Ironchrome.exe
C:Program Files (x86)SRWare Ironchrome.exe
C:Program Files (x86)SRWare Ironchrome.exe
C:Program Files (x86)SRWare Ironchrome.exe
C:Program Files (x86)SRWare Ironchrome.exe
C:UsersToshAppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.exe
C:Program Files (x86)SRWare Ironchrome.exe
C:Program Files (x86)SRWare Ironchrome.exe
C:UsersToshDownloadsHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://toshiba13.msn.com/?pc=TEJB
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?Lin…
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://www.google.nl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/p/?L…
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin…
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?Lin…
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/p/?L…
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 – REG:system.ini: UserInit=userinit.exe
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: URLRedirectionBHO – {B4F3A835-0E21-4959-BA22-42B3008E02FF} – C:PROGRA~2MICROS~1Office15URLREDIR.DLL
O2 – BHO: Microsoft SkyDrive Pro Browser Helper – {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} – C:PROGRA~2MICROS~1Office15GROOVEEX.DLL
O4 – HKLM..Run: [AmIcoSinglun64] “C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe”
O4 – HKLM..Run: [1.TPUReg] “C:Program Files (x86)TOSHIBAPasswordUtilityreadLM.exe”
O4 – HKLM..Run: [TSVU] “c:Program FilesTOSHIBATOSHIBA Smart View UtilityTosSmartViewLauncher.exe”
O4 – HKLM..Run: [AVG_UI] “C:Program Files (x86)AVGAVG2014avgui.exe” /TRAYONLY
O4 – HKLM..Run: [EEventManager] “C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe”
O4 – HKLM..Run: [QuickTime Task] “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
O4 – HKLM..Run: [Corel Photo Downloader] “C:Program Files (x86)Common FilesCorelCorel PhotoDownloaderCorel PhotoDownloader.exe” -startup
O4 – HKLM..Run: [AdobeCS6ServiceManager] “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
O4 – HKCU..Run: [Spotify Web Helper] “C:Program Files (x86)SpotifyDataSpotifyWebHelper.exe”
O4 – HKCU..Run: [Akamai NetSession Interface] “C:UsersToshAppDataLocalAkamainetsession_win.exe”
O4 – HKCU..Run: [uTorrent] “C:UsersToshAppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
O4 – HKCU..Run: [Epic Privacy Browser Update] “C:UsersToshAppDataLocalEpic Privacy BrowserUpdateEpicUpdate.exe” /c
O4 – HKCU..Run: [EPLTargetP0000000000000000] C:Windowssystem32spoolDRIVERSx643E_IATILFE.EXE /EPT “EPLTargetP0000000000000000” /M “XP-312 313 315 Series”
O4 – HKCU..Run: [EPLTargetP0000000000000001] C:Windowssystem32spoolDRIVERSx643E_IATILFE.EXE /EPT “EPLTargetP0000000000000001” /M “XP-312 313 315 Series”
O4 – HKCU..Run: [EPLTargetP0000000000000002] C:Windowssystem32spoolDRIVERSx643E_IATILFE.EXE /EPT “EPLTargetP0000000000000002” /M “XP-312 313 315 Series”
O4 – HKCU..Run: [EPLTargetP0000000000000003] C:Windowssystem32spoolDRIVERSx643E_IATILFE.EXE /EPT “EPLTargetP0000000000000003” /M “XP-312 313 315 Series”
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD…
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif
I did not run Debut Video Capture Software, down the bottom of the Sofdtpedia page it says this.
Users are advised to pay attention while installing this ad-supported application:
Offers to change the homepage for web browsers installed in the system
Offers to change the default search engine for web browsers installed in the system
Offers to download or install software or components (such as browser toolbars) that the program does not require to fully function
http://www.softpedia.com/get/Multim…
Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System…
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.
You are now clean. Am I being hacked, I doubt it, will deal with that soon.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD…
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif
I did not run Debut Video Capture Software, down the bottom of the Sofdtpedia page it says this.
Users are advised to pay attention while installing this ad-supported application:
Offers to change the homepage for web browsers installed in the system
Offers to change the default search engine for web browsers installed in the system
Offers to download or install software or components (such as browser toolbars) that the program does not require to fully function
http://www.softpedia.com/get/Multim…
Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System…
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.