Jump to content

kleddon

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. kleddon
    Hey Borislav, thanks for all your help buddie. I thought I was going to go to bed as I was so burned out. but, being as stubborn as I am I finally go rid of all the viruses I was finally able to uninstall "cloud-connect.exe then I could go to bed... It was bugging me that I could get rid of that thing. just thinking about it would have kept me from sleeping.. All my issues seem to have been resolved... Computer is running like a dream.... Have a great weekend.. Gratefully Yours, Thank you, Kirk
  2. kleddon
    No I am still get all the other browsers and new tabs opening up with advertisements I will try to do more surfing a little later I just got home from work and I would like to wind down a little and then go to bed... But...I logged out of my gmail account and then logged back in and this new window came up. In the address bar the web address that is hosting the ad pages are almost always coming from this domain: https://www.cloud-connect.net/ So far I have not found out anything about the domain in google search except when I go to the actual domain it's home page is a login page... No I still think something is in this system...it's starting to drive me crazy... any way, thanks for the help and if you have any more ideas I would love to hear (read) them. Kirk
  3. kleddon
    I don't know if I sent you the wrong log in Malwarebytes so I ran it again and here is the latest log after running: Malwarebytes: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.02.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16635 Valued Customer :: VALUEDCUSTOMER [administrator] 8/2/2013 2:41:01 PM mbam-log-2013-08-02 (14-41-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218113 Time elapsed: 3 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. kleddon
    OK, I : uninstalled Advanced SystemCare 6 uninstalled IObit Malware Fighter uninstalled ssafe saovei =================================== Reports ======= Junkware Removal Tool log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.0 (08.02.2013:1) OS: Windows 8 x64 Ran by Valued Customer on Fri 08/02/2013 at 12:48:29.96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} ~~~ Files Failed to delete: [File] "C:\Windows\tasks\amiupdxp.job" Failed to delete: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Valued Customer\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\Valued Customer\appdata\locallow\fast free converter" Failed to delete: [Folder] "C:\Program Files (x86)\fast free converter" ~~~ FireFox Successfully deleted the following from C:\Users\Valued Customer\AppData\Roaming\mozilla\firefox\profiles\mk0a9sxn.default\prefs.js user_pref("extensions.51eeb54840ddc.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top){var script=document.createElement('script');script Emptied folder: C:\Users\Valued Customer\AppData\Roaming\mozilla\firefox\profiles\mk0a9sxn.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 08/02/2013 at 13:09:09.94 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner logs: AdwCleaner[R1]: # AdwCleaner v2.306 - Logfile created 08/02/2013 at 13:36:16 # Updated 19/07/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : Valued Customer - VALUEDCUSTOMER # Boot Mode : Normal # Running from : C:\Users\Valued Customer\Downloads\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Windows\Tasks\AmiUpdXp.job Folder Found : C:\ProgramData\ssafe saovei Folder Found : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkfmafhpfnolkpgnokmbilolpjbkmacb Folder Found : C:\Users\Valued Customer\AppData\LocalLow\ssafe saovei Folder Found : C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\q8kbfwc@wsrzhxag.co.uk ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44A97EB3-B3EA-2DD5-2A9E-4334F6400862} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44A97EB3-B3EA-2DD5-2A9E-4334F6400862} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\prefs.js Found : user_pref("extensions.51eeb54840ddc.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && [...] -\\ Google Chrome v28.0.1500.95 File : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3384 octets] - [02/08/2013 13:36:16] ########## EOF - C:\AdwCleaner[R1].txt - [3444 octets] ########## ====================================================================== AdwCleaner[s1]: # AdwCleaner v2.306 - Logfile created 08/02/2013 at 13:37:04 # Updated 19/07/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : Valued Customer - VALUEDCUSTOMER # Boot Mode : Normal # Running from : C:\Users\Valued Customer\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ======================================================================== Malwarebytes' Anti-Malware log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.02.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16635 Valued Customer :: VALUEDCUSTOMER [administrator] 8/2/2013 1:44:10 PM MBAM-log-2013-08-02 (13-53-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217922 Time elapsed: 3 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 8 HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken. HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0} (PUP.Optional.Amonetize) -> No action taken. HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} (PUP.Optional.Amonetize) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\ProgramData\ssafe saovei\51eeb54840ebf.dll (PUP.Optional.MultiPlug.A) -> No action taken. C:\Users\Valued Customer\AppData\Local\Temp\ikfGKK43.exe.part (PUP.Optional.AirInstaller) -> No action taken. C:\Users\Valued Customer\AppData\Local\Temp\Launcher__2594_il2308652.exe (PUP.Optional.Amonetize) -> No action taken. C:\Users\Valued Customer\Downloads\Launcher__2594_il2308652.exe (PUP.Optional.Amonetize) -> No action taken. C:\Users\Valued Customer\Downloads\setup.exe (PUP.Optional.Ibryte) -> No action taken. C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken. (end) =================================================================================== I did know if you wanted both logs for DDS so I am posting them both: Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume1 Install Date: 6/16/2013 4:38:25 PM System Uptime: 8/2/2013 1:56:14 PM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2P Processor: AMD FX-4100 Quad-Core Processor | Socket M2 | 3600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 869.813 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 466 GiB total, 142.858 GiB free. F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Photosmart Plus B209a-m Device ID: USB\VID_03F0&PID_7E11&MI_00\6&10456A54&0&0000 Manufacturer: Name: Photosmart Plus B209a-m PNP Device ID: USB\VID_03F0&PID_7E11&MI_00\6&10456A54&0&0000 Service: . ==== System Restore Points =================== . RP8: 7/17/2013 1:18:52 AM - Windows Update RP9: 7/24/2013 11:20:20 AM - Scheduled Checkpoint RP10: 8/1/2013 10:05:19 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . 7-Zip 9.22beta Adobe AIR Adobe Flash Player 11 Plugin Adobe Photoshop CS6 Adobe Reader XI (11.0.03) Adobe Shockwave Player 12.0 avast! Free Antivirus Camtasia Studio 7 CCleaner Citrix Online Launcher Classic Shell Comodo Dragon COMODO Firewall Content Transfer Core FTP LE CurationSoft EasyBanner Flash 5.0 Fast Free Converter GeekBuddy Google Chrome Google Drive Google Update Helper GoToMeeting 5.8.0.1189 Java 7 Update 25 Java 7 Update 25 (64-bit) Java Auto Updater K-Lite Codec Pack 9.9.5 (64-bit) K-Lite Codec Pack 9.9.5 (Full) LastPass(uninstall only) List Manager 2.0 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.7 (x86 en-US) Net Extractor Notepad++ NWZ-S540 WALKMAN Guide OpenOffice.org 3.4.1 PDF Settings CS6 Quick Tab Change 2.0 RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer RealUpgrade 1.1 Samsung Master Skype Click to Call Skype™ 6.6 Social Lead Fox Start Menu 8 SUPERAntiSpyware swMSM TC Web Conferencing VLC media player 2.0.7 . ==== Event Viewer Messages From Past Week ======== . 8/2/2013 12:36:42 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s). 8/2/2013 1:56:16 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''. 8/1/2013 8:28:15 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107. 8/1/2013 8:28:15 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 8/1/2013 11:42:47 AM, Error: Service Control Manager [7030] - The FastFreeConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/1/2013 11:42:41 AM, Error: Service Control Manager [7034] - The COMODO Dragon Update Service service terminated unexpectedly. It has done this 1 time(s). 7/28/2013 1:02:56 AM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S5). This can result in reduced resume performance. . ==== End Of File =========================== DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.25.2 Run by Valued Customer at 14:28:36 on 2013-08-02 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3582.2130 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275} FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Classic Shell\ClassicShellService.exe C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhostex.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files\COMODO\COMODO Internet Security\cistray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\COMODO\COMODO Internet Security\cis.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Fast Free Converter 4.1: {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [AdobeBridge] <no file> mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe IE: LastPass - C:\Users\Valued Customer\AppData\LocalLow\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Users\Valued Customer\AppData\LocalLow\LastPass\context.html?cmd=fillforms IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 97.64.183.164 97.64.209.37 TCP: Interfaces\{01253CC7-4906-40F3-93E3-E21189EF5046} : DHCPNameServer = 192.168.0.100 TCP: Interfaces\{0FA670D7-CEA1-475F-BCE8-DF9B8076DFA3} : NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{0FA670D7-CEA1-475F-BCE8-DF9B8076DFA3} : DHCPNameServer = 97.64.183.164 97.64.209.37 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Users\Valued Customer\AppData\Local\Citrix\Plugins\104\npappdetector.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-19 15:23; support@lastpass.com; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\support@lastpass.com FF - ExtSQL: 2013-06-19 16:20; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2013-06-19 21:15; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2013-06-22 15:50; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2013-06-29 01:15; {dc572301-7619-498c-a57d-39143191b318}; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi FF - ExtSQL: 2013-07-23 11:55; q8kbfwc@wsrzhxag.co.uk; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\q8kbfwc@wsrzhxag.co.uk . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-19 65336] R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-19 189936] R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-19 1030952] R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-19 378944] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-4-15 23168] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-4-15 713776] R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-4-15 37560] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-19 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-19 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-19 46808] R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-7-24 70352] R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752] R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2012-11-26 687104] R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-5-30 1851088] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472] R2 StartMenuService;StartMenu8 Service;C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [2013-7-18 75584] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864] R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\Drivers\RTL8192su.sys [2012-6-2 693864] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-08-02 17:48:28 -------- d-----w- C:\Windows\ERUNT 2013-08-01 16:42:49 -------- d-----w- C:\Program Files (x86)\File Type Helper 2013-08-01 16:42:45 -------- d-----w- C:\Program Files (x86)\Fast Free Converter 2013-08-01 15:46:47 -------- d-----w- C:\Users\Valued Customer\AppData\Local\PDF24 2013-08-01 14:16:01 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin 2013-07-31 19:34:47 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\QuickScan 2013-07-30 15:58:10 -------- d-----w- C:\Users\Valued Customer\AppData\Local\ElevatedDiagnostics 2013-07-26 01:56:09 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO 2013-07-25 14:00:16 -------- d-----w- C:\Users\Valued Customer\AppData\Local\TechSmith 2013-07-23 16:55:15 -------- d-----w- C:\ProgramData\StarApp 2013-07-23 16:55:03 -------- d-----w- C:\ProgramData\ssafe saovei 2013-07-23 16:52:59 -------- d-----w- C:\ProgramData\InstallMate 2013-07-17 08:43:30 8704 ----a-w- C:\Windows\SysWow64\vidccleaner.exe 2013-07-17 08:43:30 77824 ----a-w- C:\Windows\SysWow64\xvid.ax 2013-07-17 08:43:30 765952 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2013-07-17 08:43:30 180224 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2013-07-17 08:43:09 217088 ----a-w- C:\Windows\SysWow64\skjpeg40.dll 2013-07-17 08:43:08 83968 ----a-w- C:\Windows\SysWow64\Skbase40.dll 2013-07-17 08:43:07 -------- d-----w- C:\Program Files (x86)\Samsung 2013-07-12 19:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-07-12 19:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2013-07-08 20:59:58 713776 ----a-w- C:\Windows\System32\drivers\cmdguard.sys 2013-07-08 17:34:39 499712 ----a-w- C:\Windows\iwexec.exe 2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-27 21:20:30 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-06-27 21:20:30 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-06-20 08:20:44 56072 ----a-w- C:\Windows\System32\certsentry.dll 2013-06-20 08:20:44 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll 2013-06-20 08:20:35 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2013-06-19 21:38:32 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-06-19 20:23:04 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe 2013-06-19 17:22:40 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-19 17:22:39 972712 ----a-w- C:\Windows\System32\deployJava1.dll 2013-06-19 17:22:39 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-06-19 17:21:07 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-19 17:21:05 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-19 17:21:05 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-18 15:16:16 37560 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2013-06-18 15:16:14 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2013-06-18 15:15:49 43216 ----a-w- C:\Windows\System32\cmdcsr.dll 2013-06-18 15:15:47 348584 ----a-w- C:\Windows\SysWow64\guard32.dll 2013-06-18 15:15:46 437688 ----a-w- C:\Windows\System32\guard64.dll 2013-06-18 15:15:38 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll 2013-06-18 15:15:38 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll 2013-06-18 15:15:35 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll 2013-06-18 15:15:34 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll 2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-06-16 21:33:47 0 ----a-w- C:\Windows\ativpsrm.bin 2013-06-13 06:09:14 55496 ----a-w- C:\Windows\SysWow64\offreg.dll 2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe 2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS 2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys 2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe 2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll 2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll 2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll 2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll 2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll 2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe 2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe 2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll 2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll 2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll 2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll 2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll 2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll 2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll 2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll 2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll 2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll 2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll 2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys 2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys 2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi 2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe 2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi 2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe 2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll 2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-05-15 22:35:47 144384 ----a-w- C:\Windows\System32\tssdisai.dll 2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe 2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll 2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe 2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll 2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr . ============= FINISH: 14:29:37.98 =============== That's it! Kirk
  5. kleddon
    I have read all of your instructions and am trying to follow them. When I click links to login to my email accounts and when I am visiting webpages some of the text become hyperlinks to advertising. and when I click on links that that are meant to click on my firefox browser opens the links fine but also opens a new tab with ads. I upgraded both Malwarebytes and Superantispyware and ran them and neither one had found the malware. So as per instructions I downloaded dds.sc and ran it. Here are the two logs it produced on my desktip: dds.txt: ====== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.25.2 Run by Valued Customer at 12:01:30 on 2013-08-02 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3582.2776 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275} FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Classic Shell\ClassicShellService.exe C:\Windows\Explorer.EXE C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhostex.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: ssafe saovei: {44A97EB3-B3EA-2DD5-2A9E-4334F6400862} - C:\ProgramData\ssafe saovei\51eeb54840ebf.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Fast Free Converter 4.1: {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart uRun: [AdobeBridge] <no file> mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe IE: LastPass - C:\Users\Valued Customer\AppData\LocalLow\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Users\Valued Customer\AppData\LocalLow\LastPass\context.html?cmd=fillforms IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 97.64.183.164 97.64.209.37 TCP: Interfaces\{01253CC7-4906-40F3-93E3-E21189EF5046} : DHCPNameServer = 192.168.0.100 TCP: Interfaces\{0FA670D7-CEA1-475F-BCE8-DF9B8076DFA3} : NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{0FA670D7-CEA1-475F-BCE8-DF9B8076DFA3} : DHCPNameServer = 97.64.183.164 97.64.209.37 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Users\Valued Customer\AppData\Local\Citrix\Plugins\104\npappdetector.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-19 15:23; support@lastpass.com; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\support@lastpass.com FF - ExtSQL: 2013-06-19 16:20; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2013-06-19 21:15; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2013-06-22 15:50; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2013-06-23 23:19; ascsurfingprotection@iobit.com; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\ascsurfingprotection@iobit.com FF - ExtSQL: 2013-06-29 01:15; {dc572301-7619-498c-a57d-39143191b318}; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi FF - ExtSQL: 2013-07-23 11:55; q8kbfwc@wsrzhxag.co.uk; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\q8kbfwc@wsrzhxag.co.uk . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-19 65336] R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-19 189936] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-7-18 17720] R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-19 1030952] R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-19 378944] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-4-15 23168] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-4-15 713776] R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-4-15 37560] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-6-23 574272] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-19 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-19 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-19 46808] R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-7-24 70352] R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752] R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2012-11-26 687104] R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-5-30 1851088] R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-7-18 335168] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472] R2 StartMenuService;StartMenu8 Service;C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [2013-7-18 75584] R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-7-18 23048] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864] R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-7-18 34336] R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-7-18 23016] R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\Drivers\RTL8192su.sys [2012-6-2 693864] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-08-01 16:42:49 -------- d-----w- C:\Program Files (x86)\File Type Helper 2013-08-01 16:42:45 -------- d-----w- C:\Program Files (x86)\Fast Free Converter 2013-08-01 16:42:41 -------- d-----w- C:\Users\Valued Customer\AppData\Local\SwvUpdater 2013-08-01 15:46:47 -------- d-----w- C:\Users\Valued Customer\AppData\Local\PDF24 2013-08-01 14:16:01 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin 2013-07-31 19:34:47 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\QuickScan 2013-07-30 15:58:10 -------- d-----w- C:\Users\Valued Customer\AppData\Local\ElevatedDiagnostics 2013-07-26 01:56:09 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO 2013-07-25 14:00:16 -------- d-----w- C:\Users\Valued Customer\AppData\Local\TechSmith 2013-07-23 17:10:36 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe 2013-07-23 16:55:15 -------- d-----w- C:\ProgramData\StarApp 2013-07-23 16:55:03 -------- d-----w- C:\ProgramData\ssafe saovei 2013-07-23 16:52:59 -------- d-----w- C:\ProgramData\InstallMate 2013-07-19 02:35:36 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys 2013-07-17 08:43:30 8704 ----a-w- C:\Windows\SysWow64\vidccleaner.exe 2013-07-17 08:43:30 77824 ----a-w- C:\Windows\SysWow64\xvid.ax 2013-07-17 08:43:30 765952 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2013-07-17 08:43:30 180224 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2013-07-17 08:43:09 217088 ----a-w- C:\Windows\SysWow64\skjpeg40.dll 2013-07-17 08:43:08 83968 ----a-w- C:\Windows\SysWow64\Skbase40.dll 2013-07-17 08:43:07 -------- d-----w- C:\Program Files (x86)\Samsung 2013-07-12 19:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-07-12 19:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-07-03 17:02:19 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe . ==================== Find3M ==================== . 2013-07-08 20:59:58 713776 ----a-w- C:\Windows\System32\drivers\cmdguard.sys 2013-07-08 17:34:39 499712 ----a-w- C:\Windows\iwexec.exe 2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-27 21:20:30 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-06-27 21:20:30 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-06-20 08:20:44 56072 ----a-w- C:\Windows\System32\certsentry.dll 2013-06-20 08:20:44 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll 2013-06-20 08:20:35 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2013-06-19 21:38:32 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-06-19 20:23:04 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe 2013-06-19 17:22:40 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-19 17:22:39 972712 ----a-w- C:\Windows\System32\deployJava1.dll 2013-06-19 17:22:39 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-06-19 17:21:07 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-19 17:21:05 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-19 17:21:05 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-18 15:16:16 37560 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2013-06-18 15:16:14 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2013-06-18 15:15:49 43216 ----a-w- C:\Windows\System32\cmdcsr.dll 2013-06-18 15:15:47 348584 ----a-w- C:\Windows\SysWow64\guard32.dll 2013-06-18 15:15:46 437688 ----a-w- C:\Windows\System32\guard64.dll 2013-06-18 15:15:38 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll 2013-06-18 15:15:38 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll 2013-06-18 15:15:35 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll 2013-06-18 15:15:34 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll 2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-06-16 21:33:47 0 ----a-w- C:\Windows\ativpsrm.bin 2013-06-13 06:09:14 55496 ----a-w- C:\Windows\SysWow64\offreg.dll 2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe 2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS 2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys 2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe 2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll 2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll 2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll 2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll 2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll 2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe 2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe 2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll 2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll 2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll 2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll 2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll 2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll 2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll 2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll 2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll 2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll 2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll 2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys 2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys 2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi 2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe 2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi 2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe 2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll 2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-05-15 22:35:47 144384 ----a-w- C:\Windows\System32\tssdisai.dll 2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe 2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll 2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe 2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll 2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr . ============= FINISH: 12:02:46.30 =============== Attach.txt; ========= . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume1 Install Date: 6/16/2013 4:38:25 PM System Uptime: 8/2/2013 9:10:23 AM (3 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2P Processor: AMD FX-4100 Quad-Core Processor | Socket M2 | 3600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 869.892 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 466 GiB total, 142.858 GiB free. F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Photosmart Plus B209a-m Device ID: USB\VID_03F0&PID_7E11&MI_00\6&10456A54&0&0000 Manufacturer: Name: Photosmart Plus B209a-m PNP Device ID: USB\VID_03F0&PID_7E11&MI_00\6&10456A54&0&0000 Service: . ==== System Restore Points =================== . RP8: 7/17/2013 1:18:52 AM - Windows Update RP9: 7/24/2013 11:20:20 AM - Scheduled Checkpoint RP10: 8/1/2013 10:05:19 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . 7-Zip 9.22beta Adobe AIR Adobe Flash Player 11 Plugin Adobe Photoshop CS6 Adobe Reader XI (11.0.03) Adobe Shockwave Player 12.0 Advanced SystemCare 6 avast! Free Antivirus Camtasia Studio 7 CCleaner Citrix Online Launcher Classic Shell Comodo Dragon COMODO Firewall Content Transfer Core FTP LE CurationSoft EasyBanner Flash 5.0 Fast Free Converter GeekBuddy Google Chrome Google Drive Google Update Helper GoToMeeting 5.8.0.1189 IObit Malware Fighter Java 7 Update 25 Java 7 Update 25 (64-bit) Java Auto Updater K-Lite Codec Pack 9.9.5 (64-bit) K-Lite Codec Pack 9.9.5 (Full) LastPass(uninstall only) List Manager 2.0 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.7 (x86 en-US) Net Extractor Notepad++ NWZ-S540 WALKMAN Guide OpenOffice.org 3.4.1 PDF Settings CS6 Quick Tab Change 2.0 RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer RealUpgrade 1.1 Samsung Master Skype Click to Call Skype™ 6.6 Smart Defrag 2 Social Lead Fox Software Version Updater ssafe saovei Start Menu 8 SUPERAntiSpyware swMSM TC Web Conferencing VLC media player 2.0.7 . ==== Event Viewer Messages From Past Week ======== . 8/2/2013 9:33:02 AM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s). 8/2/2013 9:10:27 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''. 8/1/2013 8:28:15 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107. 8/1/2013 8:28:15 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 8/1/2013 11:42:47 AM, Error: Service Control Manager [7030] - The FastFreeConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/1/2013 11:42:41 AM, Error: Service Control Manager [7034] - The COMODO Dragon Update Service service terminated unexpectedly. It has done this 1 time(s). 7/28/2013 1:02:56 AM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S5). This can result in reduced resume performance. . ==== End Of File =========================== Thanks in advance Kirk
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.