OK, I : uninstalled Advanced SystemCare 6 uninstalled IObit Malware Fighter uninstalled ssafe saovei =================================== Reports ======= Junkware Removal Tool log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.0 (08.02.2013:1) OS: Windows 8 x64 Ran by Valued Customer on Fri 08/02/2013 at 12:48:29.96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1 Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} ~~~ Files Failed to delete: [File] "C:\Windows\tasks\amiupdxp.job" Failed to delete: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Valued Customer\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\Valued Customer\appdata\locallow\fast free converter" Failed to delete: [Folder] "C:\Program Files (x86)\fast free converter" ~~~ FireFox Successfully deleted the following from C:\Users\Valued Customer\AppData\Roaming\mozilla\firefox\profiles\mk0a9sxn.default\prefs.js user_pref("extensions.51eeb54840ddc.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top){var script=document.createElement('script');script Emptied folder: C:\Users\Valued Customer\AppData\Roaming\mozilla\firefox\profiles\mk0a9sxn.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 08/02/2013 at 13:09:09.94 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner logs: AdwCleaner[R1]: # AdwCleaner v2.306 - Logfile created 08/02/2013 at 13:36:16 # Updated 19/07/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : Valued Customer - VALUEDCUSTOMER # Boot Mode : Normal # Running from : C:\Users\Valued Customer\Downloads\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Windows\Tasks\AmiUpdXp.job Folder Found : C:\ProgramData\ssafe saovei Folder Found : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkfmafhpfnolkpgnokmbilolpjbkmacb Folder Found : C:\Users\Valued Customer\AppData\LocalLow\ssafe saovei Folder Found : C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\q8kbfwc@wsrzhxag.co.uk ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44A97EB3-B3EA-2DD5-2A9E-4334F6400862} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44A97EB3-B3EA-2DD5-2A9E-4334F6400862} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\prefs.js Found : user_pref("extensions.51eeb54840ddc.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && [...] -\\ Google Chrome v28.0.1500.95 File : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3384 octets] - [02/08/2013 13:36:16] ########## EOF - C:\AdwCleaner[R1].txt - [3444 octets] ########## ====================================================================== AdwCleaner[s1]: # AdwCleaner v2.306 - Logfile created 08/02/2013 at 13:37:04 # Updated 19/07/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : Valued Customer - VALUEDCUSTOMER # Boot Mode : Normal # Running from : C:\Users\Valued Customer\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ======================================================================== Malwarebytes' Anti-Malware log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.02.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16635 Valued Customer :: VALUEDCUSTOMER [administrator] 8/2/2013 1:44:10 PM MBAM-log-2013-08-02 (13-53-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217922 Time elapsed: 3 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 8 HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken. HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0} (PUP.Optional.Amonetize) -> No action taken. HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} (PUP.Optional.Amonetize) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\ProgramData\ssafe saovei\51eeb54840ebf.dll (PUP.Optional.MultiPlug.A) -> No action taken. C:\Users\Valued Customer\AppData\Local\Temp\ikfGKK43.exe.part (PUP.Optional.AirInstaller) -> No action taken. C:\Users\Valued Customer\AppData\Local\Temp\Launcher__2594_il2308652.exe (PUP.Optional.Amonetize) -> No action taken. C:\Users\Valued Customer\Downloads\Launcher__2594_il2308652.exe (PUP.Optional.Amonetize) -> No action taken. C:\Users\Valued Customer\Downloads\setup.exe (PUP.Optional.Ibryte) -> No action taken. C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken. (end) =================================================================================== I did know if you wanted both logs for DDS so I am posting them both: Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume1 Install Date: 6/16/2013 4:38:25 PM System Uptime: 8/2/2013 1:56:14 PM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2P Processor: AMD FX-4100 Quad-Core Processor | Socket M2 | 3600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 869.813 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 466 GiB total, 142.858 GiB free. F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Photosmart Plus B209a-m Device ID: USB\VID_03F0&PID_7E11&MI_00\6&10456A54&0&0000 Manufacturer: Name: Photosmart Plus B209a-m PNP Device ID: USB\VID_03F0&PID_7E11&MI_00\6&10456A54&0&0000 Service: . ==== System Restore Points =================== . RP8: 7/17/2013 1:18:52 AM - Windows Update RP9: 7/24/2013 11:20:20 AM - Scheduled Checkpoint RP10: 8/1/2013 10:05:19 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . 7-Zip 9.22beta Adobe AIR Adobe Flash Player 11 Plugin Adobe Photoshop CS6 Adobe Reader XI (11.0.03) Adobe Shockwave Player 12.0 avast! Free Antivirus Camtasia Studio 7 CCleaner Citrix Online Launcher Classic Shell Comodo Dragon COMODO Firewall Content Transfer Core FTP LE CurationSoft EasyBanner Flash 5.0 Fast Free Converter GeekBuddy Google Chrome Google Drive Google Update Helper GoToMeeting 5.8.0.1189 Java 7 Update 25 Java 7 Update 25 (64-bit) Java Auto Updater K-Lite Codec Pack 9.9.5 (64-bit) K-Lite Codec Pack 9.9.5 (Full) LastPass(uninstall only) List Manager 2.0 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.7 (x86 en-US) Net Extractor Notepad++ NWZ-S540 WALKMAN Guide OpenOffice.org 3.4.1 PDF Settings CS6 Quick Tab Change 2.0 RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer RealUpgrade 1.1 Samsung Master Skype Click to Call Skype™ 6.6 Social Lead Fox Start Menu 8 SUPERAntiSpyware swMSM TC Web Conferencing VLC media player 2.0.7 . ==== Event Viewer Messages From Past Week ======== . 8/2/2013 12:36:42 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s). 8/2/2013 1:56:16 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''. 8/1/2013 8:28:15 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107. 8/1/2013 8:28:15 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 8/1/2013 11:42:47 AM, Error: Service Control Manager [7030] - The FastFreeConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/1/2013 11:42:41 AM, Error: Service Control Manager [7034] - The COMODO Dragon Update Service service terminated unexpectedly. It has done this 1 time(s). 7/28/2013 1:02:56 AM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S5). This can result in reduced resume performance. . ==== End Of File =========================== DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.25.2 Run by Valued Customer at 14:28:36 on 2013-08-02 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3582.2130 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275} FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Classic Shell\ClassicShellService.exe C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhostex.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files\COMODO\COMODO Internet Security\cistray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\COMODO\COMODO Internet Security\cis.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Fast Free Converter 4.1: {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [AdobeBridge] <no file> mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe IE: LastPass - C:\Users\Valued Customer\AppData\LocalLow\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Users\Valued Customer\AppData\LocalLow\LastPass\context.html?cmd=fillforms IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 97.64.183.164 97.64.209.37 TCP: Interfaces\{01253CC7-4906-40F3-93E3-E21189EF5046} : DHCPNameServer = 192.168.0.100 TCP: Interfaces\{0FA670D7-CEA1-475F-BCE8-DF9B8076DFA3} : NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{0FA670D7-CEA1-475F-BCE8-DF9B8076DFA3} : DHCPNameServer = 97.64.183.164 97.64.209.37 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Users\Valued Customer\AppData\Local\Citrix\Plugins\104\npappdetector.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-19 15:23; support@lastpass.com; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\support@lastpass.com FF - ExtSQL: 2013-06-19 16:20; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2013-06-19 21:15; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2013-06-22 15:50; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2013-06-29 01:15; {dc572301-7619-498c-a57d-39143191b318}; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi FF - ExtSQL: 2013-07-23 11:55; q8kbfwc@wsrzhxag.co.uk; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\q8kbfwc@wsrzhxag.co.uk . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-19 65336] R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-19 189936] R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-19 1030952] R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-19 378944] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-4-15 23168] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-4-15 713776] R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-4-15 37560] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-19 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-19 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-19 46808] R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-7-24 70352] R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752] R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2012-11-26 687104] R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-5-30 1851088] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472] R2 StartMenuService;StartMenu8 Service;C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [2013-7-18 75584] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864] R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\Drivers\RTL8192su.sys [2012-6-2 693864] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-08-02 17:48:28 -------- d-----w- C:\Windows\ERUNT 2013-08-01 16:42:49 -------- d-----w- C:\Program Files (x86)\File Type Helper 2013-08-01 16:42:45 -------- d-----w- C:\Program Files (x86)\Fast Free Converter 2013-08-01 15:46:47 -------- d-----w- C:\Users\Valued Customer\AppData\Local\PDF24 2013-08-01 14:16:01 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin 2013-07-31 19:34:47 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\QuickScan 2013-07-30 15:58:10 -------- d-----w- C:\Users\Valued Customer\AppData\Local\ElevatedDiagnostics 2013-07-26 01:56:09 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO 2013-07-25 14:00:16 -------- d-----w- C:\Users\Valued Customer\AppData\Local\TechSmith 2013-07-23 16:55:15 -------- d-----w- C:\ProgramData\StarApp 2013-07-23 16:55:03 -------- d-----w- C:\ProgramData\ssafe saovei 2013-07-23 16:52:59 -------- d-----w- C:\ProgramData\InstallMate 2013-07-17 08:43:30 8704 ----a-w- C:\Windows\SysWow64\vidccleaner.exe 2013-07-17 08:43:30 77824 ----a-w- C:\Windows\SysWow64\xvid.ax 2013-07-17 08:43:30 765952 ----a-w- C:\Windows\SysWow64\xvidcore.dll 2013-07-17 08:43:30 180224 ----a-w- C:\Windows\SysWow64\xvidvfw.dll 2013-07-17 08:43:09 217088 ----a-w- C:\Windows\SysWow64\skjpeg40.dll 2013-07-17 08:43:08 83968 ----a-w- C:\Windows\SysWow64\Skbase40.dll 2013-07-17 08:43:07 -------- d-----w- C:\Program Files (x86)\Samsung 2013-07-12 19:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-07-12 19:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2013-07-08 20:59:58 713776 ----a-w- C:\Windows\System32\drivers\cmdguard.sys 2013-07-08 17:34:39 499712 ----a-w- C:\Windows\iwexec.exe 2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-27 21:20:30 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-06-27 21:20:30 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-06-20 08:20:44 56072 ----a-w- C:\Windows\System32\certsentry.dll 2013-06-20 08:20:44 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll 2013-06-20 08:20:35 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2013-06-19 21:38:32 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-06-19 20:23:04 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe 2013-06-19 17:22:40 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-19 17:22:39 972712 ----a-w- C:\Windows\System32\deployJava1.dll 2013-06-19 17:22:39 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-06-19 17:21:07 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-19 17:21:05 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-19 17:21:05 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-18 15:16:16 37560 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2013-06-18 15:16:14 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2013-06-18 15:15:49 43216 ----a-w- C:\Windows\System32\cmdcsr.dll 2013-06-18 15:15:47 348584 ----a-w- C:\Windows\SysWow64\guard32.dll 2013-06-18 15:15:46 437688 ----a-w- C:\Windows\System32\guard64.dll 2013-06-18 15:15:38 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll 2013-06-18 15:15:38 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll 2013-06-18 15:15:35 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll 2013-06-18 15:15:34 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll 2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-06-16 21:33:47 0 ----a-w- C:\Windows\ativpsrm.bin 2013-06-13 06:09:14 55496 ----a-w- C:\Windows\SysWow64\offreg.dll 2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe 2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS 2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys 2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe 2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll 2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll 2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll 2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll 2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll 2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe 2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe 2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll 2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll 2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll 2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll 2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll 2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll 2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll 2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll 2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll 2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll 2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll 2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys 2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys 2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi 2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe 2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi 2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe 2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll 2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-05-15 22:35:47 144384 ----a-w- C:\Windows\System32\tssdisai.dll 2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe 2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll 2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe 2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll 2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr . ============= FINISH: 14:29:37.98 =============== That's it! Kirk