Jump to content

I am infected


Recommended Posts

I have read all of your instructions and am trying to follow them.

 

When I click links to login to my email accounts and when I am visiting webpages

some of the text become hyperlinks to advertising. and when I click on links that

that are meant to click on my firefox browser opens the links fine but also opens

a new tab with ads.

 

I upgraded both Malwarebytes and Superantispyware and ran them and neither

one had found the malware.

 

So as per instructions I downloaded dds.sc and ran it. Here are the two logs it

produced on my desktip:

 

dds.txt:

======

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2
Run by Valued Customer at 12:01:30 on 2013-08-02
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3582.2776 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: ssafe  saovei: {44A97EB3-B3EA-2DD5-2A9E-4334F6400862} - C:\ProgramData\ssafe  saovei\51eeb54840ebf.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Fast Free Converter 4.1: {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [AdobeBridge] <no file>
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
IE: LastPass - C:\Users\Valued Customer\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Valued Customer\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{01253CC7-4906-40F3-93E3-E21189EF5046} : DHCPNameServer = 192.168.0.100
TCP: Interfaces\{0FA670D7-CEA1-475F-BCE8-DF9B8076DFA3} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{0FA670D7-CEA1-475F-BCE8-DF9B8076DFA3} : DHCPNameServer = 97.64.183.164 97.64.209.37
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Valued Customer\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-19 15:23; support@lastpass.com; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\support@lastpass.com
FF - ExtSQL: 2013-06-19 16:20; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-06-19 21:15; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-06-22 15:50; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-06-23 23:19; ascsurfingprotection@iobit.com; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-06-29 01:15; {dc572301-7619-498c-a57d-39143191b318}; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF - ExtSQL: 2013-07-23 11:55; q8kbfwc@wsrzhxag.co.uk; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\q8kbfwc@wsrzhxag.co.uk
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-19 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-19 189936]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-7-18 17720]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-19 1030952]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-19 378944]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-4-15 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-4-15 713776]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-4-15 37560]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-6-23 574272]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-19 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-19 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-19 46808]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-7-24 70352]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2012-11-26 687104]
R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-5-30 1851088]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-7-18 335168]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 StartMenuService;StartMenu8 Service;C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [2013-7-18 75584]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-7-18 23048]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-7-18 34336]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-7-18 23016]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\Drivers\RTL8192su.sys [2012-6-2 693864]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-08-01 16:42:49    --------    d-----w-    C:\Program Files (x86)\File Type Helper
2013-08-01 16:42:45    --------    d-----w-    C:\Program Files (x86)\Fast Free Converter
2013-08-01 16:42:41    --------    d-----w-    C:\Users\Valued Customer\AppData\Local\SwvUpdater
2013-08-01 15:46:47    --------    d-----w-    C:\Users\Valued Customer\AppData\Local\PDF24
2013-08-01 14:16:01    262832    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin
2013-07-31 19:34:47    --------    d-----w-    C:\Users\Valued Customer\AppData\Roaming\QuickScan
2013-07-30 15:58:10    --------    d-----w-    C:\Users\Valued Customer\AppData\Local\ElevatedDiagnostics
2013-07-26 01:56:09    --------    d-----w-    C:\Program Files (x86)\Common Files\COMODO
2013-07-25 14:00:16    --------    d-----w-    C:\Users\Valued Customer\AppData\Local\TechSmith
2013-07-23 17:10:36    32600    ----a-w-    C:\Windows\System32\SmartDefragBootTime.exe
2013-07-23 16:55:15    --------    d-----w-    C:\ProgramData\StarApp
2013-07-23 16:55:03    --------    d-----w-    C:\ProgramData\ssafe  saovei
2013-07-23 16:52:59    --------    d-----w-    C:\ProgramData\InstallMate
2013-07-19 02:35:36    17720    ----a-w-    C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-07-17 08:43:30    8704    ----a-w-    C:\Windows\SysWow64\vidccleaner.exe
2013-07-17 08:43:30    77824    ----a-w-    C:\Windows\SysWow64\xvid.ax
2013-07-17 08:43:30    765952    ----a-w-    C:\Windows\SysWow64\xvidcore.dll
2013-07-17 08:43:30    180224    ----a-w-    C:\Windows\SysWow64\xvidvfw.dll
2013-07-17 08:43:09    217088    ----a-w-    C:\Windows\SysWow64\skjpeg40.dll
2013-07-17 08:43:08    83968    ----a-w-    C:\Windows\SysWow64\Skbase40.dll
2013-07-17 08:43:07    --------    d-----w-    C:\Program Files (x86)\Samsung
2013-07-12 19:42:18    6129024    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 19:42:18    6129024    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-03 17:02:19    92056    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
.
==================== Find3M  ====================
.
2013-07-08 20:59:58    713776    ----a-w-    C:\Windows\System32\drivers\cmdguard.sys
2013-07-08 17:34:39    499712    ----a-w-    C:\Windows\iwexec.exe
2013-06-27 22:04:51    78200    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51    693112    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-27 21:20:30    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 21:20:30    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-20 08:20:44    56072    ----a-w-    C:\Windows\System32\certsentry.dll
2013-06-20 08:20:44    47368    ----a-w-    C:\Windows\SysWow64\certsentry.dll
2013-06-20 08:20:35    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2013-06-19 21:38:32    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-06-19 20:23:04    14880256    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-06-19 17:22:40    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-19 17:22:39    972712    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-06-19 17:22:39    1093032    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-06-19 17:21:07    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 17:21:05    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-19 17:21:05    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-18 15:16:16    37560    ----a-w-    C:\Windows\System32\drivers\cmdhlp.sys
2013-06-18 15:16:14    23168    ----a-w-    C:\Windows\System32\drivers\cmderd.sys
2013-06-18 15:15:49    43216    ----a-w-    C:\Windows\System32\cmdcsr.dll
2013-06-18 15:15:47    348584    ----a-w-    C:\Windows\SysWow64\guard32.dll
2013-06-18 15:15:46    437688    ----a-w-    C:\Windows\System32\guard64.dll
2013-06-18 15:15:38    45784    ----a-w-    C:\Windows\System32\cmdkbd64.dll
2013-06-18 15:15:38    344792    ----a-w-    C:\Windows\System32\cmdvrt64.dll
2013-06-18 15:15:35    278232    ----a-w-    C:\Windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15:34    40664    ----a-w-    C:\Windows\SysWow64\cmdkbd32.dll
2013-06-16 22:41:31    997632    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-06-16 21:33:47    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-06-13 06:09:14    55496    ----a-w-    C:\Windows\SysWow64\offreg.dll
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-01 11:54:16    194816    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10    125184    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21    2391280    ----a-w-    C:\Windows\explorer.exe
2013-06-01 11:33:13    2233600    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35    337152    ----a-w-    C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35    213248    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33    327936    ----a-w-    C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31    6987008    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46    2106176    ----a-w-    C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05    67584    ----a-w-    C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03    496640    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19    493056    ----a-w-    C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09    850944    ----a-w-    C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09    1453568    ----a-w-    C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46    1842176    ----a-w-    C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06    680960    ----a-w-    C:\Windows\System32\vds.exe
2013-06-01 09:22:47    80896    ----a-w-    C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33    523264    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33    446976    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09    190976    ----a-w-    C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39    729600    ----a-w-    C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39    106496    ----a-w-    C:\Windows\System32\samlib.dll
2013-06-01 09:21:34    595968    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-01 09:20:45    583168    ----a-w-    C:\Windows\System32\mscms.dll
2013-06-01 09:20:34    1527808    ----a-w-    C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34    1048576    ----a-w-    C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04    2219520    ----a-w-    C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58    207872    ----a-w-    C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42    785408    ----a-w-    C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57    37632    ----a-w-    C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23    4036096    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-24 22:09:20    1403296    ----a-w-    C:\Windows\System32\winload.efi
2013-05-24 22:09:20    1271584    ----a-w-    C:\Windows\System32\winload.exe
2013-05-24 22:09:20    1217352    ----a-w-    C:\Windows\System32\winresume.efi
2013-05-24 22:09:20    1093904    ----a-w-    C:\Windows\System32\winresume.exe
2013-05-23 23:01:46    1300992    ----a-w-    C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-05-15 22:37:03    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-05-15 22:35:47    144384    ----a-w-    C:\Windows\System32\tssdisai.dll
2013-05-15 02:25:59    888320    ----a-w-    C:\Windows\System32\autochk.exe
2013-05-15 02:25:44    542208    ----a-w-    C:\Windows\System32\untfs.dll
2013-05-15 02:24:10    793088    ----a-w-    C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01    482816    ----a-w-    C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-09 08:59:07    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37    41664    ----a-w-    C:\Windows\avastSS.scr
.
============= FINISH: 12:02:46.30 ===============
 

Attach.txt;

=========

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2013 4:38:25 PM
System Uptime: 8/2/2013 9:10:23 AM (3 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-78LMT-S2P
Processor: AMD FX-4100 Quad-Core Processor             | Socket M2 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 869.892 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 466 GiB total, 142.858 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Photosmart Plus B209a-m
Device ID: USB\VID_03F0&PID_7E11&MI_00\6&10456A54&0&0000
Manufacturer:
Name: Photosmart Plus B209a-m
PNP Device ID: USB\VID_03F0&PID_7E11&MI_00\6&10456A54&0&0000
Service:
.
==== System Restore Points ===================
.
RP8: 7/17/2013 1:18:52 AM - Windows Update
RP9: 7/24/2013 11:20:20 AM - Scheduled Checkpoint
RP10: 8/1/2013 10:05:19 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Advanced SystemCare 6
avast! Free Antivirus
Camtasia Studio 7
CCleaner
Citrix Online Launcher
Classic Shell
Comodo Dragon
COMODO Firewall
Content Transfer
Core FTP LE
CurationSoft
EasyBanner Flash 5.0
Fast Free Converter
GeekBuddy
Google Chrome
Google Drive
Google Update Helper
GoToMeeting 5.8.0.1189
IObit Malware Fighter
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
K-Lite Codec Pack 9.9.5 (64-bit)
K-Lite Codec Pack 9.9.5 (Full)
LastPass(uninstall only)
List Manager 2.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.7 (x86 en-US)
Net Extractor
Notepad++
NWZ-S540 WALKMAN Guide
OpenOffice.org 3.4.1
PDF Settings CS6
Quick Tab Change 2.0
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Samsung Master
Skype Click to Call
Skype™ 6.6
Smart Defrag 2
Social Lead Fox
Software Version Updater
ssafe  saovei
Start Menu 8
SUPERAntiSpyware
swMSM
TC Web Conferencing
VLC media player 2.0.7
.
==== Event Viewer Messages From Past Week ========
.
8/2/2013 9:33:02 AM, Error: Service Control Manager [7034]  - The Advanced SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).
8/2/2013 9:10:27 AM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
8/1/2013 8:28:15 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.
8/1/2013 8:28:15 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/1/2013 11:42:47 AM, Error: Service Control Manager [7030]  - The FastFreeConverterUpdt service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/1/2013 11:42:41 AM, Error: Service Control Manager [7034]  - The COMODO Dragon Update Service service terminated unexpectedly.  It has done this 1 time(s).
7/28/2013 1:02:56 AM, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S5). This can result in reduced resume performance.
.
==== End Of File ===========================
 

Thanks in advance

 

Kirk

Link to post
Share on other sites

Hello Kirk and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

I suggest you to uninstall Advanced SystemCare 6. Here's why:

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

Also, suggest you to uninstall IObit Malware Fighter. Here's why:

http://forums.malwarebytes.org/index.php?showtopic=29681

And uninstall ssafe saovei

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 5

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • RogueKiller log
  • a new fresh DDS log
Link to post
Share on other sites

OK,  I :

uninstalled Advanced SystemCare 6
uninstalled IObit Malware Fighter
uninstalled ssafe saovei
===================================

 

Reports

=======
Junkware Removal Tool log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.0 (08.02.2013:1)
OS: Windows 8 x64
Ran by Valued Customer on Fri 08/02/2013 at 12:48:29.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}



~~~ Files

Failed to delete: [File] "C:\Windows\tasks\amiupdxp.job"
Failed to delete: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Valued Customer\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Valued Customer\appdata\locallow\fast free converter"
Failed to delete: [Folder] "C:\Program Files (x86)\fast free converter"



~~~ FireFox

Successfully deleted the following from C:\Users\Valued Customer\AppData\Roaming\mozilla\firefox\profiles\mk0a9sxn.default\prefs.js

user_pref("extensions.51eeb54840ddc.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top){var script=document.createElement('script');script
Emptied folder: C:\Users\Valued Customer\AppData\Roaming\mozilla\firefox\profiles\mk0a9sxn.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/02/2013 at 13:09:09.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner logs:


AdwCleaner[R1]:

# AdwCleaner v2.306 - Logfile created 08/02/2013 at 13:36:16
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Valued Customer - VALUEDCUSTOMER
# Boot Mode : Normal
# Running from : C:\Users\Valued Customer\Downloads\AdwCleaner.exe
# Option [search]


***** [services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Windows\Tasks\AmiUpdXp.job
Folder Found : C:\ProgramData\ssafe  saovei
Folder Found : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkfmafhpfnolkpgnokmbilolpjbkmacb
Folder Found : C:\Users\Valued Customer\AppData\LocalLow\ssafe  saovei
Folder Found : C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\q8kbfwc@wsrzhxag.co.uk

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44A97EB3-B3EA-2DD5-2A9E-4334F6400862}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44A97EB3-B3EA-2DD5-2A9E-4334F6400862}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\prefs.js

Found : user_pref("extensions.51eeb54840ddc.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && [...]

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3384 octets] - [02/08/2013 13:36:16]

########## EOF - C:\AdwCleaner[R1].txt - [3444 octets] ##########
======================================================================

AdwCleaner[s1]:

# AdwCleaner v2.306 - Logfile created 08/02/2013 at 13:37:04
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Valued Customer - VALUEDCUSTOMER
# Boot Mode : Normal
# Running from : C:\Users\Valued Customer\Downloads\AdwCleaner.exe
# Option [Delete]


***** [services] *****

========================================================================

Malwarebytes' Anti-Malware log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Valued Customer :: VALUEDCUSTOMER [administrator]

8/2/2013 1:44:10 PM
MBAM-log-2013-08-02 (13-53-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217922
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken.
HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0} (PUP.Optional.Amonetize) -> No action taken.
HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} (PUP.Optional.Amonetize) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\ProgramData\ssafe  saovei\51eeb54840ebf.dll (PUP.Optional.MultiPlug.A) -> No action taken.
C:\Users\Valued Customer\AppData\Local\Temp\ikfGKK43.exe.part (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\Valued Customer\AppData\Local\Temp\Launcher__2594_il2308652.exe (PUP.Optional.Amonetize) -> No action taken.
C:\Users\Valued Customer\Downloads\Launcher__2594_il2308652.exe (PUP.Optional.Amonetize) -> No action taken.
C:\Users\Valued Customer\Downloads\setup.exe (PUP.Optional.Ibryte) -> No action taken.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.

(end)
===================================================================================

I did know if you wanted both logs for DDS so I am posting them both:

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2013 4:38:25 PM
System Uptime: 8/2/2013 1:56:14 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-78LMT-S2P
Processor: AMD FX-4100 Quad-Core Processor             | Socket M2 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 869.813 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 466 GiB total, 142.858 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Photosmart Plus B209a-m
Device ID: USB\VID_03F0&PID_7E11&MI_00\6&10456A54&0&0000
Manufacturer:
Name: Photosmart Plus B209a-m
PNP Device ID: USB\VID_03F0&PID_7E11&MI_00\6&10456A54&0&0000
Service:
.
==== System Restore Points ===================
.
RP8: 7/17/2013 1:18:52 AM - Windows Update
RP9: 7/24/2013 11:20:20 AM - Scheduled Checkpoint
RP10: 8/1/2013 10:05:19 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
avast! Free Antivirus
Camtasia Studio 7
CCleaner
Citrix Online Launcher
Classic Shell
Comodo Dragon
COMODO Firewall
Content Transfer
Core FTP LE
CurationSoft
EasyBanner Flash 5.0
Fast Free Converter
GeekBuddy
Google Chrome
Google Drive
Google Update Helper
GoToMeeting 5.8.0.1189
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
K-Lite Codec Pack 9.9.5 (64-bit)
K-Lite Codec Pack 9.9.5 (Full)
LastPass(uninstall only)
List Manager 2.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.7 (x86 en-US)
Net Extractor
Notepad++
NWZ-S540 WALKMAN Guide
OpenOffice.org 3.4.1
PDF Settings CS6
Quick Tab Change 2.0
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Samsung Master
Skype Click to Call
Skype™ 6.6
Social Lead Fox
Start Menu 8
SUPERAntiSpyware
swMSM
TC Web Conferencing
VLC media player 2.0.7
.
==== Event Viewer Messages From Past Week ========
.
8/2/2013 12:36:42 PM, Error: Service Control Manager [7034]  - The Advanced SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).
8/2/2013 1:56:16 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
8/1/2013 8:28:15 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.
8/1/2013 8:28:15 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/1/2013 11:42:47 AM, Error: Service Control Manager [7030]  - The FastFreeConverterUpdt service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/1/2013 11:42:41 AM, Error: Service Control Manager [7034]  - The COMODO Dragon Update Service service terminated unexpectedly.  It has done this 1 time(s).
7/28/2013 1:02:56 AM, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S5). This can result in reduced resume performance.
.
==== End Of File ===========================
DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2
Run by Valued Customer at 14:28:36 on 2013-08-02
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3582.2130 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhostex.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Fast Free Converter 4.1: {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [AdobeBridge] <no file>
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
IE: LastPass - C:\Users\Valued Customer\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Valued Customer\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{01253CC7-4906-40F3-93E3-E21189EF5046} : DHCPNameServer = 192.168.0.100
TCP: Interfaces\{0FA670D7-CEA1-475F-BCE8-DF9B8076DFA3} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{0FA670D7-CEA1-475F-BCE8-DF9B8076DFA3} : DHCPNameServer = 97.64.183.164 97.64.209.37
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Valued Customer\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-19 15:23; support@lastpass.com; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\support@lastpass.com
FF - ExtSQL: 2013-06-19 16:20; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-06-19 21:15; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-06-22 15:50; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-06-29 01:15; {dc572301-7619-498c-a57d-39143191b318}; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF - ExtSQL: 2013-07-23 11:55; q8kbfwc@wsrzhxag.co.uk; C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\mk0a9sxn.default\extensions\q8kbfwc@wsrzhxag.co.uk
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-6-19 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-6-19 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-6-19 1030952]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-6-19 378944]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-4-15 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-4-15 713776]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-4-15 37560]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-6-19 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-6-19 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-19 46808]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-7-24 70352]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2012-11-26 687104]
R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-5-30 1851088]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 StartMenuService;StartMenu8 Service;C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [2013-7-18 75584]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\Drivers\RTL8192su.sys [2012-6-2 693864]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-08-02 17:48:28    --------    d-----w-    C:\Windows\ERUNT
2013-08-01 16:42:49    --------    d-----w-    C:\Program Files (x86)\File Type Helper
2013-08-01 16:42:45    --------    d-----w-    C:\Program Files (x86)\Fast Free Converter
2013-08-01 15:46:47    --------    d-----w-    C:\Users\Valued Customer\AppData\Local\PDF24
2013-08-01 14:16:01    262832    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin
2013-07-31 19:34:47    --------    d-----w-    C:\Users\Valued Customer\AppData\Roaming\QuickScan
2013-07-30 15:58:10    --------    d-----w-    C:\Users\Valued Customer\AppData\Local\ElevatedDiagnostics
2013-07-26 01:56:09    --------    d-----w-    C:\Program Files (x86)\Common Files\COMODO
2013-07-25 14:00:16    --------    d-----w-    C:\Users\Valued Customer\AppData\Local\TechSmith
2013-07-23 16:55:15    --------    d-----w-    C:\ProgramData\StarApp
2013-07-23 16:55:03    --------    d-----w-    C:\ProgramData\ssafe  saovei
2013-07-23 16:52:59    --------    d-----w-    C:\ProgramData\InstallMate
2013-07-17 08:43:30    8704    ----a-w-    C:\Windows\SysWow64\vidccleaner.exe
2013-07-17 08:43:30    77824    ----a-w-    C:\Windows\SysWow64\xvid.ax
2013-07-17 08:43:30    765952    ----a-w-    C:\Windows\SysWow64\xvidcore.dll
2013-07-17 08:43:30    180224    ----a-w-    C:\Windows\SysWow64\xvidvfw.dll
2013-07-17 08:43:09    217088    ----a-w-    C:\Windows\SysWow64\skjpeg40.dll
2013-07-17 08:43:08    83968    ----a-w-    C:\Windows\SysWow64\Skbase40.dll
2013-07-17 08:43:07    --------    d-----w-    C:\Program Files (x86)\Samsung
2013-07-12 19:42:18    6129024    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 19:42:18    6129024    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M  ====================
.
2013-07-08 20:59:58    713776    ----a-w-    C:\Windows\System32\drivers\cmdguard.sys
2013-07-08 17:34:39    499712    ----a-w-    C:\Windows\iwexec.exe
2013-06-27 22:04:51    78200    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51    693112    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-27 21:20:30    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 21:20:30    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-20 08:20:44    56072    ----a-w-    C:\Windows\System32\certsentry.dll
2013-06-20 08:20:44    47368    ----a-w-    C:\Windows\SysWow64\certsentry.dll
2013-06-20 08:20:35    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2013-06-19 21:38:32    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-06-19 20:23:04    14880256    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-06-19 17:22:40    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-19 17:22:39    972712    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-06-19 17:22:39    1093032    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-06-19 17:21:07    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 17:21:05    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-19 17:21:05    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-18 15:16:16    37560    ----a-w-    C:\Windows\System32\drivers\cmdhlp.sys
2013-06-18 15:16:14    23168    ----a-w-    C:\Windows\System32\drivers\cmderd.sys
2013-06-18 15:15:49    43216    ----a-w-    C:\Windows\System32\cmdcsr.dll
2013-06-18 15:15:47    348584    ----a-w-    C:\Windows\SysWow64\guard32.dll
2013-06-18 15:15:46    437688    ----a-w-    C:\Windows\System32\guard64.dll
2013-06-18 15:15:38    45784    ----a-w-    C:\Windows\System32\cmdkbd64.dll
2013-06-18 15:15:38    344792    ----a-w-    C:\Windows\System32\cmdvrt64.dll
2013-06-18 15:15:35    278232    ----a-w-    C:\Windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15:34    40664    ----a-w-    C:\Windows\SysWow64\cmdkbd32.dll
2013-06-16 22:41:31    997632    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-06-16 21:33:47    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-06-13 06:09:14    55496    ----a-w-    C:\Windows\SysWow64\offreg.dll
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-01 11:54:16    194816    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10    125184    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21    2391280    ----a-w-    C:\Windows\explorer.exe
2013-06-01 11:33:13    2233600    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35    337152    ----a-w-    C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35    213248    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33    327936    ----a-w-    C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31    6987008    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46    2106176    ----a-w-    C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05    67584    ----a-w-    C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03    496640    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19    493056    ----a-w-    C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09    850944    ----a-w-    C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09    1453568    ----a-w-    C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46    1842176    ----a-w-    C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06    680960    ----a-w-    C:\Windows\System32\vds.exe
2013-06-01 09:22:47    80896    ----a-w-    C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33    523264    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33    446976    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09    190976    ----a-w-    C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39    729600    ----a-w-    C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39    106496    ----a-w-    C:\Windows\System32\samlib.dll
2013-06-01 09:21:34    595968    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-01 09:20:45    583168    ----a-w-    C:\Windows\System32\mscms.dll
2013-06-01 09:20:34    1527808    ----a-w-    C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34    1048576    ----a-w-    C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04    2219520    ----a-w-    C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58    207872    ----a-w-    C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42    785408    ----a-w-    C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57    37632    ----a-w-    C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23    4036096    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-24 22:09:20    1403296    ----a-w-    C:\Windows\System32\winload.efi
2013-05-24 22:09:20    1271584    ----a-w-    C:\Windows\System32\winload.exe
2013-05-24 22:09:20    1217352    ----a-w-    C:\Windows\System32\winresume.efi
2013-05-24 22:09:20    1093904    ----a-w-    C:\Windows\System32\winresume.exe
2013-05-23 23:01:46    1300992    ----a-w-    C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-05-15 22:37:03    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-05-15 22:35:47    144384    ----a-w-    C:\Windows\System32\tssdisai.dll
2013-05-15 02:25:59    888320    ----a-w-    C:\Windows\System32\autochk.exe
2013-05-15 02:25:44    542208    ----a-w-    C:\Windows\System32\untfs.dll
2013-05-15 02:24:10    793088    ----a-w-    C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01    482816    ----a-w-    C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-09 08:59:07    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37    41664    ----a-w-    C:\Windows\avastSS.scr
.
============= FINISH: 14:29:37.98 ===============
 That's it!  

Kirk

Link to post
Share on other sites

I don't know if I sent you the wrong log in Malwarebytes so I ran it again and here is

the latest log after running:

 

Malwarebytes:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Valued Customer :: VALUEDCUSTOMER [administrator]

8/2/2013 2:41:01 PM
mbam-log-2013-08-02 (14-41-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218113
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

No I am still get all the other browsers and new tabs opening up with advertisements

I will try to do more surfing a little later I just got home from work and I would like
to wind down a little and then go to bed...

But...I logged out of my gmail account and then logged back in and this new window
came up. In the address bar the web address that is hosting the ad pages are almost
always coming from this domain: https://www.cloud-connect.net/

So far I have not found out anything about the domain in google search except when
I go to the actual domain it's home page is a login page...

No I still think something is in this system...it's starting to drive me crazy...

any way, thanks for the help and if you have any more ideas I would love to hear (read)
them.

 

Kirk

Link to post
Share on other sites

Hey Borislav,

 

thanks for all your help buddie. I thought I was going to go

to bed as I was so burned out.

 

but, being as stubborn as I am  I finally go rid of all the viruses

 

I was finally able to uninstall "cloud-connect.exe

 

then I could go to bed...

 

It was bugging me that I could get rid of that thing.

just thinking about it would have kept me from sleeping..

 

All my issues seem to have been resolved...

 

Computer is running like a dream....

 

Have a great weekend..

 

Gratefully Yours,

Thank you,

 

Kirk

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.