Bullseye1863

Help removing several Spigot extensions

14 posts in this topic

Hi There,

 

After installing Vuze a number of Extensions now appear in my Chrome: "Amazon Shopping Assistant by Spigot", "Domain Error Assistant", "Ebay Shopping Assistant by Spigot" and "Slick Savings". I remove these from Chrome but what do you know, every time I re-open a window, they're back. Also my Firefox homepage has been set to Yahoo with apparently no ability to change it.

 

I have removed Vuze, as well as any program that looks to be run by Spigot, from my computer, to no avail. I've also run Malwarebytes Anti Malware, which removed a few threats but unfortunately didn't help the main issue.

 

These complaints are minor and not too inconvenient but it does make me wonder if my system is infected more dangerously elsewhere. Below are my DDS.txt and Attach.txt files. Any help would be very greatly appreciated.

 

Thanks

Bullseye1863

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686
Run by Rich at 20:45:34 on 2013-09-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3691.2224 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Enabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\lxblcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Rich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
uRun: [Google Update] "C:\Users\Rich\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [spotify Web Helper] "C:\Users\Rich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [HP Photosmart 5520 series (NET)] "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BL187HN05ST:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1
uRun: [spotify] "C:\Users\Rich\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{9F3B1181-2650-44B6-BDFF-4FD002DDB55D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9F3B1181-2650-44B6-BDFF-4FD002DDB55D}\4514C4B44514C4B4D2732454736483 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9F3B1181-2650-44B6-BDFF-4FD002DDB55D}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\m6tlhs93.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Downloader\npdd.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rich\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-14 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-11 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-10-14 1582144]
.
=============== Created Last 30 ================
.
2013-09-12 02:19:11 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-12 02:19:11 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-12 02:19:06 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-09-12 02:19:04 356864 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-09-12 02:19:02 236032 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-09-12 02:19:01 217600 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-09-12 02:19:00 278528 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-09-12 01:13:53 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-12 01:13:24 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-12 01:13:23 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-09-12 01:13:22 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-09-12 01:13:21 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-09-12 01:13:17 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-09-12 01:13:17 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-09-12 01:13:15 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-09-12 01:13:09 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-09-12 01:13:01 112640 ----a-w- C:\Windows\System32\smss.exe
2013-09-12 01:11:47 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-11 19:47:37 -------- d-----w- C:\Users\Rich\AppData\Roaming\Malwarebytes
2013-09-11 19:47:02 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-11 19:46:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-11 19:46:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-11 19:46:26 -------- d-----w- C:\Users\Rich\AppData\Local\Programs
2013-09-10 19:44:18 -------- d-----w- C:\Users\Rich\AppData\Local\Slick Savings
2013-09-10 19:44:03 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2013-09-10 19:42:21 -------- d-----w- C:\Users\Rich\AppData\Roaming\Azureus
2013-08-25 08:00:34 -------- d-----w- C:\Windows\System32\MRT
.
==================== Find3M  ====================
.
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-28 12:10:16 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-28 12:10:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-26 18:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys
2013-06-26 18:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys
2013-06-26 18:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys
2013-06-26 18:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll
2013-06-26 18:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll
2013-06-26 18:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys
.
============= FINISH: 20:48:20.16 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 25/12/2011 10:33:25
System Uptime: 16/09/2013 09:06:55 (11 hours ago)
.
Motherboard: Hewlett-Packard |  | 3577
Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 280 GiB total, 201.909 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.601 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.084 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP92: 31/07/2013 13:51:08 - Removed MixiDJ Chrome Toolbar
RP93: 11/08/2013 23:09:38 - Scheduled Checkpoint
RP94: 25/08/2013 03:00:27 - Windows Update
RP95: 11/09/2013 20:18:16 - Removed Vuze Remote Toolbar v7.6.
RP96: 12/09/2013 03:00:36 - Windows Update
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Agatha Christie - Peril at End House
AMD APP SDK Runtime
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audible Download Manager
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Bonjour
Bounce Symphony
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Chuzzle Deluxe
Compaq Setup Manager
Cradle of Rome 2
CyberLink YouCam
D3DX10
DivX Setup
Downloader
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
FATE
Final Drive: Nitro
Football Manager 2012
Football Manager 2012 Editor
Football Manager 2012 Resource Archiver
Google Chrome
Google Earth
Google Update Helper
Governor of Poker 2 Premium Edition
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP On Screen Display
HP Photo Creations
HP Photosmart 5520 series Basic Device Software
HP Photosmart 5520 series Help
HP Photosmart 5520 series Product Improvement Study
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Software Framework
HP Support Assistant
HP Update
iCloud
iTunes
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Lexmark Z700-P700 Series
Magic Desktop
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
MiShell*OFXViewer (remove only)
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
SimCity 4 Deluxe
Skype™ 5.10
Slingo Supreme
Spotify
Steam
swMSM
Synaptics TouchPad Driver
TEW2005
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
VC80CRTRedist - 8.0.50727.6195
Virtual Villagers 5 - New Believers
VLC media player 1.1.11
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.10 (32-bit)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
15/09/2013 19:30:39, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
 

 

Share this post


Link to post
Share on other sites

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Let me see those logs...

 

Kevin

Share this post


Link to post
Share on other sites

Thanks so much for your help so far Kevin. Have done all of the above, unfortunately the extension "Slick Savings" persists in Chrome, and so does the Yahoo homepage in Firefox. Perhaps the two logs below will give you more information.

 

Thanks again in advance!

Bullseye1863

 

# AdwCleaner v3.004 - Report created 16/09/2013 at 22:08:51
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rich - RICH-HP
# Running from : C:\Users\Rich\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Users\Rich\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Rich\AppData\LocalLow\boost_interprocess
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKCU\Software\5c5588d1bc38e917
Key Deleted : HKLM\SOFTWARE\5c5588d1bc38e917
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\m6tlhs93.default\prefs.js ]
 
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4061 octets] - [16/09/2013 22:02:51]
AdwCleaner[s0].txt - [3549 octets] - [16/09/2013 22:08:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3609 octets] ##########
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.16.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Rich :: RICH-HP [administrator]
 
Protection: Enabled
 
16/09/2013 22:23:47
mbam-log-2013-09-16 (22-23-47).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235148
Time elapsed: 43 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
 
(end)
 

Share this post


Link to post
Share on other sites

Open Chrome, select stack of plates (top right corner) > settings > In new window select Extensions:

 

remove any unwanted/unfamiliar extensions. (Click on recycle bin)

Next:

Click the stack of plates (Top righthand corner), In the box that opens:-

Go to Settings > Show advanced settings........ (at the bottom)

Under "Privacy" open "Clear browsing data" put check mark in the following :-

 

  • Clear browsing history
  • Clear download history
  • Empty the cache
  • Delete Cookies and other site plug-in data
  • Set the delete time to maximum by using the dropdown in "Obliterate the following items from:"
  • Then Click "Clear Browsing Data"


Next:

Click the wrench or stack of plates (Top righthand corner), In the box that opens Click on "About Google Chrome"

If an update is available it will be downloaded and installed....

Let me know if that helps with Chrome,

Regarding FireFox:

From the menu bar select > Tools > Options > In the new window select the "General" tab. In the "Start up" section you can set your Home page...

Let me know if that helps for Firefox...



 

Share this post


Link to post
Share on other sites

Thanks again Kevin.

 

Yes, it looks like for Firefox I'm now able to simply change it back to how it was. I wasn't being allowed to change it initially but maybe I overlooked that earlier.

 

Unfortunately the above didn't seem to rid Chrome of the "Slick Savings" extension though.

 

Any advice on how to proceed from here?

 

Many thanks

Bullseye1863 

Share this post


Link to post
Share on other sites

Download Junkware Removal tool from this link:

 

http://www.bleepingcomputer.com/download/junkware-removal-tool/

Save to your desktop.

 

  • Shut down your Security Protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator. Follow prompts as they come.
  • The tool will open and start scanning your system. (Press any key when prompted to continue)
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post JRT.txt to your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, if we still have issues with Chrome it maybe easier to reinstall it and not save usual settings etc....

 

Kevin

Share this post


Link to post
Share on other sites

Thanks yet again Kevin. Happy to report that everything now appears to be working as normal! Here are the logs anyway:

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Rich on 17/09/2013 at 20:37:54.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1906510967-1372018587-2623179206-1002\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85E2B7BF-7FAA-4DFD-816C-74431D5C58E8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{85E2B7BF-7FAA-4DFD-816C-74431D5C58E8}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Rich\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Rich\appdata\local\slick savings"
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{000F56D1-EF38-41E9-974C-D322A5396BA8}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{03912A0F-F75A-4E57-9610-97C79EBE6D2C}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{039B8F0A-B878-449C-A0E5-0D3090E47DBE}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{05545DDA-FFE3-4894-9830-1F8F1D9559E2}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{05878108-A2BC-4954-946E-70A4DFBD1650}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{0C53F6A4-612B-4513-923B-500F4DA71629}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{162495A6-4DC8-41C4-9301-4FC7B8A6629E}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{18058690-FB6B-4697-9F43-8CF49DF61A16}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{1C546991-B9A3-4611-8E74-4F153C60AB67}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{1CCCBCF1-08D3-4909-A9B3-BF0A04CFF44E}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{20791CA9-91FB-4616-8F54-E479B0733EA9}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{221293DF-755B-4C38-821C-FD9FA6379FE5}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{25D47234-C04B-46EA-A1E0-750BB534822A}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{29D35DDA-2665-4921-97A3-FC705DEE16C5}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{2E1F93B3-D342-4D0F-99A2-D3181171BC29}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{3634042C-64A1-4B93-8D80-682673450540}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{3C8DC84E-6340-4F4D-841F-B9B7A6A206BC}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{3F110247-EF84-4732-B1AC-3D4D17CC82F5}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{402DD03D-8226-46CB-BBD4-E14295213A14}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{4A0E0800-8015-418F-994A-FF93A99EAB65}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{4BFE0ED2-1833-4D20-8683-C23D9AB38DBE}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{4E205486-1CBC-457F-9074-FDD224F56FA0}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{4F3EC1B8-373D-4E95-BA83-AFA6BFAC3A6A}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{5B2AB920-8891-40DC-91C7-DA06FD991FE0}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{5D3E8D86-6F1E-4DC5-A85F-657C9CD16A68}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{609F7788-EC67-4B00-8D88-6C22CE8FA907}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{61757DAD-B23A-4680-8B2E-9CE4F1DF4925}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{6746ED35-94E7-4CCA-A0CB-98238F552772}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{6918CD94-DAF6-48F6-8E9B-0B7114978334}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{6E328926-FC86-48BE-8049-D5DAEE81CF45}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{6E67CAD7-F6E5-4783-8E3C-E9489DC9BE75}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{6F8F5B26-2EA7-4921-8433-5609643DB07E}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{728CA53B-CF53-4E3F-AE1C-9979D7E30706}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{7425A4AB-45AF-4377-96FC-B4BB341E919F}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{74CE2B4D-FAF2-4D25-9DF9-F00E8EC85B1C}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{74CF3186-2B12-44E9-8AAE-1CAF958D6F62}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{8392660E-33C2-4C82-98F8-6BDAFD1A1CB6}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{98302A5B-6C52-4EBB-8DD1-81B6B2867E14}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{98A6E842-B0EF-42BE-8CF1-8DB052E7983B}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{9C6AF363-27CA-44EF-BEFE-46361482C84F}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{9EB61643-C05D-44E7-B265-867C025ECEA3}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{A7DBE2F7-F30B-4F8C-B22A-65BF63C24B62}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{A99016C8-CD2F-4C55-A2BC-87AE1C1567E1}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{AC0F6C47-FF99-42EC-9C57-ABAC617F451F}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{B4CAEC48-B72A-4679-B44E-F4CA33FFDD70}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{B54CAC34-5372-4DA0-AF40-036664ED03C5}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{B55BC927-BA05-43CF-BAA0-343CAABE7485}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{B66AEC6D-33B4-4C89-B6F1-BDC45DF0A368}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{BEDC9BA1-D328-4583-B131-95BC576DA1E9}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{C017D3BC-BBF6-47DD-AE74-A5A6FEE31FE2}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{C5755CEA-F986-4E1E-8AD6-4C1C9BA07034}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{CB5D42B4-E077-47B9-BD95-BFFB52119294}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{CCC6F7ED-D3B0-4EFF-B0DA-2B5CBC78175B}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{D5276716-6A74-4A46-BDC5-6A76D27ACF0C}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{DEE46158-1F60-4BAD-A8CE-D1726DFF3E98}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{DEF4EDBF-38ED-481F-8B49-C9AE1F4EDEBB}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{E0F6A931-3444-4CB5-ABD1-57C186B11C3B}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{E5675B64-9057-426E-AF95-BABF3170F321}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{E873B674-3D36-4D9A-A3FA-C8202D31AC43}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{E98019F9-8F33-4B1F-9B40-F37789252EC0}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{ED4AA139-5C0F-4F46-AE29-6DB16C5D514E}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{EEFB904C-03E3-41F8-8125-6B4E7DE1BA1A}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{F4376968-536C-46B2-991B-151B84DF287B}
Successfully deleted: [Empty Folder] C:\Users\Rich\appdata\local\{F63EA9C1-A752-441A-94EF-1C050C7A8849}
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Rich\AppData\Roaming\mozilla\firefox\profiles\m6tlhs93.default\minidumps [11 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/09/2013 at 20:56:24.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by Rich (administrator) on RICH-HP on 17-09-2013 20:59:27
Running from C:\Users\Rich\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
( ) C:\Windows\system32\lxblcoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Spotify Ltd) C:\Users\Rich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [setDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-10-31] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\Rich\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-25] (Google Inc.)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1631144 2013-03-29] (Valve Corporation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKCU\...\Run: [spotify Web Helper] - C:\Users\Rich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-30] (Spotify Ltd)
HKCU\...\Run: [HP Photosmart 5520 series (NET)] - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [spotify] - C:\Users\Rich\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-30] (Spotify Ltd)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com?type=994519&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {85E2B7BF-7FAA-4DFD-816C-74431D5C58E8} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {CC043459-4697-4979-811A-E91B4524A4DB} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-08-10] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\m6tlhs93.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @gametap.com/npdd,version=1.0 - C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Rich\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Rich\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Downloader Detector) - C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Calendar) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (Google Play Books) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Rich\AppData\Local\Slick Savings\coupons.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
 
==================== Services (Whitelisted) =================
 
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1161072 2012-03-29] (Lavasoft Limited)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.)
R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [566704 2007-04-20] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2804280 2011-05-17] (Sunbelt Software)
 
==================== Drivers (Whitelisted) ====================
 
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-17 20:59 - 2013-09-17 20:59 - 00000000 ____D C:\FRST
2013-09-17 20:58 - 2013-09-17 20:58 - 01950524 _____ (Farbar) C:\Users\Rich\Downloads\FRST64.exe
2013-09-17 20:58 - 2013-09-17 20:58 - 01083437 _____ (Farbar) C:\Users\Rich\Downloads\FRST.exe
2013-09-17 20:56 - 2013-09-17 20:56 - 00008312 _____ C:\Users\Rich\Desktop\JRT.txt
2013-09-17 20:37 - 2013-09-17 20:37 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 20:35 - 2013-09-17 20:36 - 01029675 _____ (Thisisu) C:\Users\Rich\Downloads\JRT.exe
2013-09-16 22:24 - 2013-09-16 22:24 - 00003701 _____ C:\Users\Rich\Desktop\AdwCleaner[s0].txt
2013-09-16 22:02 - 2013-09-16 22:09 - 00000000 ____D C:\AdwCleaner
2013-09-16 22:01 - 2013-09-16 22:01 - 01039554 _____ C:\Users\Rich\Downloads\AdwCleaner.exe
2013-09-16 20:48 - 2013-09-16 21:11 - 00007234 _____ C:\Users\Rich\Desktop\attach.txt
2013-09-16 20:48 - 2013-09-16 20:48 - 00018228 _____ C:\Users\Rich\Desktop\dds.txt
2013-09-16 20:44 - 2013-09-16 20:44 - 00688992 ____R (Swearware) C:\Users\Rich\Downloads\dds.com
2013-09-12 03:19 - 2013-08-10 06:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 03:19 - 2013-08-10 04:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 03:19 - 2013-08-10 04:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 03:19 - 2013-08-10 04:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 03:18 - 2013-08-10 06:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 03:18 - 2013-08-10 06:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 03:18 - 2013-08-10 06:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 03:18 - 2013-08-10 06:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 03:18 - 2013-08-10 06:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 03:18 - 2013-08-10 06:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 03:18 - 2013-08-10 06:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 03:18 - 2013-08-10 06:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 03:18 - 2013-08-10 06:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 03:18 - 2013-08-10 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 03:18 - 2013-08-10 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 03:18 - 2013-08-10 04:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 03:18 - 2013-08-10 04:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 03:18 - 2013-08-10 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 03:18 - 2013-08-10 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 03:18 - 2013-08-10 04:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 03:18 - 2013-08-10 04:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 03:18 - 2013-08-10 04:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 03:18 - 2013-08-10 04:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 03:18 - 2013-08-10 04:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 03:18 - 2013-08-10 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 03:18 - 2013-08-10 04:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 03:18 - 2013-08-10 03:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 03:18 - 2013-08-10 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 03:17 - 2013-08-10 06:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 03:17 - 2013-08-10 06:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 03:17 - 2013-08-10 04:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 02:13 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 02:13 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 02:13 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 02:13 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 02:13 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 02:13 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 02:13 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 02:13 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 02:13 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 02:13 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 02:13 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 02:13 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 02:12 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 02:12 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 02:12 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 02:12 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 02:12 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 02:12 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 02:12 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 02:12 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 02:12 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 02:12 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 02:11 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 02:11 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 02:11 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 02:11 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 02:11 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 20:47 - 2013-09-11 20:47 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-11 20:47 - 2013-09-11 20:47 - 00000000 ____D C:\Users\Rich\AppData\Roaming\Malwarebytes
2013-09-11 20:47 - 2013-09-11 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 20:46 - 2013-09-11 20:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-11 20:46 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-11 20:45 - 2013-09-11 20:45 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Rich\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 20:42 - 2013-09-11 00:28 - 00000000 ____D C:\Users\Rich\AppData\Roaming\Azureus
2013-08-25 09:00 - 2013-09-12 03:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 14:08 - 2013-08-18 14:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
2013-09-17 21:00 - 2011-12-26 15:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-17 21:00 - 2011-12-25 11:48 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906510967-1372018587-2623179206-1002UA.job
2013-09-17 20:59 - 2013-09-17 20:59 - 00000000 ____D C:\FRST
2013-09-17 20:58 - 2013-09-17 20:58 - 01950524 _____ (Farbar) C:\Users\Rich\Downloads\FRST64.exe
2013-09-17 20:58 - 2013-09-17 20:58 - 01083437 _____ (Farbar) C:\Users\Rich\Downloads\FRST.exe
2013-09-17 20:57 - 2011-12-25 11:39 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{380B93D1-9026-4B57-BCA4-390E6126ADC7}
2013-09-17 20:56 - 2013-09-17 20:56 - 00008312 _____ C:\Users\Rich\Desktop\JRT.txt
2013-09-17 20:38 - 2013-06-09 17:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 20:37 - 2013-09-17 20:37 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 20:36 - 2013-09-17 20:35 - 01029675 _____ (Thisisu) C:\Users\Rich\Downloads\JRT.exe
2013-09-17 20:28 - 2011-12-26 15:03 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-17 20:28 - 2011-12-25 11:48 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906510967-1372018587-2623179206-1002Core.job
2013-09-17 20:28 - 2011-10-14 23:13 - 01607434 _____ C:\Windows\WindowsUpdate.log
2013-09-17 01:03 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 01:03 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 01:01 - 2009-07-14 06:13 - 00727334 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-17 00:57 - 2011-12-27 18:08 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-17 00:57 - 2011-12-25 23:30 - 00000000 ____D C:\Users\Rich\AppData\Local\CrashDumps
2013-09-17 00:55 - 2012-04-09 13:46 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-09-17 00:55 - 2011-12-26 00:03 - 00000000 ____D C:\Users\Rich\AppData\Roaming\Spotify
2013-09-17 00:52 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 00:52 - 2009-07-14 05:51 - 00077044 _____ C:\Windows\setupact.log
2013-09-16 23:13 - 2010-11-21 04:47 - 00608008 _____ C:\Windows\PFRO.log
2013-09-16 22:24 - 2013-09-16 22:24 - 00003701 _____ C:\Users\Rich\Desktop\AdwCleaner[s0].txt
2013-09-16 22:09 - 2013-09-16 22:02 - 00000000 ____D C:\AdwCleaner
2013-09-16 22:01 - 2013-09-16 22:01 - 01039554 _____ C:\Users\Rich\Downloads\AdwCleaner.exe
2013-09-16 21:11 - 2013-09-16 20:48 - 00007234 _____ C:\Users\Rich\Desktop\attach.txt
2013-09-16 20:48 - 2013-09-16 20:48 - 00018228 _____ C:\Users\Rich\Desktop\dds.txt
2013-09-16 20:44 - 2013-09-16 20:44 - 00688992 ____R (Swearware) C:\Users\Rich\Downloads\dds.com
2013-09-12 07:24 - 2011-12-25 11:39 - 00000000 ___RD C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 07:24 - 2011-12-25 11:39 - 00000000 ___RD C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 04:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 03:42 - 2009-07-14 05:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 03:17 - 2011-12-25 12:18 - 00735726 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-12 03:17 - 2011-12-25 12:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-12 03:16 - 2013-08-25 09:00 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 03:11 - 2012-06-22 01:10 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 20:47 - 2013-09-11 20:47 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-11 20:47 - 2013-09-11 20:47 - 00000000 ____D C:\Users\Rich\AppData\Roaming\Malwarebytes
2013-09-11 20:47 - 2013-09-11 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 20:47 - 2013-09-11 20:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-11 20:45 - 2013-09-11 20:45 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Rich\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-11 20:07 - 2011-12-25 11:33 - 00000000 ____D C:\Users\Rich
2013-09-11 19:06 - 2013-06-13 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-11 00:28 - 2013-09-10 20:42 - 00000000 ____D C:\Users\Rich\AppData\Roaming\Azureus
2013-09-08 18:16 - 2013-07-31 13:46 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-08 13:13 - 2011-12-26 00:04 - 00000000 ____D C:\Users\Rich\AppData\Local\Spotify
2013-09-08 13:02 - 2012-04-09 14:16 - 00000942 _____ C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-08-27 00:16 - 2012-01-23 20:12 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRich
2013-08-27 00:16 - 2012-01-23 20:12 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRich.job
2013-08-18 14:09 - 2013-08-18 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
Some content of TEMP:
====================
C:\Users\Rich\AppData\Local\Temp\0087479e-8af8-4a33-b0b3-a0e272727e99.dll
C:\Users\Rich\AppData\Local\Temp\01cabf1b-0dc4-4144-bd0b-f1f1254f1e4c.dll
C:\Users\Rich\AppData\Local\Temp\0977a2c6-17c6-4b34-b84c-a708e0e8f9af.dll
C:\Users\Rich\AppData\Local\Temp\0a6d6a91-6a2b-4fdc-9387-af3f20d66faa.dll
C:\Users\Rich\AppData\Local\Temp\0afab3f5-57f8-44ae-b780-69720c578e8f.dll
C:\Users\Rich\AppData\Local\Temp\0d5f85e5-dc13-408c-9c90-3ea923637fd5.dll
C:\Users\Rich\AppData\Local\Temp\0e8df721-b8b7-4b0e-a696-5e39bf2de3d4.dll
C:\Users\Rich\AppData\Local\Temp\0fe7ad4c-d227-4bd0-95ab-eee2c32e886c.dll
C:\Users\Rich\AppData\Local\Temp\139964ef-07ea-4f6a-a61c-eab90e3854cc.dll
C:\Users\Rich\AppData\Local\Temp\14ddaf94-084f-46ec-be51-6ad7e1182658.dll
C:\Users\Rich\AppData\Local\Temp\14efddd8-9bc3-4061-ac25-d3a07612082f.dll
C:\Users\Rich\AppData\Local\Temp\1f24c792-bbc7-4d13-a327-a4dbd032453d.dll
C:\Users\Rich\AppData\Local\Temp\210ef00f-358e-449c-afc7-4a2c4d8ad646.dll
C:\Users\Rich\AppData\Local\Temp\299c36cc-0e9a-4ad6-bcea-879fa8cf85f9.dll
C:\Users\Rich\AppData\Local\Temp\2be2a2f2-008e-464d-831b-37338eebd07e.dll
C:\Users\Rich\AppData\Local\Temp\2f6c47f6-b524-48c7-8f3d-02bdc60e7146.dll
C:\Users\Rich\AppData\Local\Temp\31c7062c-77ad-4496-8904-7c1b1c369d71.dll
C:\Users\Rich\AppData\Local\Temp\32d346f0-a11d-4b36-83b6-7f39e7320b97.dll
C:\Users\Rich\AppData\Local\Temp\3688bf2d-7c90-4de3-afd1-2c52352ba501.dll
C:\Users\Rich\AppData\Local\Temp\388837dd-6fc3-4d06-a042-17ba87dbe965.dll
C:\Users\Rich\AppData\Local\Temp\415f32f2-8621-4469-a85e-72f55356e41e.dll
C:\Users\Rich\AppData\Local\Temp\47720de4-cbf3-4cc1-a042-41ad2a7cdfd1.dll
C:\Users\Rich\AppData\Local\Temp\4c140a68-89b0-40ef-bd43-14050c56d5a3.dll
C:\Users\Rich\AppData\Local\Temp\4c178caf-4ea2-48a7-8bd6-5421bae61d81.dll
C:\Users\Rich\AppData\Local\Temp\5c11f94e-6173-4cbc-a35e-b06a0f1d1b6a.dll
C:\Users\Rich\AppData\Local\Temp\62d1d068-5c0a-44ed-87e8-d0b012615bba.dll
C:\Users\Rich\AppData\Local\Temp\65f0e3ca-3fcb-4ff3-ba62-2f7e9d599ccb.dll
C:\Users\Rich\AppData\Local\Temp\6a5050b4-38fd-4c03-ae23-b49a72d9b394.dll
C:\Users\Rich\AppData\Local\Temp\6a9acb4b-2985-4241-be59-ac76cd8d66cc.dll
C:\Users\Rich\AppData\Local\Temp\6c21f13f-9689-459f-a313-fc6218636bc0.dll
C:\Users\Rich\AppData\Local\Temp\71d7ca55-d0c2-42f3-9307-3e9422fba942.dll
C:\Users\Rich\AppData\Local\Temp\770d196e-4aa7-42c8-8115-403fb3adebcc.dll
C:\Users\Rich\AppData\Local\Temp\78092f9a-d49b-4ad1-81ba-fc37b5298617.dll
C:\Users\Rich\AppData\Local\Temp\7ed5af97-5500-4080-b551-e2bc430f8ecb.dll
C:\Users\Rich\AppData\Local\Temp\82170a70-9959-4d4b-80d7-3ddb19329bf1.dll
C:\Users\Rich\AppData\Local\Temp\888574ff-e3ec-4a0f-9e86-636b8fed138f.dll
C:\Users\Rich\AppData\Local\Temp\8a4815eb-a7c8-4377-8bf2-c833f976bdd4.dll
C:\Users\Rich\AppData\Local\Temp\8c2e8a77-37a8-4e3f-bdeb-a6eef6d29fcf.dll
C:\Users\Rich\AppData\Local\Temp\8eb778bf-9452-4358-af40-9346fe030225.dll
C:\Users\Rich\AppData\Local\Temp\918b5cb4-6582-4982-a0ed-17c46b917197.dll
C:\Users\Rich\AppData\Local\Temp\92b21671-91d6-4529-b795-2196e190ee0d.dll
C:\Users\Rich\AppData\Local\Temp\92b23c07-b76a-4a00-be19-1f6d7f5c4591.dll
C:\Users\Rich\AppData\Local\Temp\96189548-f15b-4c55-bc59-f454cfc4ec54.dll
C:\Users\Rich\AppData\Local\Temp\ac33bde4-73b2-45da-8f3b-85dbf42ee900.dll
C:\Users\Rich\AppData\Local\Temp\ada8456c-5b0c-40e5-aa2d-ba94f669f07e.dll
C:\Users\Rich\AppData\Local\Temp\AutoRun.exe
C:\Users\Rich\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Rich\AppData\Local\Temp\b135c352-f3bb-4131-a0fa-6298bfc97c22.dll
C:\Users\Rich\AppData\Local\Temp\b14cb926-277d-4d28-a977-1e9e4a93c0a3.dll
C:\Users\Rich\AppData\Local\Temp\b22c4574-6f9d-4353-ac61-e799070ae4a9.dll
C:\Users\Rich\AppData\Local\Temp\b2e4e5b4-49d3-45fb-b359-34079fa007b1.dll
C:\Users\Rich\AppData\Local\Temp\b433ad80-f9f7-4c88-b5bf-334ab4b7321c.dll
C:\Users\Rich\AppData\Local\Temp\b943653c-1b2f-429e-b5ab-7d493cd14932.dll
C:\Users\Rich\AppData\Local\Temp\bc5d5a6a-6dbc-423b-8a10-2b6fdc1ca3e2.dll
C:\Users\Rich\AppData\Local\Temp\bc5fed7b-21fc-41a6-8256-6d3fb825f9d2.dll
C:\Users\Rich\AppData\Local\Temp\c4734da3-a699-43e7-8648-df90fbb1ce60.dll
C:\Users\Rich\AppData\Local\Temp\cd5284f7-1838-49bb-bf00-a3537b620286.dll
C:\Users\Rich\AppData\Local\Temp\contentDATs.exe
C:\Users\Rich\AppData\Local\Temp\d8ba0f07-0d8e-4db8-b4e4-30d92eac82d2.dll
C:\Users\Rich\AppData\Local\Temp\d9544fd3-bcf6-4810-859c-88754b8e0a24.dll
C:\Users\Rich\AppData\Local\Temp\df4f1eb1-ce86-47b5-a29a-f0b1c46e8f1a.dll
C:\Users\Rich\AppData\Local\Temp\df87f017-7f8b-41c7-8a64-27869fdb6907.dll
C:\Users\Rich\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\Rich\AppData\Local\Temp\e2d3f28a-621a-4151-bc0f-11640cd8553d.dll
C:\Users\Rich\AppData\Local\Temp\e64432dd-8ab1-4619-8785-55b53b40b16c.dll
C:\Users\Rich\AppData\Local\Temp\e6592065-0dc4-421b-aa4b-da3b651c3ad0.dll
C:\Users\Rich\AppData\Local\Temp\e978a29b-9483-4b3e-b888-90e8322f140e.dll
C:\Users\Rich\AppData\Local\Temp\ea0a42a7-1b58-4091-8064-e6aecbae9387.dll
C:\Users\Rich\AppData\Local\Temp\ebfb8d10-93e9-4a91-a7fc-7ac339893f45.dll
C:\Users\Rich\AppData\Local\Temp\eca49c3a-7625-4728-9d20-e17efc3e871b.dll
C:\Users\Rich\AppData\Local\Temp\ef7e977c-24c5-49db-9f71-ecfbca253d3f.dll
C:\Users\Rich\AppData\Local\Temp\Extract.exe
C:\Users\Rich\AppData\Local\Temp\f118e631-16b6-4071-a2d9-3f4469ced29e.dll
C:\Users\Rich\AppData\Local\Temp\f1d7021b-c227-49d8-a3ad-a88683cc4a65.dll
C:\Users\Rich\AppData\Local\Temp\f7409a45-15d1-41cb-bcdb-ba9a3deade34.dll
C:\Users\Rich\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\Rich\AppData\Local\Temp\Quarantine.exe
C:\Users\Rich\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Rich\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rich\AppData\Local\Temp\sp54620.exe
C:\Users\Rich\AppData\Local\Temp\SP54714.exe
C:\Users\Rich\AppData\Local\Temp\SP55086.exe
C:\Users\Rich\AppData\Local\Temp\SP55151.exe
C:\Users\Rich\AppData\Local\Temp\SP55549.exe
C:\Users\Rich\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Rich\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Rich\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-12 04:24
 
==================== End Of Log ============================
 
Addition.txt is attached.
 
The final log, checkup, comes back simply with the message "UNSUPPORTED OPERATING SYSTEM! ABORTED!"
 
I assume that's not was expected of the checkup log, but as I say, on the face of it the problem seems to have disappeared.
 
Thanks for your help!

 

Addition.txt

Share this post


Link to post
Share on other sites

No worries about Security Checks, I can see what I need from FRST logs... maybe security interfered with the scan... Continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

We need to run an Online AV scan to ensure no remnants are left, Scan is very thorough so make take several hours...

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Kevin

 

 

fixlist.txt

Share this post


Link to post
Share on other sites

Thanks Kevin, so the ESET SCAN hasn't actually removed the threats that were found yet then, that's correct?

 

Fixlog and ESET SCAN below.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013
Ran by Rich at 2013-09-18 20:31:01 Run:1
Running from C:\Users\Rich\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Users\Rich\AppData\Local\Temp\0087479e-8af8-4a33-b0b3-a0e272727e99.dll
C:\Users\Rich\AppData\Local\Temp\01cabf1b-0dc4-4144-bd0b-f1f1254f1e4c.dll
C:\Users\Rich\AppData\Local\Temp\0977a2c6-17c6-4b34-b84c-a708e0e8f9af.dll
C:\Users\Rich\AppData\Local\Temp\0a6d6a91-6a2b-4fdc-9387-af3f20d66faa.dll
C:\Users\Rich\AppData\Local\Temp\0afab3f5-57f8-44ae-b780-69720c578e8f.dll
C:\Users\Rich\AppData\Local\Temp\0d5f85e5-dc13-408c-9c90-3ea923637fd5.dll
C:\Users\Rich\AppData\Local\Temp\0e8df721-b8b7-4b0e-a696-5e39bf2de3d4.dll
C:\Users\Rich\AppData\Local\Temp\0fe7ad4c-d227-4bd0-95ab-eee2c32e886c.dll
C:\Users\Rich\AppData\Local\Temp\139964ef-07ea-4f6a-a61c-eab90e3854cc.dll
C:\Users\Rich\AppData\Local\Temp\14ddaf94-084f-46ec-be51-6ad7e1182658.dll
C:\Users\Rich\AppData\Local\Temp\14efddd8-9bc3-4061-ac25-d3a07612082f.dll
C:\Users\Rich\AppData\Local\Temp\1f24c792-bbc7-4d13-a327-a4dbd032453d.dll
C:\Users\Rich\AppData\Local\Temp\210ef00f-358e-449c-afc7-4a2c4d8ad646.dll
C:\Users\Rich\AppData\Local\Temp\299c36cc-0e9a-4ad6-bcea-879fa8cf85f9.dll
C:\Users\Rich\AppData\Local\Temp\2be2a2f2-008e-464d-831b-37338eebd07e.dll
C:\Users\Rich\AppData\Local\Temp\2f6c47f6-b524-48c7-8f3d-02bdc60e7146.dll
C:\Users\Rich\AppData\Local\Temp\31c7062c-77ad-4496-8904-7c1b1c369d71.dll
C:\Users\Rich\AppData\Local\Temp\32d346f0-a11d-4b36-83b6-7f39e7320b97.dll
C:\Users\Rich\AppData\Local\Temp\3688bf2d-7c90-4de3-afd1-2c52352ba501.dll
C:\Users\Rich\AppData\Local\Temp\388837dd-6fc3-4d06-a042-17ba87dbe965.dll
C:\Users\Rich\AppData\Local\Temp\415f32f2-8621-4469-a85e-72f55356e41e.dll
C:\Users\Rich\AppData\Local\Temp\47720de4-cbf3-4cc1-a042-41ad2a7cdfd1.dll
C:\Users\Rich\AppData\Local\Temp\4c140a68-89b0-40ef-bd43-14050c56d5a3.dll
C:\Users\Rich\AppData\Local\Temp\4c178caf-4ea2-48a7-8bd6-5421bae61d81.dll
C:\Users\Rich\AppData\Local\Temp\5c11f94e-6173-4cbc-a35e-b06a0f1d1b6a.dll
C:\Users\Rich\AppData\Local\Temp\62d1d068-5c0a-44ed-87e8-d0b012615bba.dll
C:\Users\Rich\AppData\Local\Temp\65f0e3ca-3fcb-4ff3-ba62-2f7e9d599ccb.dll
C:\Users\Rich\AppData\Local\Temp\6a5050b4-38fd-4c03-ae23-b49a72d9b394.dll
C:\Users\Rich\AppData\Local\Temp\6a9acb4b-2985-4241-be59-ac76cd8d66cc.dll
C:\Users\Rich\AppData\Local\Temp\6c21f13f-9689-459f-a313-fc6218636bc0.dll
C:\Users\Rich\AppData\Local\Temp\71d7ca55-d0c2-42f3-9307-3e9422fba942.dll
C:\Users\Rich\AppData\Local\Temp\770d196e-4aa7-42c8-8115-403fb3adebcc.dll
C:\Users\Rich\AppData\Local\Temp\78092f9a-d49b-4ad1-81ba-fc37b5298617.dll
C:\Users\Rich\AppData\Local\Temp\7ed5af97-5500-4080-b551-e2bc430f8ecb.dll
C:\Users\Rich\AppData\Local\Temp\82170a70-9959-4d4b-80d7-3ddb19329bf1.dll
C:\Users\Rich\AppData\Local\Temp\888574ff-e3ec-4a0f-9e86-636b8fed138f.dll
C:\Users\Rich\AppData\Local\Temp\8a4815eb-a7c8-4377-8bf2-c833f976bdd4.dll
C:\Users\Rich\AppData\Local\Temp\8c2e8a77-37a8-4e3f-bdeb-a6eef6d29fcf.dll
C:\Users\Rich\AppData\Local\Temp\8eb778bf-9452-4358-af40-9346fe030225.dll
C:\Users\Rich\AppData\Local\Temp\918b5cb4-6582-4982-a0ed-17c46b917197.dll
C:\Users\Rich\AppData\Local\Temp\92b21671-91d6-4529-b795-2196e190ee0d.dll
C:\Users\Rich\AppData\Local\Temp\92b23c07-b76a-4a00-be19-1f6d7f5c4591.dll
C:\Users\Rich\AppData\Local\Temp\96189548-f15b-4c55-bc59-f454cfc4ec54.dll
C:\Users\Rich\AppData\Local\Temp\ac33bde4-73b2-45da-8f3b-85dbf42ee900.dll
C:\Users\Rich\AppData\Local\Temp\ada8456c-5b0c-40e5-aa2d-ba94f669f07e.dll
C:\Users\Rich\AppData\Local\Temp\AutoRun.exe
C:\Users\Rich\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Rich\AppData\Local\Temp\b135c352-f3bb-4131-a0fa-6298bfc97c22.dll
C:\Users\Rich\AppData\Local\Temp\b14cb926-277d-4d28-a977-1e9e4a93c0a3.dll
C:\Users\Rich\AppData\Local\Temp\b22c4574-6f9d-4353-ac61-e799070ae4a9.dll
C:\Users\Rich\AppData\Local\Temp\b2e4e5b4-49d3-45fb-b359-34079fa007b1.dll
C:\Users\Rich\AppData\Local\Temp\b433ad80-f9f7-4c88-b5bf-334ab4b7321c.dll
C:\Users\Rich\AppData\Local\Temp\b943653c-1b2f-429e-b5ab-7d493cd14932.dll
C:\Users\Rich\AppData\Local\Temp\bc5d5a6a-6dbc-423b-8a10-2b6fdc1ca3e2.dll
C:\Users\Rich\AppData\Local\Temp\bc5fed7b-21fc-41a6-8256-6d3fb825f9d2.dll
C:\Users\Rich\AppData\Local\Temp\c4734da3-a699-43e7-8648-df90fbb1ce60.dll
C:\Users\Rich\AppData\Local\Temp\cd5284f7-1838-49bb-bf00-a3537b620286.dll
C:\Users\Rich\AppData\Local\Temp\contentDATs.exe
C:\Users\Rich\AppData\Local\Temp\d8ba0f07-0d8e-4db8-b4e4-30d92eac82d2.dll
C:\Users\Rich\AppData\Local\Temp\d9544fd3-bcf6-4810-859c-88754b8e0a24.dll
C:\Users\Rich\AppData\Local\Temp\df4f1eb1-ce86-47b5-a29a-f0b1c46e8f1a.dll
C:\Users\Rich\AppData\Local\Temp\df87f017-7f8b-41c7-8a64-27869fdb6907.dll
C:\Users\Rich\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\Rich\AppData\Local\Temp\e2d3f28a-621a-4151-bc0f-11640cd8553d.dll
C:\Users\Rich\AppData\Local\Temp\e64432dd-8ab1-4619-8785-55b53b40b16c.dll
C:\Users\Rich\AppData\Local\Temp\e6592065-0dc4-421b-aa4b-da3b651c3ad0.dll
C:\Users\Rich\AppData\Local\Temp\e978a29b-9483-4b3e-b888-90e8322f140e.dll
C:\Users\Rich\AppData\Local\Temp\ea0a42a7-1b58-4091-8064-e6aecbae9387.dll
C:\Users\Rich\AppData\Local\Temp\ebfb8d10-93e9-4a91-a7fc-7ac339893f45.dll
C:\Users\Rich\AppData\Local\Temp\eca49c3a-7625-4728-9d20-e17efc3e871b.dll
C:\Users\Rich\AppData\Local\Temp\ef7e977c-24c5-49db-9f71-ecfbca253d3f.dll
C:\Users\Rich\AppData\Local\Temp\Extract.exe
C:\Users\Rich\AppData\Local\Temp\f118e631-16b6-4071-a2d9-3f4469ced29e.dll
C:\Users\Rich\AppData\Local\Temp\f1d7021b-c227-49d8-a3ad-a88683cc4a65.dll
C:\Users\Rich\AppData\Local\Temp\f7409a45-15d1-41cb-bcdb-ba9a3deade34.dll
C:\Users\Rich\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\Rich\AppData\Local\Temp\Quarantine.exe
C:\Users\Rich\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Rich\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rich\AppData\Local\Temp\sp54620.exe
C:\Users\Rich\AppData\Local\Temp\SP54714.exe
C:\Users\Rich\AppData\Local\Temp\SP55086.exe
C:\Users\Rich\AppData\Local\Temp\SP55151.exe
C:\Users\Rich\AppData\Local\Temp\SP55549.exe
C:\Users\Rich\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Rich\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Rich\AppData\Local\Temp\vcredist_x64.exe
End
 
*****************
 
C:\Users\Rich\AppData\Local\Temp\0087479e-8af8-4a33-b0b3-a0e272727e99.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\01cabf1b-0dc4-4144-bd0b-f1f1254f1e4c.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\0977a2c6-17c6-4b34-b84c-a708e0e8f9af.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\0a6d6a91-6a2b-4fdc-9387-af3f20d66faa.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\0afab3f5-57f8-44ae-b780-69720c578e8f.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\0d5f85e5-dc13-408c-9c90-3ea923637fd5.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\0e8df721-b8b7-4b0e-a696-5e39bf2de3d4.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\0fe7ad4c-d227-4bd0-95ab-eee2c32e886c.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\139964ef-07ea-4f6a-a61c-eab90e3854cc.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\14ddaf94-084f-46ec-be51-6ad7e1182658.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\14efddd8-9bc3-4061-ac25-d3a07612082f.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\1f24c792-bbc7-4d13-a327-a4dbd032453d.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\210ef00f-358e-449c-afc7-4a2c4d8ad646.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\299c36cc-0e9a-4ad6-bcea-879fa8cf85f9.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\2be2a2f2-008e-464d-831b-37338eebd07e.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\2f6c47f6-b524-48c7-8f3d-02bdc60e7146.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\31c7062c-77ad-4496-8904-7c1b1c369d71.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\32d346f0-a11d-4b36-83b6-7f39e7320b97.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\3688bf2d-7c90-4de3-afd1-2c52352ba501.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\388837dd-6fc3-4d06-a042-17ba87dbe965.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\415f32f2-8621-4469-a85e-72f55356e41e.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\47720de4-cbf3-4cc1-a042-41ad2a7cdfd1.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\4c140a68-89b0-40ef-bd43-14050c56d5a3.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\4c178caf-4ea2-48a7-8bd6-5421bae61d81.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\5c11f94e-6173-4cbc-a35e-b06a0f1d1b6a.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\62d1d068-5c0a-44ed-87e8-d0b012615bba.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\65f0e3ca-3fcb-4ff3-ba62-2f7e9d599ccb.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\6a5050b4-38fd-4c03-ae23-b49a72d9b394.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\6a9acb4b-2985-4241-be59-ac76cd8d66cc.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\6c21f13f-9689-459f-a313-fc6218636bc0.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\71d7ca55-d0c2-42f3-9307-3e9422fba942.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\770d196e-4aa7-42c8-8115-403fb3adebcc.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\78092f9a-d49b-4ad1-81ba-fc37b5298617.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\7ed5af97-5500-4080-b551-e2bc430f8ecb.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\82170a70-9959-4d4b-80d7-3ddb19329bf1.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\888574ff-e3ec-4a0f-9e86-636b8fed138f.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\8a4815eb-a7c8-4377-8bf2-c833f976bdd4.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\8c2e8a77-37a8-4e3f-bdeb-a6eef6d29fcf.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\8eb778bf-9452-4358-af40-9346fe030225.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\918b5cb4-6582-4982-a0ed-17c46b917197.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\92b21671-91d6-4529-b795-2196e190ee0d.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\92b23c07-b76a-4a00-be19-1f6d7f5c4591.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\96189548-f15b-4c55-bc59-f454cfc4ec54.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\ac33bde4-73b2-45da-8f3b-85dbf42ee900.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\ada8456c-5b0c-40e5-aa2d-ba94f669f07e.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\AutoRun.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\b135c352-f3bb-4131-a0fa-6298bfc97c22.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\b14cb926-277d-4d28-a977-1e9e4a93c0a3.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\b22c4574-6f9d-4353-ac61-e799070ae4a9.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\b2e4e5b4-49d3-45fb-b359-34079fa007b1.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\b433ad80-f9f7-4c88-b5bf-334ab4b7321c.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\b943653c-1b2f-429e-b5ab-7d493cd14932.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\bc5d5a6a-6dbc-423b-8a10-2b6fdc1ca3e2.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\bc5fed7b-21fc-41a6-8256-6d3fb825f9d2.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\c4734da3-a699-43e7-8648-df90fbb1ce60.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\cd5284f7-1838-49bb-bf00-a3537b620286.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\d8ba0f07-0d8e-4db8-b4e4-30d92eac82d2.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\d9544fd3-bcf6-4810-859c-88754b8e0a24.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\df4f1eb1-ce86-47b5-a29a-f0b1c46e8f1a.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\df87f017-7f8b-41c7-8a64-27869fdb6907.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\DivXWebPlayerInstaller.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\e2d3f28a-621a-4151-bc0f-11640cd8553d.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\e64432dd-8ab1-4619-8785-55b53b40b16c.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\e6592065-0dc4-421b-aa4b-da3b651c3ad0.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\e978a29b-9483-4b3e-b888-90e8322f140e.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\ea0a42a7-1b58-4091-8064-e6aecbae9387.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\ebfb8d10-93e9-4a91-a7fc-7ac339893f45.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\eca49c3a-7625-4728-9d20-e17efc3e871b.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\ef7e977c-24c5-49db-9f71-ecfbca253d3f.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\f118e631-16b6-4071-a2d9-3f4469ced29e.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\f1d7021b-c227-49d8-a3ad-a88683cc4a65.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\f7409a45-15d1-41cb-bcdb-ba9a3deade34.dll => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\MixiDJToolbar_yh.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\sp54620.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\SP54714.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\SP55086.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\SP55151.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\SP55549.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\SpotifyUpgrader.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\Rich\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
 
==== End of Fixlog ====
 
ESET SCAN 
 
C:\FRST\Quarantine\MixiDJToolbar_yh.exe a variant of Win32/Toolbar.Babylon.A application
C:\Users\Rich\AppData\Local\Temp\307C.tmp Win32/Toolbar.Babylon.M application
C:\Users\Rich\AppData\Local\Temp\3533.tmp Win32/Toolbar.Babylon.M application
C:\Users\Rich\AppData\Local\Temp\PDF5716.tmp JS/Exploit.Pdfka.PTV trojan
C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\IEHelper.dll a variant of Win32/Toolbar.Babylon.E application
C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Setup.exe a variant of Win32/Toolbar.Babylon.H application
C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Latest\ccp.exe Win32/Toolbar.Babylon.M application
C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Latest\IEHelper.dll Win32/Toolbar.Babylon.E application
C:\Users\Rich\Downloads\cbsidlm-tr1_11-OFXViewer-ORG-75628573.exe Win32/DownloadAdmin.G application
C:\Windows\System32\FlashPlayerUpdateService.exe Win32/Downloader.Agent.L application
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe Win32/Downloader.Agent.L application
C:\Windows\SysWOW64\FlashPlayerUpdateService.exe Win32/Downloader.Agent.L application
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Win32/Downloader.Agent.L application
 

Thanks.

Share this post


Link to post
Share on other sites

Yes correct with ESET scan, I only ask for a report. We deal with remaining issues now:

 

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Filesipconfig /flushdns /cC:\FRSTC:\Users\Rich\AppData\Local\Temp\307C.tmpC:\Users\Rich\AppData\Local\Temp\3533.tmpC:\Users\Rich\AppData\Local\Temp\PDF5716.tmpC:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\IEHelper.dllC:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Setup.exeC:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Latest\ccp.exeC:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Latest\IEHelper.dllC:\Users\Rich\Downloads\cbsidlm-tr1_11-OFXViewer-ORG-75628573.exeC:\Windows\System32\FlashPlayerUpdateService.exeC:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post me that log, let me know how your system is responding also if any remaining issues or concerns..

 

Kevin....

Share this post


Link to post
Share on other sites

Thanks Kevin. Here's the log.

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rich\Desktop\cmd.bat deleted successfully.
C:\Users\Rich\Desktop\cmd.txt deleted successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\Rich\AppData\Local\Temp\307C.tmp moved successfully.
C:\Users\Rich\AppData\Local\Temp\3533.tmp moved successfully.
C:\Users\Rich\AppData\Local\Temp\PDF5716.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\IEHelper.dll
C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\IEHelper.dll moved successfully.
C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Setup.exe moved successfully.
C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Latest\ccp.exe moved successfully.
DllUnregisterServer procedure not found in C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Latest\IEHelper.dll
C:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Latest\IEHelper.dll moved successfully.
C:\Users\Rich\Downloads\cbsidlm-tr1_11-OFXViewer-ORG-75628573.exe moved successfully.
C:\Windows\System32\FlashPlayerUpdateService.exe moved successfully.
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe moved successfully.
File/Folder C:\Windows\SysWOW64\FlashPlayerUpdateService.exe not found.
File/Folder C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Rich
->Temp folder emptied: 7351482891 bytes
->Temporary Internet Files folder emptied: 108093044 bytes
->FireFox cache emptied: 19888473 bytes
->Google Chrome cache emptied: 212406251 bytes
->Flash cache emptied: 79503 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 633880268 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 19391555 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304743 bytes
RecycleBin emptied: 45395063 bytes
 
Total Files Cleaned = 8,042.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 09192013_204831
 
Files moved on Reboot...
C:\Users\Rich\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
Registry entries deleted on Reboot...
 
System seems to be working fine but I will report back if any problems are encountered.
 
Thanks again, it's much appreciated
 
Bullseye1863

Share this post


Link to post
Share on other sites

Thanks for the logs, ok continue:

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

Remove ESET online scanner  (Only If installed):

 


Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

 

Next,

 

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

 

Any tools/logs remaining on the Desktop can be deleted.

 

Let me know if those steps complete OK, If all is ok with no issues here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.