Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-up windows won't go away!


  • Please log in to reply
12 replies to this topic

#1 RDN1

RDN1

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 11 June 2013 - 12:46 PM

Hi:

 

My computer must be infected with something - in the past 2 months or so, when we open a web page in Firefox, often another page opens behind it, usually for some sort of advertising for insurance, etc. When I click on the red "x" at the top left, I am asked if I want to stay on the page.

 

This happens with several different web sites, including facebook and the local news station's site.

 

I've tried running Malware Bytes anti-malware;while that found a few items, it didn't fix the problem. Below is a log of what Malware Bytes did when I ran it 2 days ago (full scan):

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Family :: FAMILY-PC [administrator]

6/9/2013 8:41:09 PM
mbam-log-2013-06-09 (20-41-09).txt

Scan type: Full scan (C:\|K:\|L:\|M:\|N:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 525670
Time elapsed: 1 hour(s), 1 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files (x86)\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Family\AppData\Local\Temp\DM\Installer_for_MC_fdreiMinecraft_exe_067312\Vid-Saver-PPI.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Family\Downloads\FlashPlayer_V.135870509b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Family\Downloads\FlashPlayer_V.135870955b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.

(end)
 

 

Below is my dds.txt file I ran this morning:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Family at 10:31:38 on 2013-06-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12279.8929 [GMT -7:00]
.
AV: PC Tools Internet Security Anti-Virus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: PC Tools Internet Security Anti-Spyware *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\afasrv64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\CardIcon\iconcs50611310.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
uURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
mURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [AmazonMP3DownloaderHelper] C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [QwestTouchPointAgent] "C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [USBestCR] C:\Program Files (x86)\cardicon\iconcs50611310.exe RunFromReg
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{AFDCD982-CED8-44BE-800E-95521054CCE8} : DHCPNameServer = 192.168.0.1 205.171.3.25
Notify: SDWinLogon - SDWinLogon.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [USBestCR] C:\Program Files (x86)\cardicon\iconcs50611310.exe RunFromReg
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wsdot.wa.gov/traffic/seattle/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: L:\Family\Jenna's stuff\Fun Stuff\Picasa3\npPicasa3.dll
FF - ExtSQL: 2013-06-10 22:16; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-06-10 22:37; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-7-24 426616]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-7-24 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-7-24 1096176]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2012-9-18 65664]
R0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-9-18 706776]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-7-24 341200]
R1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;C:\Windows\System32\drivers\pctNdisLW64.sys [2011-11-9 76952]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2011-7-24 251560]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 AfaService;Afa Card Reader Service;C:\Windows\System32\afasrv64.exe --> C:\Windows\System32\afasrv64.exe [?]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-7-24 575448]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-11-20 21992]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-7-24 402368]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-7-24 1118680]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-10 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-6-10 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-6-10 171928]
R2 sprtlisten;SupportSoft Listener Service;C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2011-11-9 85224]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys [2011-7-24 123808]
R3 pctplfw;pctplfw;C:\Windows\System32\drivers\pctplfw64.sys [2011-7-24 181032]
R3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-7-24 92928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2012-9-18 41968]
R3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-10 1255736]
.
=============== Created Last 30 ================
.
2013-06-11 06:00:13    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-06-11 06:00:06    17272    ----a-w-    C:\Windows\System32\sdnclean64.exe
2013-06-11 06:00:02    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-11 05:45:52    --------    d-----w-    C:\Users\Family\AppData\Roaming\SUPERAntiSpyware.com
2013-06-11 05:45:44    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-06-11 05:45:44    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-06-10 03:38:31    --------    d-----w-    C:\Users\Family\AppData\Local\Programs
2013-06-07 20:51:48    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2013-06-07 20:51:46    --------    d-----w-    C:\Program Files (x86)\Steam
2013-06-07 03:12:00    --------    d-----w-    C:\Program Files\iPod
2013-06-07 03:11:59    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-07 03:11:59    --------    d-----w-    C:\Program Files\iTunes
2013-06-07 03:11:59    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-05-24 03:03:07    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 03:03:07    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 03:03:07    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 03:03:07    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 03:03:07    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-24 03:03:07    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-24 03:03:07    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-24 03:03:07    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-24 03:03:07    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-24 03:03:07    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-17 15:04:54    737072    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-05-15 14:27:00    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 14:27:00    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 14:27:00    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-15 14:26:53    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-15 14:26:52    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-15 14:26:52    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-15 14:26:52    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-15 14:26:41    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-05-15 14:26:41    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-05-15 14:26:40    3153920    ----a-w-    C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2013-05-15 00:30:18    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 00:30:18    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-01 10:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14    2242048    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 06:50:36    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24    1767424    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 21:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-04 12:35:05    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-02 14:09:52    4550656    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-15 05:07:52    559904    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-03-15 04:16:18    3477280    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17    6398240    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10    877856    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
.
============= FINISH: 10:32:00.45 ===============
 

Regards,

 

Ron

 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 AM

Posted 11 June 2013 - 01:15 PM

:welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 12 June 2013 - 10:39 PM

Hi:

 

Thanks for the reply; here is the contents of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2013 04
Ran by Family (administrator) on 12-06-2013 20:33:21
Running from C:\Users\Family\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Windows\SysWOW64\afasrv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsGui.exe
() C:\Program Files (x86)\CardIcon\iconcs50611310.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Qwest Communications) C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [USBestCR] C:\Program Files (x86)\cardicon\iconcs50611310.exe RunFromReg [7373824 2011-04-21] ()
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKCU\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [AmazonMP3DownloaderHelper] C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-05-02] ()
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [QwestTouchPointAgent] "C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart [45992 2011-01-25] (Qwest Communications)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 [318096 2009-08-04] (Carbonite, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [USBestCR] C:\Program Files (x86)\cardicon\iconcs50611310.exe RunFromReg [7373824 2011-04-21] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)
HKLM-x32\...\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" [30264 2009-10-06] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\UpdatusUser\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\UpdatusUser\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
URLSearchHook: (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} -  No File
URLSearchHook: (No Name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: WhiteSmoke US Toolbar - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM-x32 - WhiteSmoke US Toolbar - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Winsock: Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448472] (PC Tools Research Pty Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default
FF Homepage: hxxp://www.wsdot.com/traffic/seattle/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - L:\Family\Jenna's stuff\Fun Stuff\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\Extensions\crossriderapp3491@crossrider.com
FF Extension: ????????? ????????? Logitech - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\Extensions\DeviceDetection@logitech.com
FF Extension: personas - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\Extensions\personas@christopher.beard.xpi
FF Extension: No Name - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AfaService; C:\Windows\SysWow64\afasrv64.exe [73728 2011-04-21] ()
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-22] (Threat Expert Ltd.)
R2 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
R2 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 sprtlisten; C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S3 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.)
R3 ThreatFire; C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe [71008 2012-06-22] (PC Tools)

==================== Drivers (Whitelisted) ====================

R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
R3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85224 2012-06-22] (PC Tools)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-28] (PC Tools)
R3 PCTFW-PacketFilter; C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [123808 2012-04-19] (PC Tools)
R1 pctgntdi; C:\Windows\System32\drivers\pctgntdi64.sys [341200 2012-06-22] (PC Tools)
R1 pctgntdi; C:\Windows\System32\drivers\pctgntdi64.sys [341200 2012-06-22] (PC Tools)
R1 pctNdisLW64; C:\Windows\System32\DRIVERS\pctNdisLW64.sys [76952 2011-07-08] (PC Tools)
R3 pctplfw; C:\Windows\System32\drivers\pctplfw64.sys [181032 2012-06-22] (PC Tools)
R3 pctplfw; C:\Windows\System32\drivers\pctplfw64.sys [181032 2012-06-22] (PC Tools)
R3 pctplsg; C:\Windows\System32\drivers\pctplsg64.sys [92928 2012-06-22] (PC Tools)
R3 pctplsg; C:\Windows\System32\drivers\pctplsg64.sys [92928 2012-06-22] (PC Tools)
R1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251560 2012-06-22] (PC Tools)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65664 2012-06-22] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41968 2012-06-22] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41968 2012-06-22] (PC Tools)
R0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [706776 2012-06-22] (PC Tools)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-12 20:33 - 2013-06-12 20:33 - 00000000 ____D C:\FRST
2013-06-12 20:31 - 2013-06-12 20:32 - 01920280 ____A (Farbar) C:\Users\Family\Desktop\FRST64.exe
2013-06-11 11:37 - 2013-06-11 11:37 - 00000804 ____A C:\Windows\wininit.ini
2013-06-11 10:32 - 2013-06-11 10:32 - 00021919 ____A C:\Users\Family\Desktop\dds.txt
2013-06-11 10:32 - 2013-06-11 10:32 - 00013538 ____A C:\Users\Family\Desktop\attach.txt
2013-06-11 10:16 - 2013-06-11 10:16 - 00688992 ____R (Swearware) C:\Users\Family\Desktop\dds.com
2013-06-11 09:27 - 2013-06-11 09:28 - 20896392 ____A (Microsoft Corporation) C:\Users\Family\Downloads\Windows-KB890830-x64-V5.1.exe
2013-06-10 23:00 - 2013-06-10 23:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-10 23:00 - 2013-06-10 23:00 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-06-10 23:00 - 2013-06-10 23:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-10 23:00 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-06-10 22:57 - 2013-06-10 22:58 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\Family\Downloads\spybot-2.1.exe
2013-06-10 22:45 - 2013-06-10 22:45 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-10 22:45 - 2013-06-10 22:45 - 00000000 ____D C:\Users\Family\AppData\Roaming\SUPERAntiSpyware.com
2013-06-10 22:45 - 2013-06-10 22:45 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-10 22:45 - 2013-06-10 22:45 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-10 22:44 - 2013-06-10 22:45 - 26082488 ____A (SUPERAntiSpyware.com) C:\Users\Family\Downloads\SUPERAntiSpyware.exe
2013-06-09 20:39 - 2013-06-09 20:39 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-07 20:47 - 2013-06-07 20:47 - 00263186 ____A C:\Users\Family\Downloads\Minecraft.exe
2013-06-07 13:51 - 2013-06-12 09:49 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-07 13:51 - 2013-06-07 13:51 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2013-06-07 13:49 - 2013-06-07 13:49 - 01669632 ____A C:\Users\Family\Downloads\SteamInstall.msi
2013-06-07 13:44 - 2013-06-07 13:44 - 79949704 ____A C:\Users\Family\Downloads\7zip-setup.exe
2013-06-07 13:37 - 2013-06-07 13:41 - 112348999 ____A C:\Users\Family\Downloads\Prison Architect [Alpha 10] by DarkpwnSs From MinecraftL4BEL (2).rar
2013-06-06 20:12 - 2013-06-06 20:12 - 00000000 ____D C:\Program Files\iPod
2013-06-06 20:11 - 2013-06-06 20:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 20:11 - 2013-06-06 20:12 - 00000000 ____D C:\Program Files\iTunes
2013-06-06 20:11 - 2013-06-06 20:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-23 20:02 - 2013-05-23 20:03 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-15 22:08 - 2013-04-04 23:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 22:08 - 2013-04-04 23:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 22:08 - 2013-04-04 23:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 22:08 - 2013-04-04 23:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 22:08 - 2013-04-04 23:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 22:08 - 2013-04-04 23:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 22:08 - 2013-04-04 23:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 22:08 - 2013-04-04 23:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 22:08 - 2013-04-04 23:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 22:08 - 2013-04-04 23:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 22:08 - 2013-04-04 23:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 22:08 - 2013-04-04 23:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 22:08 - 2013-04-04 23:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 22:08 - 2013-04-04 23:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 22:08 - 2013-04-04 22:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 22:08 - 2013-04-04 22:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 22:08 - 2013-04-04 22:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 22:08 - 2013-04-04 21:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 22:08 - 2013-04-04 21:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 22:08 - 2013-04-04 20:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 22:08 - 2013-04-04 20:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 07:27 - 2013-04-09 23:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 07:27 - 2013-04-09 23:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 07:27 - 2011-02-03 04:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 07:26 - 2013-04-09 20:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 07:26 - 2013-03-18 22:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 07:26 - 2013-03-18 22:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 07:26 - 2013-02-26 23:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 07:26 - 2013-02-26 22:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 07:26 - 2013-02-26 22:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 07:26 - 2013-02-26 22:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 07:26 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 07:26 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 07:26 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 07:26 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 21:57 - 2013-05-14 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-06-12 20:33 - 2013-06-12 20:33 - 00000000 ____D C:\FRST
2013-06-12 20:32 - 2013-06-12 20:31 - 01920280 ____A (Farbar) C:\Users\Family\Desktop\FRST64.exe
2013-06-12 20:30 - 2012-04-03 16:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-12 16:07 - 2011-04-09 15:28 - 02042357 ____A C:\Windows\WindowsUpdate.log
2013-06-12 10:57 - 2012-07-30 08:29 - 00000000 ____D C:\Users\Family\AppData\Roaming\.minecraft
2013-06-12 09:57 - 2011-04-10 06:40 - 05900090 ____A C:\Windows\System32\Drivers\Cat.DB
2013-06-12 09:56 - 2009-07-13 21:45 - 00013648 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-12 09:56 - 2009-07-13 21:45 - 00013648 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-12 09:54 - 2009-07-13 22:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 09:50 - 2011-04-10 06:38 - 00000000 ____D C:\Program Files (x86)\PC Tools Security
2013-06-12 09:49 - 2013-06-07 13:51 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-12 09:48 - 2011-04-10 03:34 - 00048578 ____A C:\Windows\PFRO.log
2013-06-12 09:48 - 2011-04-10 00:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-12 09:48 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-12 09:48 - 2009-07-13 21:51 - 00099136 ____A C:\Windows\setupact.log
2013-06-11 19:30 - 2012-04-03 16:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 19:30 - 2011-05-16 15:26 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 11:37 - 2013-06-11 11:37 - 00000804 ____A C:\Windows\wininit.ini
2013-06-11 10:32 - 2013-06-11 10:32 - 00021919 ____A C:\Users\Family\Desktop\dds.txt
2013-06-11 10:32 - 2013-06-11 10:32 - 00013538 ____A C:\Users\Family\Desktop\attach.txt
2013-06-11 10:16 - 2013-06-11 10:16 - 00688992 ____R (Swearware) C:\Users\Family\Desktop\dds.com
2013-06-11 09:28 - 2013-06-11 09:27 - 20896392 ____A (Microsoft Corporation) C:\Users\Family\Downloads\Windows-KB890830-x64-V5.1.exe
2013-06-10 23:04 - 2013-06-10 23:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-10 23:00 - 2013-06-10 23:00 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-06-10 23:00 - 2013-06-10 23:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-10 22:58 - 2013-06-10 22:57 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\Family\Downloads\spybot-2.1.exe
2013-06-10 22:51 - 2013-03-12 18:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-10 22:51 - 2012-07-30 13:38 - 00000000 ____D C:\Users\Family\AppData\Local\Google
2013-06-10 22:45 - 2013-06-10 22:45 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-10 22:45 - 2013-06-10 22:45 - 00000000 ____D C:\Users\Family\AppData\Roaming\SUPERAntiSpyware.com
2013-06-10 22:45 - 2013-06-10 22:45 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-10 22:45 - 2013-06-10 22:45 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-10 22:45 - 2013-06-10 22:44 - 26082488 ____A (SUPERAntiSpyware.com) C:\Users\Family\Downloads\SUPERAntiSpyware.exe
2013-06-09 20:39 - 2013-06-09 20:39 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-09 20:39 - 2011-05-19 20:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-07 20:47 - 2013-06-07 20:47 - 00263186 ____A C:\Users\Family\Downloads\Minecraft.exe
2013-06-07 13:51 - 2013-06-07 13:51 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2013-06-07 13:51 - 2011-04-09 15:28 - 00000000 ____D C:\users\Family
2013-06-07 13:49 - 2013-06-07 13:49 - 01669632 ____A C:\Users\Family\Downloads\SteamInstall.msi
2013-06-07 13:44 - 2013-06-07 13:44 - 79949704 ____A C:\Users\Family\Downloads\7zip-setup.exe
2013-06-07 13:41 - 2013-06-07 13:37 - 112348999 ____A C:\Users\Family\Downloads\Prison Architect [Alpha 10] by DarkpwnSs From MinecraftL4BEL (2).rar
2013-06-06 20:12 - 2013-06-06 20:12 - 00000000 ____D C:\Program Files\iPod
2013-06-06 20:12 - 2013-06-06 20:11 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 20:12 - 2013-06-06 20:11 - 00000000 ____D C:\Program Files\iTunes
2013-06-06 20:12 - 2013-06-06 20:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-06 20:12 - 2012-09-13 18:13 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-03 18:16 - 2011-04-10 09:38 - 75898224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-23 20:03 - 2013-05-23 20:02 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-23 20:02 - 2012-05-17 20:16 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-16 08:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-05-16 08:07 - 2009-07-13 21:45 - 00486608 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 22:14 - 2011-04-10 12:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 07:16 - 2012-04-25 20:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-14 21:57 - 2013-05-14 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-03 17:23

==================== End Of Log ============================

 

Attached Files



#4 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 12 June 2013 - 11:39 PM

One more item: I deleted something called VidSaver from our FireFox extensions, that removed the ads for "Asain Women"...

 

I looked for it in the remove programs, and didn't find it, but I DID find something suspicious called, "WhiteSmoke US Toolbar".

 

I left this alone for now, but I'm sure we will have to deal with it.

 

I was running AdAware and NoScript, but they kept re-setting my FireFox settings so I disabled them.


Edited by RDN1, 12 June 2013 - 11:40 PM.


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 AM

Posted 13 June 2013 - 11:07 AM

Lets try Combofix.

Please download ComboFix from Here or Here to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.  
  • Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 17 June 2013 - 11:47 PM

Hi:

 

I downloaded & ran ComboFix; here is the report:

 

ComboFix 13-06-17.01 - Family 06/17/2013  21:31:45.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12279.8824 [GMT -7:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: PC Tools Internet Security Anti-Spyware *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
c:\users\Family\AppData\Local\Vid-Saver
c:\windows\wininit.ini
l:\family\~WRL0003.tmp
N:\autorun.inf
N:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-18 to 2013-06-18  )))))))))))))))))))))))))))))))
.
.
2013-06-18 04:38 . 2013-06-18 04:38    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-06-18 04:38 . 2013-06-18 04:38    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-18 04:38 . 2013-06-18 04:38    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-06-13 05:32 . 2013-06-13 05:32    --------    d-----w-    c:\program files\Microsoft Mouse and Keyboard Center
2013-06-13 05:12 . 2013-06-08 12:28    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-06-13 03:33 . 2013-06-13 03:33    --------    d-----w-    C:\FRST
2013-06-11 06:00 . 2013-06-18 04:27    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-06-11 06:00 . 2009-01-25 20:14    17272    ----a-w-    c:\windows\system32\sdnclean64.exe
2013-06-11 06:00 . 2013-06-11 06:00    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2013-06-11 05:45 . 2013-06-11 05:45    --------    d-----w-    c:\users\Family\AppData\Roaming\SUPERAntiSpyware.com
2013-06-11 05:45 . 2013-06-11 05:45    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-06-11 05:45 . 2013-06-11 05:45    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-06-10 03:38 . 2013-06-10 03:38    --------    d-----w-    c:\users\Family\AppData\Local\Programs
2013-06-07 20:51 . 2013-06-07 20:59    --------    d-----w-    c:\program files (x86)\Common Files\Steam
2013-06-07 20:51 . 2013-06-17 18:50    --------    d-----w-    c:\program files (x86)\Steam
2013-06-07 03:12 . 2013-06-07 03:12    --------    d-----w-    c:\program files\iPod
2013-06-07 03:11 . 2013-06-07 03:12    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-07 03:11 . 2013-06-07 03:12    --------    d-----w-    c:\program files\iTunes
2013-06-07 03:11 . 2013-06-07 03:12    --------    d-----w-    c:\program files (x86)\iTunes
2013-05-24 03:03 . 2013-05-24 03:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 03:03 . 2013-05-24 03:03    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-24 03:03 . 2013-05-24 03:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 03:03 . 2013-05-24 03:03    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-24 03:03 . 2013-05-24 03:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 03:03 . 2013-05-24 03:03    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-24 03:03 . 2013-05-24 03:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 03:03 . 2013-05-24 03:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-24 03:03 . 2013-05-24 03:03    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-24 03:03 . 2013-05-24 03:03    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-24 03:02 . 2013-05-24 03:03    --------    d-----w-    c:\program files (x86)\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 02:30 . 2012-04-03 23:59    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 02:30 . 2011-05-16 22:26    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 01:16 . 2011-04-10 16:38    75898224    ----a-w-    c:\windows\system32\MRT.exe
2013-05-17 15:04 . 2013-05-17 15:04    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-05-13 22:36 . 2013-05-13 22:36    828872    ----a-w-    c:\windows\system32\msvcr110.dll
2013-05-13 22:36 . 2013-05-13 22:36    661448    ----a-w-    c:\windows\system32\msvcp110.dll
2013-05-13 22:36 . 2013-05-13 22:36    354264    ----a-w-    c:\windows\system32\vccorlib110.dll
2013-05-13 22:36 . 2013-05-13 22:36    251864    ----a-w-    c:\windows\SysWow64\vccorlib110.dll
2013-05-13 22:36 . 2013-05-13 22:36    862664    ----a-w-    c:\windows\SysWow64\msvcr110.dll
2013-05-13 22:36 . 2013-05-13 22:36    534480    ----a-w-    c:\windows\SysWow64\msvcp110.dll
2013-05-02 17:32 . 2013-05-02 17:32    2274480    ----a-w-    c:\windows\system32\coin94.dll
2013-05-01 10:59 . 2013-05-01 10:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 14:26    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:26    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:26    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:26    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:26    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:26    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 13:31    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 14:27    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 14:27    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 04:07 . 2013-04-10 04:07    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-04-10 04:07 . 2013-04-10 04:07    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-10 04:07 . 2013-04-10 04:07    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-04-10 04:07 . 2013-04-10 04:07    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-04-10 04:07 . 2013-04-10 04:07    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-04-10 04:07 . 2013-04-10 04:07    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-04-10 04:07 . 2013-04-10 04:07    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-04-10 04:07 . 2013-04-10 04:07    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-04-10 04:07 . 2013-04-10 04:07    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-04-10 04:07 . 2013-04-10 04:07    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-10 04:07 . 2013-04-10 04:07    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-04-10 04:07 . 2013-04-10 04:07    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-04-10 04:07 . 2013-04-10 04:07    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-04-10 04:07 . 2013-04-10 04:07    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-04-10 04:07 . 2013-04-10 04:07    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-04-10 04:07 . 2013-04-10 04:07    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-04-10 04:07 . 2013-04-10 04:07    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-04-10 04:07 . 2013-04-10 04:07    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-04-10 04:07 . 2013-04-10 04:07    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-04-10 04:07 . 2013-04-10 04:07    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-04-10 04:07 . 2013-04-10 04:07    441856    ----a-w-    c:\windows\system32\html.iec
2013-04-10 04:07 . 2013-04-10 04:07    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-04-10 04:07 . 2013-04-10 04:07    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-04-10 04:07 . 2013-04-10 04:07    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-04-10 04:07 . 2013-04-10 04:07    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-10 04:07 . 2013-04-10 04:07    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-04-10 04:07 . 2013-04-10 04:07    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-04-10 04:07 . 2013-04-10 04:07    235008    ----a-w-    c:\windows\system32\url.dll
2013-04-10 04:07 . 2013-04-10 04:07    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-04-10 04:07 . 2013-04-10 04:07    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-04-10 04:07 . 2013-04-10 04:07    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-04-10 04:07 . 2013-04-10 04:07    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-10 04:07 . 2013-04-10 04:07    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-04-10 04:07 . 2013-04-10 04:07    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-04-10 04:07 . 2013-04-10 04:07    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-10 04:07 . 2013-04-10 04:07    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-04-10 04:07 . 2013-04-10 04:07    149504    ----a-w-    c:\windows\system32\occache.dll
2013-04-10 04:07 . 2013-04-10 04:07    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-04-10 04:07 . 2013-04-10 04:07    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-04-10 04:07 . 2013-04-10 04:07    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-04-10 04:07 . 2013-04-10 04:07    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-04-10 04:07 . 2013-04-10 04:07    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-04-10 04:07 . 2013-04-10 04:07    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-04-10 04:07 . 2013-04-10 04:07    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-04-10 04:07 . 2013-04-10 04:07    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-04-10 04:07 . 2013-04-10 04:07    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-04-10 04:07 . 2013-04-10 04:07    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-04-10 04:07 . 2013-04-10 04:07    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-04-10 04:07 . 2013-04-10 04:07    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-04-10 03:30 . 2013-05-15 14:26    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-04-04 21:50 . 2011-05-20 03:59    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-04 12:35 . 2013-04-18 03:49    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-02 14:09 . 2013-04-02 14:09    4550656    ----a-w-    c:\windows\SysWow64\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{cce665dd-f6dd-4808-968e-eaec971f70ef}]
2011-05-09 09:49    176936    ----a-w-    c:\program files (x86)\WhiteSmoke_US\prxtbWhit.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cce665dd-f6dd-4808-968e-eaec971f70ef}"= "c:\program files (x86)\WhiteSmoke_US\prxtbWhit.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cce665dd-f6dd-4808-968e-eaec971f70ef}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QwestTouchPointAgent"="c:\program files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe" [2011-01-25 45992]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"USBestCR"="c:\program files (x86)\cardicon\iconcs50611310.exe" [2011-04-22 7373824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2012-06-22 2673624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-10-07 30264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys;c:\windows\SYSNATIVE\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys;c:\windows\SYSNATIVE\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys;c:\windows\SYSNATIVE\drivers\pctEFA64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys;c:\windows\SYSNATIVE\drivers\pctgntdi64.sys [x]
S1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;c:\windows\system32\DRIVERS\pctNdisLW64.sys;c:\windows\SYSNATIVE\DRIVERS\pctNdisLW64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys;c:\windows\SYSNATIVE\Drivers\PCTSD64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe;c:\windows\SYSNATIVE\afasrv64.exe [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [x]
S2 sprtlisten;SupportSoft Listener Service;c:\program files (x86)\Common Files\supportsoft\bin\sprtlisten.exe;c:\program files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys;c:\windows\SYSNATIVE\Drivers\PCTBD64.sys [x]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys;c:\windows\SYSNATIVE\drivers\pctNdis-PacketFilter64.sys [x]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys;c:\windows\SYSNATIVE\drivers\pctplfw64.sys [x]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys;c:\windows\SYSNATIVE\drivers\pctplsg64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBestCR"="c:\program files (x86)\cardicon\iconcs50611310.exe" [2011-04-22 7373824]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wsdot.com/traffic/seattle/
FF - ExtSQL: 2013-06-12 20:45; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-AmazonMP3DownloaderHelper - c:\users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
Wow6432Node-HKLM-Run-PCTools FGuard - c:\program files (x86)\PC Tools Security\BDT\FGuard.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-17  21:41:53
ComboFix-quarantined-files.txt  2013-06-18 04:41
ComboFix2.txt  2011-05-20 06:36
.
Pre-Run: 228,899,831,808 bytes free
Post-Run: 232,015,724,544 bytes free
.
- - End Of File - - 383666FC98449EDCC69A925830E9042E
8F558EB6672622401DA993E1E865C861
 



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 AM

Posted 18 June 2013 - 07:17 AM

Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

 

Security check

Download and run Security Check by screen317 and post its report.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 27 June 2013 - 12:05 AM

Thanks for all the help so far; here is the log from AdwCleaner:

 

# AdwCleaner v2.303 - Logfile created 06/26/2013 at 21:50:25
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Family - FAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Family\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\WhiteSmoke_US
Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\Users\Family\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Family\AppData\LocalLow\WhiteSmoke_US
Folder Deleted : C:\Users\Family\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\efzvvg6q.Mark's Awesome Profile\extensions\crossriderapp3491@crossrider.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_US
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}
Key Deleted : HKLM\Software\WhiteSmoke_US
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{436BB065-2854-409D-97AB-89F2AB156B16}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5BAD205-FEE5-4B6F-B650-0054574EE7ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CCE665DD-F6DD-4808-968E-EAEC971F70EF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\prefs.js

C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\user.js ... Deleted !

[OK] File is clean.

File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\lqntaf26.Darlene\prefs.js

C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\lqntaf26.Darlene\user.js ... Deleted !

[OK] File is clean.

File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tvn6xr5d.Mark\prefs.js

[OK] File is clean.

File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\prefs.js

C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3603 octets] - [26/06/2013 21:50:25]

########## EOF - C:\AdwCleaner[S1].txt - [3663 octets] ##########
 

 

Here is the log from SecurityCheck:

 

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
PC Tools Internet Security Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0)
 Mozilla Thunderbird 11.0.1 Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 ThreatFire TFService.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

 

Regards,

 

Ron Nelson



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 AM

Posted 27 June 2013 - 07:15 AM

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 29 June 2013 - 05:08 PM

Hi:

 

Here is the lof rom Junkware Removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Family on Sat 06/29/2013 at 14:53:47.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Successfully deleted the following from C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\lqntaf26.Darlene\prefs.js

user_pref("extensions.crossrider.bic", "13f3a706aa208b5d784352feb0df0d24");
Successfully deleted the following from C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\klypnjdj.Jenna\prefs.js

user_pref("extensions.crossrider.bic", "13f394ca7a24b95e1b1a46d7d498a825");
Successfully deleted the following from C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\ufwer1tt.default\prefs.js

user_pref("extensions.crossrider.bic", "13f3b9421b42127abfa0b83d8ea2876f");
Emptied folder: C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\lqntaf26.Darlene\minidumps [681 files]
Emptied folder: C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\klypnjdj.Jenna\minidumps [149 files]
Emptied folder: C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\ufwer1tt.default\minidumps [29 files]
Emptied folder: C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\tvn6xr5d.Mark\minidumps [282 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/29/2013 at 14:57:37.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

The computer is running better; before I ran the Junkware Removal Tool I was still getting pop-ups, this time from "...zedo.com..." sites. Time will tell if they are gone, but they appear to be.

 

I'd like to make a contribution, but when I click the "Donate" button nothing happens.

 

Regards,

 

Ron Nelson



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 AM

Posted 29 June 2013 - 07:26 PM

Lets perform an online scan:
 
Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 09 July 2013 - 08:54 AM

Hi:

 

Here is the log file:

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=23c2cf709370eb4e8cd4a83abadc2f45
# engine=14322
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-09 07:36:23
# local_time=2013-07-09 12:36:23 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3590 16777213 100 87 0 191425447 0 0
# compatibility_mode=5893 16776574 100 94 69398150 124898833 0 0
# scanned=317324
# found=2
# cleaned=2
# scan_time=8089
sh=D1AA7C2DD069CC0DDB3786EC010C4FA1D7155AC3 ft=1 fh=10efaba9a3047705 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Family\Downloads\7zip-setup.exe"
sh=95D3383B685C5E91834077E651EC6B110AB10DAA ft=1 fh=4c25fc55b5d2b687 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Family\Downloads\hwmonitor_1.18-setup.exe"
 

The computer is running much better now, Thanks!

 

Regards,

 

Ron



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:50 AM

Posted 09 July 2013 - 10:59 AM

Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

The following will implement some cleanup procedures as well as reset  System Restore points:

Press the Windows key + R. At the Run command type or copy and paste the following:
 

Combofix /uninstall

 

Remove the C:\FRST folder

Manually remove any tool left.

Here are some suggestions.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT
  • (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article    by Miekiemoes.

Best wishes! :hello:


Edited by JSntgRvr, 09 July 2013 - 10:59 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users