Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects...iexplorer opening over and over; computer very slow.


  • This topic is locked This topic is locked
15 replies to this topic

#1 BobbyCubby

BobbyCubby

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 28 July 2013 - 08:52 AM

I'm working on my girlfriend's computer. I've done the little I could do; realized I was in over my head, and stopped immediately and came back here.  She bought a computer from Aaron's a couple of years ago. It's paid off, and is an ok computer so far.  She hasn't had the safest of browsing habits and went without protection for awhile. 

 

The issues.  First, she occasionally gets browser redirects.  Second, she gets video and audio popups from time to time. Third, the browser slows way down. I opened task manager and realized that iexplorer.exe was popping up all ove the place, looking like its eating up her CPU.  I've run malwarebytes, and the firewall is (now) on.  Thanks in advance for everyone's help!

 

Also, right now I'm attempting to click on the dds log to copy/paste here.  It's not responding, not even a not responding error message.  I can't seem to click it from the desktop. I was able to run a search for it and get it instantly; as soon as I did the copy from the desktop opened, as well.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by aaron at 9:35:27 on 2013-07-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3701.2222 [GMT -4:00]
.
AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Frontier\fshoster32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe
C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFBA.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Frontier\fshoster32.exe
C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSHDLL64.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [EPSON NX110 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\Windows\TEMP\E_SF7A6.tmp" /EF "HKCU"
uRun: [SocialBit] Rundll32.exe C:\Users\aaron\AppData\Local\SocialBit\clektqym.dll,RgzlylSJpoRsKdojfnSuxdXlocW
uRun: [Temp] rundll32 "C:\Users\aaron\AppData\Local\Apps\Temp\fakmfnecjg.dll",DllRegisterServer
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [F-Secure Hoster (53784)] "C:\Program Files (x86)\Frontier\fshoster32.exe" -app -hosterid:1
mRun: [F-Secure Manager] "C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE" /splash
mRun: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.254.254 74.40.74.41
TCP: Interfaces\{79E9E391-0175-478A-93CE-4EABF0FB0147} : DHCPNameServer = 192.168.254.254 74.40.74.41
TCP: Interfaces\{79E9E391-0175-478A-93CE-4EABF0FB0147}\2456C6B696E6F5E4F575962756C6563737F5132303733313 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{79E9E391-0175-478A-93CE-4EABF0FB0147}\345726C656F6 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{79E9E391-0175-478A-93CE-4EABF0FB0147}\7786164737D6970716373777F62746D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{79E9E391-0175-478A-93CE-4EABF0FB0147}\C616469746271676F6E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{93AD30C1-54CF-48C8-B0F2-79F5313FC568} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\sdz1povf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-28 23:36; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-06-26 10:19; links@playtopus.com; C:\Users\aaron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@playtopus.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-7 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-7 38528]
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-6-18 56016]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2013-7-10 68928]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2013-6-18 14472]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-12-7 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-7 204288]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Frontier\fshoster32.exe [2013-1-18 188400]
R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe [2012-8-6 60352]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-7 2375168]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-12-7 1128952]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-6-18 202176]
R3 fsni;fsni;C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [2013-4-25 80832]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-7 1582144]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-7 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-7 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-7 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-27 19:28:59    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{841B5611-3EB4-471E-9FD8-39E4241FF519}\offreg.dll
2013-07-26 22:36:29    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{841B5611-3EB4-471E-9FD8-39E4241FF519}\mpengine.dll
2013-07-26 22:00:05    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-26 21:52:02    --------    d-----w-    C:\Users\aaron\AppData\Local\Secunia PSI
2013-07-26 21:51:53    --------    d-----w-    C:\Program Files (x86)\Secunia
2013-07-26 20:23:21    --------    d-----w-    C:\Users\aaron\AppData\Local\f08e5792-0689-401e-a25c-9472f8235f87ad
2013-07-26 20:23:00    0    ----a-w-    C:\Users\aaron\teamviewer.exe
2013-07-26 20:22:59    0    ----a-w-    C:\Users\aaron\chrome.exe
2013-07-26 17:50:11    --------    d-----w-    C:\Users\aaron\AppData\Roaming\SUPERAntiSpyware.com
2013-07-26 17:50:05    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-07-26 17:50:05    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-07-26 17:19:39    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-07-26 17:07:41    --------    d-----w-    C:\ComboFix
2013-07-26 15:42:26    0    ----a-w-    C:\Users\aaron\opera.exe
2013-07-19 03:30:13    --------    d-----w-    C:\Program Files (x86)\NCWest
2013-07-17 11:21:20    --------    d-----w-    C:\Windows\System32\MRT
2013-07-12 19:35:38    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 19:17:21    --------    d-----w-    C:\Windows\ERUNT
2013-07-12 18:42:18    6129024    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 18:42:18    6129024    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-11 07:21:59    148992    ----a-w-    C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-07-10 11:36:48    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 11:35:25    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-07-10 11:35:25    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-07-04 18:47:24    --------    d-----w-    C:\Users\aaron\AppData\Local\SocialBit
2013-07-03 08:32:42    18456    ----a-w-    C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-07-03 06:21:43    --------    d-----w-    C:\ProgramData\VirtualizedApplications
2013-07-03 04:10:04    --------    d-----w-    C:\Users\aaron\AppData\Local\SoftGrid Client
2013-07-03 04:09:59    --------    d-----w-    C:\Users\aaron\AppData\Roaming\SoftGrid Client
2013-07-03 04:07:46    --------    d-----w-    C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-07-03 04:07:13    --------    d-----w-    C:\Users\aaron\AppData\Roaming\TP
2013-06-30 20:56:23    17617288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2013-07-26 21:59:57    867240    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-07-26 21:59:57    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-26 21:58:47    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-26 21:58:47    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-18 18:29:03    56016    ----a-w-    C:\Windows\System32\drivers\fsbts.sys
2013-06-18 18:22:35    42248    ----a-w-    C:\Windows\SysWow64\drivers\fsbts.sys
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 06:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  9:36:08.75 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 AM

Posted 28 July 2013 - 11:52 AM

Hi,

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT


Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.
    • Check for Updates, then Scan your system for malware
    • If malware is found, do NOT press the Cleanup button yet, click EXIT as I'd like to see the log first so I can see what it sees.
You'll find the log in that mbar folder as [b]MBAR-log-<date and time>***.txt]/b]

Please attach that to your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 BobbyCubby

BobbyCubby
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 28 July 2013 - 03:03 PM

Here's the first -

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by aaron (administrator) on 28-07-2013 15:58:06
Running from C:\Users\aaron\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFBA.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7461480 2011-09-08] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [EPSON NX110 Series] - C:\Windows\TEMP\E_SF7A6.tmp [126 2012-08-19] ()
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [F-Secure Hoster (53784)] - C:\Program Files (x86)\Frontier\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE [311432 2013-01-03] (F-Secure Corporation)
HKLM-x32\...\Run: [NCUpdateHelper] - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzutAtN2Y1L1Qzuzy0C0ByBtD0D0DyD0E0F0C0F0Bzz0AzytN0D0TzutBtDtCtBtDyCtCtD&cr=1426143109
SearchScopes: HKLM - {66869871-357E-46E3-8B08-2F618FE038B6} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 74.40.74.41

FireFox:
========
FF ProfilePath: C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\sdz1povf.default
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: No Name - C:\Users\aaron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] C:\Program Files (x86)\Consumer Input\Firefox\src

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S3 BFE; C:\Windows\SysWow64\. [0 2013-07-28] ()
R2 fshoster; C:\Program Files (x86)\Frontier\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE [209032 2013-01-03] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-25] (F-Secure Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R3 F-Secure Gatekeeper; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202176 2013-07-10] (F-Secure Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [202176 2013-07-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [68928 2013-06-25] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [68928 2013-06-25] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-06-18] ()
R0 fsbts; C:\Windows\SysWow64\Drivers\fsbts.sys [42248 2013-06-18] ()
R3 fsni; C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R3 fsni; C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [14472 2013-01-03] ()
R1 fsvista; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [14472 2013-01-03] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-28 15:56 - 2013-07-28 15:57 - 13399154 _____ C:\Users\aaron\Downloads\mbar-1.06.0.1004.zip
2013-07-28 15:56 - 2013-07-28 15:56 - 01780547 _____ (Farbar) C:\Users\aaron\Downloads\FRST64.exe
2013-07-28 09:36 - 2013-07-28 09:50 - 00011943 _____ C:\Users\aaron\Desktop\attach.txt
2013-07-28 09:36 - 2013-07-28 09:49 - 00021644 _____ C:\Users\aaron\Desktop\dds.txt
2013-07-28 09:34 - 2013-07-28 09:34 - 00688992 ____R (Swearware) C:\Users\aaron\Downloads\dds.com
2013-07-27 19:49 - 2013-07-27 21:47 - 717640747 _____ C:\Users\aaron\Desktop\Baldurs_Gate_2_Complete__2000_.part2.rar
2013-07-27 00:14 - 2013-07-27 00:14 - 00262164 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-26 18:05 - 2013-07-26 18:05 - 02434048 _____ C:\Users\aaron\Downloads\msxml.msi
2013-07-26 18:00 - 2013-07-26 17:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-26 18:00 - 2013-07-26 17:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-26 18:00 - 2013-07-26 17:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-26 18:00 - 2013-07-26 17:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-26 17:59 - 2013-07-26 17:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-26 17:57 - 2013-07-26 17:57 - 00000000 ____D C:\ProgramData\Adobe
2013-07-26 17:52 - 2013-07-26 17:52 - 00000000 ____D C:\Users\aaron\AppData\Local\Secunia PSI
2013-07-26 17:51 - 2013-07-26 17:51 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-07-26 16:56 - 2013-07-26 16:56 - 03272136 _____ (Secunia) C:\Users\aaron\Downloads\PSISetup.exe
2013-07-26 16:42 - 2013-07-26 16:42 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\aaron\Downloads\rkill.exe
2013-07-26 16:23 - 2013-07-28 15:00 - 00000318 ____H C:\Windows\Tasks\{41D282AE-A765-4D18-9586-0D95087D4EE4}.job
2013-07-26 16:23 - 2013-07-26 17:49 - 00000000 ____D C:\Users\aaron\AppData\Local\f08e5792-0689-401e-a25c-9472f8235f87ad
2013-07-26 16:23 - 2013-07-26 16:23 - 00003060 _____ C:\Windows\System32\Tasks\{41D282AE-A765-4D18-9586-0D95087D4EE4}
2013-07-26 16:23 - 2013-07-26 16:23 - 00000000 _____ C:\Users\aaron\teamviewer.exe
2013-07-26 16:22 - 2013-07-26 16:22 - 00000000 _____ C:\Users\aaron\chrome.exe
2013-07-26 16:21 - 2013-07-28 15:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-26 16:21 - 2013-07-26 16:21 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-26 16:21 - 2013-07-26 16:21 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-26 13:50 - 2013-07-28 12:35 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 13:50 - 2013-07-26 13:50 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-26 13:50 - 2013-07-26 13:50 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-26 13:50 - 2013-07-26 13:50 - 00000000 ____D C:\Users\aaron\AppData\Roaming\SUPERAntiSpyware.com
2013-07-26 13:50 - 2013-07-26 13:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-26 13:50 - 2013-07-26 13:50 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-26 13:50 - 2013-07-26 13:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 13:49 - 2013-07-26 13:49 - 26681272 _____ (SUPERAntiSpyware.com) C:\Users\aaron\Downloads\SUPERAntiSpyware.exe
2013-07-26 13:46 - 2013-07-26 16:50 - 00002958 _____ C:\Users\aaron\Desktop\Rkill.txt
2013-07-26 13:46 - 2013-07-26 13:46 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\aaron\Downloads\rkill.scr
2013-07-26 13:16 - 2013-07-26 13:16 - 00001131 _____ C:\Users\aaron\Desktop\JRT.txt
2013-07-26 13:07 - 2013-07-26 13:07 - 00000000 ___SD C:\32788R22FWJFW
2013-07-26 13:07 - 2013-07-26 13:07 - 00000000 ____D C:\Windows\erdnt
2013-07-26 13:07 - 2013-07-26 13:07 - 00000000 ____D C:\Qoobox
2013-07-26 13:07 - 2013-07-26 13:07 - 00000000 ____D C:\ComboFix
2013-07-26 11:42 - 2013-07-26 16:23 - 00000796 _____ C:\Users\aaron\Desktop\Internet Security Pro.lnk
2013-07-26 11:42 - 2013-07-26 11:42 - 00000000 _____ C:\Users\aaron\opera.exe
2013-07-24 17:48 - 2013-07-24 17:48 - 00000000 ____D C:\ProgramData\McAfee
2013-07-18 23:30 - 2013-07-26 17:52 - 00000000 ____D C:\Program Files (x86)\NCWest
2013-07-18 23:29 - 2013-07-18 23:29 - 05003264 _____ (NC Interactive, LLC) C:\Users\aaron\Downloads\AionInstaller.exe
2013-07-17 07:21 - 2013-07-17 07:24 - 00000000 ____D C:\Windows\system32\MRT
2013-07-16 11:06 - 2013-07-28 11:55 - 00071680 ___SH C:\Users\aaron\Desktop\Thumbs.db
2013-07-16 08:34 - 2013-07-16 08:34 - 00434820 _____ C:\Users\aaron\Desktop\TomTom-v50300-1.0.1.zip
2013-07-12 15:35 - 2013-07-12 15:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 15:32 - 2013-07-12 15:32 - 00000000 ____D C:\Users\aaron\Desktop\mbar-1.06.0.1004
2013-07-12 15:19 - 2013-07-12 15:19 - 05088739 ____R (Swearware) C:\Users\aaron\Desktop\ComboFix.exe
2013-07-12 15:17 - 2013-07-12 15:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 15:16 - 2013-07-12 15:16 - 00559306 _____ (Oleg N. Scherbakov) C:\Users\aaron\Desktop\JRT.exe
2013-07-12 15:09 - 2013-07-12 15:10 - 00011822 _____ C:\AdwCleaner[S1].txt
2013-07-12 15:08 - 2013-07-12 15:08 - 00011929 _____ C:\AdwCleaner[R1].txt
2013-07-12 15:04 - 2013-07-12 15:04 - 00662345 _____ C:\Users\aaron\Desktop\AdwCleaner.exe
2013-07-12 15:03 - 2013-07-12 15:03 - 00662345 _____ C:\Users\aaron\Downloads\AdwCleaner.exe
2013-07-12 14:55 - 2013-07-12 14:55 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\aaron\Desktop\rename.exe
2013-07-11 03:47 - 2013-07-24 17:41 - 00000000 ____D C:\Windows\Minidump
2013-07-11 03:22 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 03:22 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 03:22 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 03:22 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 03:22 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 03:22 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 03:22 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 03:22 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 03:22 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 03:22 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 03:22 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 03:22 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 03:22 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 03:22 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 03:22 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 03:22 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 03:22 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 03:22 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 03:22 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 03:22 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 03:22 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 03:21 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 03:21 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 03:21 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 03:21 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 03:21 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 03:21 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 03:21 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 03:21 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 03:21 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 03:21 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 07:36 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 07:36 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 07:36 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 07:36 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 07:36 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 07:35 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 07:35 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 23:09 - 2013-07-09 23:09 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-09 23:09 - 2013-07-09 23:09 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-09 23:09 - 2013-07-09 23:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-07 12:30 - 2013-07-07 12:30 - 04116816 _____ (Logitech Inc.) C:\Users\aaron\Downloads\unifying210.exe
2013-07-07 12:30 - 2013-07-07 12:30 - 00000000 ____D C:\ProgramData\LogiShrd
2013-07-07 12:30 - 2013-07-07 12:30 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-07-04 14:47 - 2013-07-28 12:35 - 00000000 ____D C:\Users\aaron\AppData\Local\SocialBit
2013-07-04 14:11 - 2013-06-24 00:57 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-03 04:32 - 2013-07-03 04:32 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
2013-07-03 02:21 - 2013-07-03 02:30 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2013-07-03 00:10 - 2013-07-03 00:10 - 00000000 ____D C:\Users\aaron\AppData\Local\SoftGrid Client
2013-07-03 00:09 - 2013-07-22 10:27 - 00000000 ____D C:\Users\aaron\AppData\Roaming\SoftGrid Client
2013-07-03 00:08 - 2013-07-03 00:08 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-07-03 00:07 - 2013-07-04 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-07-03 00:07 - 2013-07-03 00:10 - 00000000 ____D C:\Users\aaron\AppData\Roaming\TP
2013-07-03 00:07 - 2013-07-03 00:07 - 00000000 ____D C:\Program Files\Microsoft Office
2013-06-30 16:56 - 2013-06-30 16:56 - 17617288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-30 15:10 - 2013-07-28 15:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 15:10 - 2013-07-26 17:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-30 14:58 - 2013-06-30 14:58 - 01034440 _____ (Solid State Networks) C:\Users\aaron\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
131

==================== One Month Modified Files and Folders =======

2013-07-28 15:57 - 2013-07-28 15:57 - 00000000 ____D C:\FRST
2013-07-28 15:57 - 2013-07-28 15:56 - 13399154 _____ C:\Users\aaron\Downloads\mbar-1.06.0.1004.zip
2013-07-28 15:56 - 2013-07-28 15:56 - 01780547 _____ (Farbar) C:\Users\aaron\Downloads\FRST64.exe
2013-07-28 15:56 - 2013-06-30 15:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-28 15:45 - 2012-06-07 11:27 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A773C303-C185-4068-B6A5-D5276091E48D}
2013-07-28 15:26 - 2013-07-26 16:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 15:00 - 2013-07-26 16:23 - 00000318 ____H C:\Windows\Tasks\{41D282AE-A765-4D18-9586-0D95087D4EE4}.job
2013-07-28 13:36 - 2011-12-07 01:31 - 00000000 ____D C:\ProgramData\PDFC
2013-07-28 13:19 - 2013-02-19 17:30 - 00000350 _____ C:\Windows\Tasks\Playtopus Updater.job
2013-07-28 12:44 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-28 12:44 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-28 12:39 - 2009-07-14 01:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-28 12:38 - 2012-06-07 11:18 - 01774218 _____ C:\Windows\WindowsUpdate.log
2013-07-28 12:35 - 2013-07-26 13:50 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-28 12:35 - 2013-07-04 14:47 - 00000000 ____D C:\Users\aaron\AppData\Local\SocialBit
2013-07-28 12:35 - 2010-11-20 23:47 - 00051594 _____ C:\Windows\PFRO.log
2013-07-28 12:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 12:35 - 2009-07-14 00:51 - 00051912 _____ C:\Windows\setupact.log
2013-07-28 11:55 - 2013-07-16 11:06 - 00071680 ___SH C:\Users\aaron\Desktop\Thumbs.db
2013-07-28 09:50 - 2013-07-28 09:36 - 00011943 _____ C:\Users\aaron\Desktop\attach.txt
2013-07-28 09:49 - 2013-07-28 09:36 - 00021644 _____ C:\Users\aaron\Desktop\dds.txt
2013-07-28 09:34 - 2013-07-28 09:34 - 00688992 ____R (Swearware) C:\Users\aaron\Downloads\dds.com
2013-07-27 21:47 - 2013-07-27 19:49 - 717640747 _____ C:\Users\aaron\Desktop\Baldurs_Gate_2_Complete__2000_.part2.rar
2013-07-27 00:14 - 2013-07-27 00:14 - 00262164 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-26 18:07 - 2012-06-11 06:42 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-26 18:05 - 2013-07-26 18:05 - 02434048 _____ C:\Users\aaron\Downloads\msxml.msi
2013-07-26 18:01 - 2012-06-15 20:41 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-26 17:59 - 2013-07-26 18:00 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-26 17:59 - 2013-07-26 18:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-26 17:59 - 2013-07-26 18:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-26 17:59 - 2013-07-26 18:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-26 17:59 - 2013-07-26 17:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-26 17:59 - 2012-08-22 21:00 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-26 17:59 - 2012-08-22 21:00 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-26 17:58 - 2013-06-30 15:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-26 17:58 - 2012-06-10 16:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-26 17:58 - 2011-12-07 01:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-26 17:57 - 2013-07-26 17:57 - 00000000 ____D C:\ProgramData\Adobe
2013-07-26 17:52 - 2013-07-26 17:52 - 00000000 ____D C:\Users\aaron\AppData\Local\Secunia PSI
2013-07-26 17:52 - 2013-07-18 23:30 - 00000000 ____D C:\Program Files (x86)\NCWest
2013-07-26 17:51 - 2013-07-26 17:51 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-07-26 17:49 - 2013-07-26 16:23 - 00000000 ____D C:\Users\aaron\AppData\Local\f08e5792-0689-401e-a25c-9472f8235f87ad
2013-07-26 17:49 - 2012-06-07 11:18 - 00000000 ____D C:\Users\aaron
2013-07-26 16:56 - 2013-07-26 16:56 - 03272136 _____ (Secunia) C:\Users\aaron\Downloads\PSISetup.exe
2013-07-26 16:50 - 2013-07-26 13:46 - 00002958 _____ C:\Users\aaron\Desktop\Rkill.txt
2013-07-26 16:42 - 2013-07-26 16:42 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\aaron\Downloads\rkill.exe
2013-07-26 16:23 - 2013-07-26 16:23 - 00003060 _____ C:\Windows\System32\Tasks\{41D282AE-A765-4D18-9586-0D95087D4EE4}
2013-07-26 16:23 - 2013-07-26 16:23 - 00000000 _____ C:\Users\aaron\teamviewer.exe
2013-07-26 16:23 - 2013-07-26 11:42 - 00000796 _____ C:\Users\aaron\Desktop\Internet Security Pro.lnk
2013-07-26 16:22 - 2013-07-26 16:22 - 00000000 _____ C:\Users\aaron\chrome.exe
2013-07-26 16:21 - 2013-07-26 16:21 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-26 16:21 - 2013-07-26 16:21 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-26 14:59 - 2011-12-07 01:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-26 13:50 - 2013-07-26 13:50 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-26 13:50 - 2013-07-26 13:50 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-26 13:50 - 2013-07-26 13:50 - 00000000 ____D C:\Users\aaron\AppData\Roaming\SUPERAntiSpyware.com
2013-07-26 13:50 - 2013-07-26 13:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-26 13:50 - 2013-07-26 13:50 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-26 13:50 - 2013-07-26 13:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 13:50 - 2012-06-10 15:39 - 00000000 ____D C:\Users\aaron\AppData\Local\Google
2013-07-26 13:49 - 2013-07-26 13:49 - 26681272 _____ (SUPERAntiSpyware.com) C:\Users\aaron\Downloads\SUPERAntiSpyware.exe
2013-07-26 13:46 - 2013-07-26 13:46 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\aaron\Downloads\rkill.scr
2013-07-26 13:16 - 2013-07-26 13:16 - 00001131 _____ C:\Users\aaron\Desktop\JRT.txt
2013-07-26 13:07 - 2013-07-26 13:07 - 00000000 ___SD C:\32788R22FWJFW
2013-07-26 13:07 - 2013-07-26 13:07 - 00000000 ____D C:\Windows\erdnt
2013-07-26 13:07 - 2013-07-26 13:07 - 00000000 ____D C:\Qoobox
2013-07-26 13:07 - 2013-07-26 13:07 - 00000000 ____D C:\ComboFix
2013-07-26 11:42 - 2013-07-26 11:42 - 00000000 _____ C:\Users\aaron\opera.exe
2013-07-24 17:48 - 2013-07-24 17:48 - 00000000 ____D C:\ProgramData\McAfee
2013-07-24 17:41 - 2013-07-11 03:47 - 00000000 ____D C:\Windows\Minidump
2013-07-24 17:41 - 2011-12-07 03:49 - 00336508 ____N C:\Windows\Minidump\072413-20514-01.dmp
2013-07-23 20:44 - 2012-07-02 04:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-23 20:44 - 2011-12-07 01:13 - 00000000 ____D C:\ProgramData\Skype
2013-07-22 10:27 - 2013-07-03 00:09 - 00000000 ____D C:\Users\aaron\AppData\Roaming\SoftGrid Client
2013-07-19 21:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-19 21:33 - 2012-06-12 15:57 - 00000000 ____D C:\Users\aaron\AppData\Local\CrashDumps
2013-07-19 21:00 - 2013-06-18 14:08 - 00000000 ____D C:\Program Files (x86)\Frontier
2013-07-18 23:29 - 2013-07-18 23:29 - 05003264 _____ (NC Interactive, LLC) C:\Users\aaron\Downloads\AionInstaller.exe
2013-07-17 07:24 - 2013-07-17 07:21 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 07:20 - 2011-02-11 13:15 - 00773448 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-16 08:34 - 2013-07-16 08:34 - 00434820 _____ C:\Users\aaron\Desktop\TomTom-v50300-1.0.1.zip
2013-07-12 15:48 - 2013-07-12 15:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 15:32 - 2013-07-12 15:32 - 00000000 ____D C:\Users\aaron\Desktop\mbar-1.06.0.1004
2013-07-12 15:19 - 2013-07-12 15:19 - 05088739 ____R (Swearware) C:\Users\aaron\Desktop\ComboFix.exe
2013-07-12 15:17 - 2013-07-12 15:17 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 15:16 - 2013-07-12 15:16 - 00559306 _____ (Oleg N. Scherbakov) C:\Users\aaron\Desktop\JRT.exe
2013-07-12 15:10 - 2013-07-12 15:09 - 00011822 _____ C:\AdwCleaner[S1].txt
2013-07-12 15:08 - 2013-07-12 15:08 - 00011929 _____ C:\AdwCleaner[R1].txt
2013-07-12 15:04 - 2013-07-12 15:04 - 00662345 _____ C:\Users\aaron\Desktop\AdwCleaner.exe
2013-07-12 15:03 - 2013-07-12 15:03 - 00662345 _____ C:\Users\aaron\Downloads\AdwCleaner.exe
2013-07-12 14:55 - 2013-07-12 14:55 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\aaron\Desktop\rename.exe
2013-07-11 03:47 - 2009-07-14 00:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 03:46 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 03:46 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 03:46 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 03:45 - 2013-03-14 06:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 03:45 - 2013-03-14 06:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 03:45 - 2011-12-07 03:49 - 00336508 ____N C:\Windows\Minidump\071113-84646-01.dmp
2013-07-09 23:09 - 2013-07-09 23:09 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-09 23:09 - 2013-07-09 23:09 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-09 23:09 - 2013-07-09 23:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-09 23:09 - 2012-06-10 16:49 - 00000000 ____D C:\Users\aaron\AppData\Roaming\Mozilla
2013-07-09 23:09 - 2012-06-10 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-07 12:30 - 2013-07-07 12:30 - 04116816 _____ (Logitech Inc.) C:\Users\aaron\Downloads\unifying210.exe
2013-07-07 12:30 - 2013-07-07 12:30 - 00000000 ____D C:\ProgramData\LogiShrd
2013-07-07 12:30 - 2013-07-07 12:30 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-07-04 14:47 - 2012-06-07 11:27 - 00000000 ____D C:\Users\aaron\AppData\Local\PDFC
2013-07-04 03:01 - 2013-07-03 00:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-07-03 04:32 - 2013-07-03 04:32 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
2013-07-03 02:30 - 2013-07-03 02:21 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2013-07-03 00:10 - 2013-07-03 00:10 - 00000000 ____D C:\Users\aaron\AppData\Local\SoftGrid Client
2013-07-03 00:10 - 2013-07-03 00:07 - 00000000 ____D C:\Users\aaron\AppData\Roaming\TP
2013-07-03 00:08 - 2013-07-03 00:08 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-07-03 00:07 - 2013-07-03 00:07 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-03 00:07 - 2011-12-07 01:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-03 00:07 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-01 14:40 - 2012-08-22 21:00 - 00003818 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-06-30 16:56 - 2013-06-30 16:56 - 17617288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-30 16:50 - 2013-02-19 17:30 - 00000000 ____D C:\Users\aaron\AppData\Local\Playtopus
2013-06-30 14:59 - 2013-03-12 22:27 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 14:59 - 2013-03-12 22:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 14:58 - 2013-06-30 14:58 - 01034440 _____ (Solid State Networks) C:\Users\aaron\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-28 18:35 - 2012-06-10 09:05 - 00000000 ____D C:\Program Files (x86)\World of Warcraft

Files to move or delete:
====================
C:\Users\aaron\chrome.exe
C:\Users\aaron\opera.exe
C:\Users\aaron\teamviewer.exe
C:\Windows\Tasks\{41D282AE-A765-4D18-9586-0D95087D4EE4}.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 17:29

==================== End Of Log ============================

 

Attached Files



#4 BobbyCubby

BobbyCubby
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 28 July 2013 - 03:48 PM

Ok, here's the next log - confessional - I hit cleanup without thinking about it.  However, luckily/unluckily, whatever, the second time I ran Malware Bytes cleanup the same virus/trojan is popping up, so Malware didn't get rid of it.  Sorry for jumping the gone on that.

 

Attached Files



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 AM

Posted 28 July 2013 - 06:29 PM

(no problem running the clean)

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to C:\Users\aaron\Downloads as fixlist.txt


start
HKLM-x32\...\Run: [] -  [x]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzutAtN2Y1L1Qzuzy0C0ByBtD0D0DyD0E0F0C0F0Bzz0AzytN0D0TzutBtDtCtBtDyCtCtD&cr=1426143109
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
C:\Users\aaron\chrome.exe
C:\Users\aaron\opera.exe
C:\Users\aaron\teamviewer.exe
C:\Windows\Tasks\{41D282AE-A765-4D18-9586-0D95087D4EE4}.job
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now run FRST64 and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please attach that log to your reply.

Note: FixList.txt and FRST must be saved to the same location or the fix will not work

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 BobbyCubby

BobbyCubby
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 28 July 2013 - 07:01 PM

Fixlog.txt

 

Attached Files



#7 BobbyCubby

BobbyCubby
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 28 July 2013 - 07:54 PM

ComboFix 13-07-27.01 - aaron 07/28/2013  20:12:44.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3701.1871 [GMT -4:00]
Running from: c:\users\aaron\Downloads\ComboFix.exe
AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-29  )))))))))))))))))))))))))))))))
.
.
2013-07-29 00:22 . 2013-07-29 00:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-28 19:57 . 2013-07-28 19:57    --------    d-----w-    C:\FRST
2013-07-26 22:36 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{841B5611-3EB4-471E-9FD8-39E4241FF519}\mpengine.dll
2013-07-26 22:00 . 2013-07-26 21:59    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-26 21:59 . 2013-07-26 21:59    --------    d-----w-    c:\program files (x86)\Java
2013-07-26 21:52 . 2013-07-26 21:52    --------    d-----w-    c:\users\aaron\AppData\Local\Secunia PSI
2013-07-26 21:51 . 2013-07-26 21:51    --------    d-----w-    c:\program files (x86)\Secunia
2013-07-26 20:23 . 2013-07-26 21:49    --------    d-----w-    c:\users\aaron\AppData\Local\f08e5792-0689-401e-a25c-9472f8235f87ad
2013-07-26 17:50 . 2013-07-26 17:50    --------    d-----w-    c:\program files (x86)\Google
2013-07-26 17:50 . 2013-07-26 17:50    --------    d-----w-    c:\users\aaron\AppData\Roaming\SUPERAntiSpyware.com
2013-07-26 17:50 . 2013-07-26 17:50    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-07-26 17:50 . 2013-07-26 17:50    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-07-24 21:48 . 2013-07-24 21:48    --------    d-----w-    c:\programdata\McAfee
2013-07-19 03:30 . 2013-07-26 21:52    --------    d-----w-    c:\program files (x86)\NCWest
2013-07-17 11:21 . 2013-07-17 11:24    --------    d-----w-    c:\windows\system32\MRT
2013-07-12 19:17 . 2013-07-12 19:17    --------    d-----w-    c:\windows\ERUNT
2013-07-12 18:42 . 2013-07-12 18:42    6129024    ----a-w-    c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 18:42 . 2013-07-12 18:42    6129024    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-11 07:21 . 2013-06-11 23:25    148992    ----a-w-    c:\program files\Internet Explorer\jsdebuggeride.dll
2013-07-10 11:36 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 11:35 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-10 11:35 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-07 16:30 . 2013-07-07 16:30    --------    d-----w-    c:\programdata\LogiShrd
2013-07-07 16:30 . 2013-07-07 16:30    --------    d-----w-    c:\program files\Common Files\LogiShrd
2013-07-04 18:47 . 2013-07-28 16:35    --------    d-----w-    c:\users\aaron\AppData\Local\SocialBit
2013-07-03 08:32 . 2013-07-03 08:32    18456    ----a-w-    c:\windows\system32\drivers\psi_mf_amd64.sys
2013-07-03 06:21 . 2013-07-03 06:30    --------    d-----w-    c:\programdata\VirtualizedApplications
2013-07-03 04:10 . 2013-07-03 04:10    --------    d-----w-    c:\users\aaron\AppData\Local\SoftGrid Client
2013-07-03 04:09 . 2013-07-22 14:27    --------    d-----w-    c:\users\aaron\AppData\Roaming\SoftGrid Client
2013-07-03 04:07 . 2013-07-03 04:07    --------    d-----w-    c:\program files\Microsoft Office
2013-07-03 04:07 . 2013-07-04 07:01    --------    d-----w-    c:\program files (x86)\Microsoft Application Virtualization Client
2013-07-03 04:07 . 2013-07-03 04:10    --------    d-----w-    c:\users\aaron\AppData\Roaming\TP
2013-06-30 20:56 . 2013-06-30 20:56    17617288    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-26 21:59 . 2012-08-23 01:00    867240    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-07-26 21:59 . 2012-08-23 01:00    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-26 21:58 . 2012-06-10 20:56    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-26 21:58 . 2011-12-07 05:23    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-18 18:29 . 2013-06-18 18:29    56016    ----a-w-    c:\windows\system32\drivers\fsbts.sys
2013-06-18 18:22 . 2013-06-18 18:22    42248    ----a-w-    c:\windows\SysWow64\drivers\fsbts.sys
2013-06-04 04:45 . 2013-06-04 04:45    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-04 04:45 . 2013-06-04 04:45    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-04 04:45 . 2013-06-04 04:45    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-04 04:45 . 2013-06-04 04:45    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-04 04:45 . 2013-06-04 04:45    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-04 04:45 . 2013-06-04 04:45    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-04 04:45 . 2013-06-04 04:45    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-04 04:45 . 2013-06-04 04:45    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-04 04:45 . 2013-06-04 04:45    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-06-04 04:45 . 2013-06-04 04:45    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-06-04 04:45 . 2013-06-04 04:45    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-06-04 04:45 . 2013-06-04 04:45    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-06-04 04:45 . 2013-06-04 04:45    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-06-04 04:45 . 2013-06-04 04:45    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-06-04 04:45 . 2013-06-04 04:45    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-04 04:45 . 2013-06-04 04:45    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-06-04 04:45 . 2013-06-04 04:45    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-04 04:45 . 2013-06-04 04:45    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-04 04:45 . 2013-06-04 04:45    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-04 04:45 . 2013-06-04 04:45    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-04 04:45 . 2013-06-04 04:45    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-04 04:45 . 2013-06-04 04:45    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-04 04:45 . 2013-06-04 04:45    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-04 04:45 . 2013-06-04 04:45    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-04 04:45 . 2013-06-04 04:45    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-04 04:45 . 2013-06-04 04:45    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-04 04:45 . 2013-06-04 04:45    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-04 04:45 . 2013-06-04 04:45    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-04 04:45 . 2013-06-04 04:45    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-04 04:45 . 2013-06-04 04:45    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-06-04 04:45 . 2013-06-04 04:45    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-04 04:45 . 2013-06-04 04:45    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-06-04 04:45 . 2013-06-04 04:45    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-06-04 04:45 . 2013-06-04 04:45    235008    ----a-w-    c:\windows\system32\url.dll
2013-06-04 04:45 . 2013-06-04 04:45    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-06-04 04:45 . 2013-06-04 04:45    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-06-04 04:45 . 2013-06-04 04:45    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-06-04 04:45 . 2013-06-04 04:45    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-06-04 04:45 . 2013-06-04 04:45    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-06-04 04:45 . 2013-06-04 04:45    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-04 04:45 . 2013-06-04 04:45    149504    ----a-w-    c:\windows\system32\occache.dll
2013-06-04 04:45 . 2013-06-04 04:45    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-06-04 04:45 . 2013-06-04 04:45    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-06-04 04:45 . 2013-06-04 04:45    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-06-04 04:45 . 2013-06-04 04:45    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-06-04 04:45 . 2013-06-04 04:45    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-06-04 04:45 . 2013-06-04 04:45    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-06-04 04:45 . 2013-06-04 04:45    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-06-04 04:45 . 2013-06-04 04:45    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-18 01:09 . 2011-03-29 02:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 03:09    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 03:09    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 03:09    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 03:09    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 03:09    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 03:09    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 03:09    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 03:09    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 03:09    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 03:09    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 03:09    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 03:09    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 03:09    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-02 06:06 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"F-Secure Hoster (53784)"="c:\program files (x86)\Frontier\fshoster32.exe" [2013-01-18 188400]
"F-Secure Manager"="c:\program files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE" [2013-01-03 311432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys;c:\program files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\Frontier\fshoster32.exe;c:\program files (x86)\Frontier\fshoster32.exe [x]
S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe;c:\program files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]
S3 fsni;fsni;c:\program files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys;c:\program files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-26 17:50    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 21:58]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26 17:50]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26 17:50]
.
2013-07-28 c:\windows\Tasks\Playtopus Updater.job
- c:\users\aaron\AppData\Local\PLAYTO~1\Updater.dll [2013-06-26 14:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-09 7461480]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.254.254 74.40.74.41
FF - ProfilePath - c:\users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\sdz1povf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - ExtSQL: 2013-05-28 23:36; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-06-26 10:19; links@playtopus.com; c:\users\aaron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@playtopus.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-NCUpdateHelper - c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files (x86)\Frontier\fshoster32.exe\" -hosterid:0"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]
@Denied: ) (Everyone)
"AgentIdentifier"="e96f0983-5ac9-4d8a-af90-09898a6e281c"
"AuthorizationCode"=""
"53784_AgentIdentifier"="e96f0983-5ac9-4d8a-af90-09898a6e281c"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
c:\program files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE
c:\program files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
.
**************************************************************************
.
Completion time: 2013-07-28  20:29:32 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-29 00:29
.
Pre-Run: 394,192,867,328 bytes free
Post-Run: 394,458,365,952 bytes free
.
- - End Of File - - 97C4CBC8467FDBCA5EF445F088722124
A36C5E4F47E84449FF07ED3517B43A31
 



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 AM

Posted 28 July 2013 - 08:29 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 BobbyCubby

BobbyCubby
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 28 July 2013 - 08:41 PM

Done. No threats found at all, no log popped open. 



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 AM

Posted 29 July 2013 - 07:46 AM

OK, that's good, MBAR probably deleted that file on reboot then.
 
Please run the following to make sure there are no leftovers:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 BobbyCubby

BobbyCubby
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 29 July 2013 - 08:28 AM

JRT Text

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.7 (07.11.2013:1)
OS: Windows 7 Home Premium x64
Ran by aaron on Mon 07/29/2013 at  9:04:51.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\aaron\AppData\Roaming\mozilla\firefox\profiles\sdz1povf.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/29/2013 at  9:15:01.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Attached Files



#12 BobbyCubby

BobbyCubby
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 29 July 2013 - 02:45 PM

I've loaded ESET a couple times - it's freezing after so long, and never completes. 

 

Here are the threats...

 

C:\Users\aaron\.frostwire5\updates\frostwire-5.4.0.windows.exe    multiple threats
C:\Users\aaron\AppData\Local\Playtopus\Uninstaller.dll    probably a variant of Win32/Adware.GPMXMRD application
C:\Users\aaron\Downloads\frostwire-5.3.8.windows.exe    multiple threats
C:\Users\aaron\Downloads\gimp_gh_d1965415.exe    a variant of Win32/InstallIQ.A application

 

edit  I had uninstalled frostwire a couple of days before posting this, but it's still there.

edit 2 Malwarebytes came up clean.


Edited by BobbyCubby, 29 July 2013 - 06:16 PM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 AM

Posted 30 July 2013 - 06:03 PM

ok,

 

delete those files if you no longer need them  (you will need to show hidden files and folders for the appdata folder)

 

How is the computer running now, are there any outstanding issues?


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 BobbyCubby

BobbyCubby
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 30 July 2013 - 07:14 PM

I deleted the files.  Frankly, it seems to run perfectly.  Thank you very much for your help!  Anything further I should do?



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:31 AM

Posted 30 July 2013 - 07:18 PM

We just have some housekeeping to do now,

Please do the following:


You can delete the DDS, JRT, FRST and MBAR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    %5BB%5DPC Safety and Security--What Do I Need?.[/b]
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users