Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer opens repeatedly by itself.


  • Please log in to reply
34 replies to this topic

#1 drdrew

drdrew

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 31 August 2013 - 10:22 AM

I have a new Toshiba Satellite, less than a month old, running Windows 7.  I generally use Firefox as my browser, but about two weeks ago Internet Explorer randomly began popping up to msn.com, a site which is not my usual homepage, unbidden.  This occurs at unpredictable intervals, anywhere from 2-30 times a day.  I have run several different malware programs, without success.  The only unusual thing I see on my computer is "Internet Explorer Toolbar 4.9 by Sweetpacks," which I have been unable to delete, despite multiple attempts. I use Windows Firewall and Avast antiviral/antimalware. 

 

Please help--this is very annoying, interrupts serious work, and utilizes resources.

 

 

Here is my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Drew at 2:18:02 on 2013-08-31
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.7948.3112 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Users\Drew\AppData\Local\CrossLoop\CrossLoopService.exe
C:\windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\SysWOW64\UMonit64.exe
C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe
C:\Program Files\Toshiba\Power Saver\TBatmgrTrayicon.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Users\Drew\AppData\Local\CrossLoop\CrossLoopConnect.exe
C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Citrix\ICA Client\PNAMain.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\SOS Online Backup\SMessaging.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
C:\Windows\SysWOW64\SMITSC.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\windows\splwow64.exe
C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Toshiba\TECO\TecoHook.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\PROGRA~2\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Airfoil\Airfoil.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba13.msn.com
uWindow Title = Internet Explorer provided by TOSHIBA
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://toshiba13.msn.com
mWindow Title = Internet Explorer provided by TOSHIBA
mDefault_Page_URL = hxxp://toshiba13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [CrossLoop] "C:\Users\Drew\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server  -minimize
uRun: [Google Update] "C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN32I350K405XP:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [DTS Studio Sound] "C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe" /HIDEME
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [SOSUAUI] "C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe" -showui
mRun: [SMessaging] C:\Program Files (x86)\SOS Online Backup\SMessaging.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Drew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Receiver.lnk - C:\Windows\Installer\{7093E21A-5E1F-4EB0-B867-F11D1FC0E9AD}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6C83205C-9AE3-44F9-BB90-7B72B4959717} : DHCPNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll AirfoilInject3.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://toshiba13.msn.com
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [UMonit64] C:\windows\SysWOW64\UMonit64.exe
x64-Run: [BatteryManager] C:\Program Files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\b6cf1l04.default-1373223020928\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=webhp#t_0
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={ACB44ADF-F0B2-11E2-AC21-001E68832E9B}&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\Drew\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Drew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Drew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Drew\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-07-07 10:04; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-08-08 16:57; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-8-8 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-8-8 189936]
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-3-11 652784]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-3-11 28656]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2013-7-29 30496]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2013-7-29 482384]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-8-8 1030952]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-8-8 378944]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-8-8 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-8-8 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-8 46808]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2012-11-28 23552]
R2 CrossLoopService;CrossLoop Service;C:\Users\Drew\AppData\Local\CrossLoop\CrossLoopService.exe [2013-7-19 569072]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2013-7-29 205560]
R2 dts_apo_service;DTS APO Service;C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-5-30 16720]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-7-29 129848]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-29 167736]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-16 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-16 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-16 171928]
R2 SMITS;SMITS;C:\Windows\SysWOW64\SMITSC.exe [2013-5-9 12800]
R2 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2013-6-6 2186240]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-11 2228008]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2012-2-28 342464]
R3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2013-8-26 57024]
R3 ETD;ELAN PS/2_SMBus Port Input Device;C:\windows\System32\drivers\ETD.sys [2013-5-9 376136]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2013-1-15 118352]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-7-29 1480776]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-7-29 57216]
RUnknown sagentservice;sagentservice; [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-5-13 442368]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-6-6 19456]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-6-6 27648]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2013-6-6 29696]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-6-6 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-6-6 30208]
S3 tvnserver;TightVNC Server;C:\Users\Drew\AppData\Local\CrossLoop\tvnserver.exe [2013-7-19 814080]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-8-8 1255736]
.
=============== Created Last 30 ================
.
2013-08-30 09:13:08    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F68C242A-EEEE-453B-9333-87D043E51CCC}\offreg.dll
2013-08-30 09:11:56    9515512    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F68C242A-EEEE-453B-9333-87D043E51CCC}\mpengine.dll
2013-08-26 22:19:18    --------    d-----w-    C:\EEK
2013-08-26 21:45:35    --------    d-----w-    C:\Users\Drew\AppData\Roaming\SUPERAntiSpyware.com
2013-08-26 21:45:21    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-08-26 21:45:21    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-08-24 02:01:09    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-24 02:01:09    --------    d-----w-    C:\Program Files\iTunes
2013-08-24 02:01:09    --------    d-----w-    C:\Program Files\iPod
2013-08-16 05:20:04    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-08-16 05:19:49    17272    ----a-w-    C:\windows\System32\sdnclean64.exe
2013-08-16 05:19:43    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-14 22:34:45    --------    d-----w-    C:\Users\Drew\AppData\Local\LogMeIn Rescue Applet
2013-08-14 07:03:59    817664    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-14 07:03:59    1084928    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-14 07:03:59    108032    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-14 07:03:58    2241024    ----a-w-    C:\windows\System32\wininet.dll
2013-08-14 07:03:58    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-08-14 07:00:59    --------    d-----w-    C:\windows\System32\MRT
2013-08-14 06:05:03    224256    ----a-w-    C:\windows\System32\wintrust.dll
2013-08-14 06:05:03    184320    ----a-w-    C:\windows\System32\cryptsvc.dll
2013-08-14 06:05:03    175104    ----a-w-    C:\windows\SysWow64\wintrust.dll
2013-08-14 06:05:03    1472512    ----a-w-    C:\windows\System32\crypt32.dll
2013-08-14 06:05:03    140288    ----a-w-    C:\windows\SysWow64\cryptsvc.dll
2013-08-14 06:05:03    139776    ----a-w-    C:\windows\System32\cryptnet.dll
2013-08-14 06:05:03    1166848    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-08-14 06:05:02    103936    ----a-w-    C:\windows\SysWow64\cryptnet.dll
2013-08-13 13:41:59    --------    d-----w-    C:\Program Files (x86)\AirPort
2013-08-11 04:43:12    --------    d-----w-    C:\Users\Drew\AppData\Roaming\Malwarebytes
2013-08-11 04:42:32    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-08-11 04:42:31    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-08-09 01:34:07    --------    d-----w-    C:\ProgramData\Visan
2013-08-09 01:34:07    --------    d-----w-    C:\ProgramData\HP Photo Creations
2013-08-09 01:34:07    --------    d-----w-    C:\Program Files (x86)\HP Photo Creations
2013-08-09 01:33:54    741480    ------w-    C:\windows\System32\HPDiscoPMAF11.dll
2013-08-09 01:33:39    --------    d-----w-    C:\Program Files (x86)\HP
2013-08-09 01:33:37    --------    d-----w-    C:\Program Files\HP
2013-08-09 01:31:53    --------    d-----w-    C:\Users\Drew\AppData\Local\HP
2013-08-09 01:21:40    --------    d-----w-    C:\Users\Drew\AppData\Local\Diagnostics
2013-08-09 01:19:19    --------    d-----w-    C:\Users\Drew\AppData\Local\ElevatedDiagnostics
2013-08-08 23:45:29    33240    ----a-w-    C:\windows\System32\drivers\GEARAspiWDM.sys
2013-08-08 23:07:18    --------    d-----w-    C:\Users\Drew\AppData\Local\CrashDumps
2013-08-08 21:18:40    --------    d-----w-    C:\Users\Drew\AppData\Local\Xobni
2013-08-08 20:58:19    72016    ----a-w-    C:\windows\System32\drivers\aswRdr2.sys
2013-08-08 20:58:17    189936    ----a-w-    C:\windows\System32\drivers\aswVmm.sys
2013-08-08 20:58:17    1030952    ----a-w-    C:\windows\System32\drivers\aswSnx.sys
2013-08-08 20:58:16    65336    ----a-w-    C:\windows\System32\drivers\aswRvrt.sys
2013-08-08 20:58:09    80816    ----a-w-    C:\windows\System32\drivers\aswMonFlt.sys
2013-08-08 20:56:59    41664    ----a-w-    C:\windows\avastSS.scr
2013-08-08 20:56:48    --------    d-----w-    C:\Program Files\AVAST Software
2013-08-08 20:55:57    --------    d-----w-    C:\ProgramData\AVAST Software
2013-08-08 20:33:11    --------    d-----w-    C:\Users\Drew\AppData\Local\Macromedia
2013-08-08 20:19:05    --------    d-----r-    C:\Users\Drew\Dropbox
2013-08-08 20:14:03    29    ----a-w-    C:\windows\SysWow64\TempWmicBatchFile.bat
2013-08-08 18:12:06    --------    d-----w-    C:\Users\Drew\AppData\Roaming\uTorrent
2013-08-08 18:12:06    --------    d-----w-    C:\Users\Drew\AppData\Roaming\TuneUp Software
2013-08-08 18:12:06    --------    d-----w-    C:\Users\Drew\AppData\Roaming\TeamViewer
2013-08-08 18:11:49    --------    d-----w-    C:\Users\Drew\AppData\Roaming\Spotify
2013-08-08 18:11:27    --------    d-----w-    C:\Users\Drew\AppData\Roaming\Reviversoft
2013-08-08 18:11:01    --------    d-----w-    C:\Users\Drew\AppData\Roaming\iConcertCal
2013-08-08 18:11:01    --------    d-----w-    C:\Users\Drew\AppData\Roaming\ICAClient
2013-08-08 18:11:00    --------    d-----w-    C:\Users\Drew\AppData\Roaming\HpUpdate
2013-08-08 18:10:59    --------    d-----w-    C:\Users\Drew\AppData\Roaming\GoodSync
2013-08-08 18:10:49    --------    d-----w-    C:\Users\Drew\AppData\Roaming\FrostWire
2013-08-08 18:10:49    --------    d-----w-    C:\Users\Drew\AppData\Roaming\Facebook
2013-08-08 18:10:28    --------    d-----w-    C:\Users\Drew\AppData\Roaming\Dropbox
2013-08-08 18:10:26    --------    d-----w-    C:\Users\Drew\AppData\Roaming\Azureus
2013-08-08 17:00:34    --------    d-----w-    C:\Users\Drew\AppData\Local\Yahoo
2013-08-08 17:00:17    --------    d-----w-    C:\Users\Drew\AppData\Local\SwvUpdater
2013-08-08 17:00:17    --------    d-----w-    C:\Users\Drew\AppData\Local\Supreme Savings
2013-08-08 16:56:08    --------    d-----w-    C:\Users\Drew\AppData\Local\Spotify
2013-08-08 16:56:08    --------    d-----w-    C:\Users\Drew\AppData\Local\SOS Online Backup
2013-08-08 16:56:01    --------    d-----w-    C:\Users\Drew\AppData\Local\SlimWare Utilities Inc
2013-08-08 16:55:52    --------    d-----w-    C:\Users\Drew\AppData\Local\Simplify Media
2013-08-08 16:55:51    --------    d-----w-    C:\Users\Drew\AppData\Local\Rogue_Amoeba
2013-08-08 16:55:51    --------    d-----w-    C:\Users\Drew\AppData\Local\Rogue Amoeba
2013-08-08 16:55:43    --------    d-----w-    C:\Users\Drew\AppData\Local\Programs
2013-08-08 16:53:01    --------    d-----w-    C:\Users\Drew\AppData\Local\Mozilla
2013-08-08 16:31:31    --------    d-----w-    C:\Users\Drew\AppData\Local\MFAData
2013-08-08 16:31:27    --------    d-----w-    C:\Users\Drew\AppData\Local\Last.fm
2013-08-08 16:31:27    --------    d-----w-    C:\Users\Drew\AppData\Local\Ilivid Player
2013-08-08 16:31:08    --------    d-----w-    C:\Users\Drew\AppData\Local\Geckofx
2013-08-08 16:31:08    --------    d-----w-    C:\Users\Drew\AppData\Local\Deployment
2013-08-08 16:31:02    --------    d-----w-    C:\Users\Drew\AppData\Local\CrossLoop
2013-08-08 16:31:01    --------    d-----w-    C:\Users\Drew\AppData\Local\CRE
2013-08-08 16:31:00    --------    d-----w-    C:\Users\Drew\AppData\Local\Citrix
2013-08-08 16:31:00    --------    d-----w-    C:\Users\Drew\AppData\Local\ATI
2013-08-08 16:31:00    --------    d-----w-    C:\Users\Drew\AppData\Local\Apps
2013-08-08 16:29:40    --------    d-----w-    C:\Users\Drew\AppData\Local\Apple Computer
2013-08-08 16:29:39    --------    d-----w-    C:\Users\Drew\AppData\Local\Apple
2013-08-08 16:29:38    --------    d-----w-    C:\Users\Drew\AppData\Local\Adobe
2013-08-08 14:00:52    --------    d-----w-    C:\Program Files (x86)\TeamViewer
2013-08-08 14:00:47    --------    d-----w-    C:\Program Files (x86)\FrostWire
2013-08-08 14:00:46    --------    d-----w-    C:\Program Files (x86)\DivX
2013-08-08 14:00:45    --------    d-----w-    C:\Program Files (x86)\Audible
2013-08-08 14:00:41    --------    d-----w-    C:\Program Files (x86)\Audacity
2013-08-08 13:51:22    --------    d-----w-    C:\Users\Drew\AppData\Local\Google
2013-08-08 08:15:17    9515512    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-08-08 07:06:10    --------    d-----w-    C:\windows\SysWow64\Wat
2013-08-08 07:06:10    --------    d-----w-    C:\windows\System32\Wat
2013-08-08 03:53:06    --------    d-----w-    C:\Users\Drew\Roaming
2013-08-08 03:51:15    --------    d-----w-    C:\Program Files (x86)\Common Files\Ulead Systems
2013-08-08 03:51:11    --------    d-----w-    C:\Program Files (x86)\Common Files\PX Storage Engine
2013-08-08 03:51:11    --------    d-----w-    C:\Program Files (x86)\Common Files\MSSoap
2013-08-08 03:50:24    --------    d-----w-    C:\Program Files (x86)\Common Files\DivX Shared
2013-08-08 03:50:24    --------    d-----w-    C:\Program Files (x86)\Common Files\Citrix
2013-08-08 03:48:08    --------    d-----w-    C:\Program Files (x86)\Xobni
2013-08-08 03:48:07    --------    d-----w-    C:\Program Files (x86)\WinDirStat
2013-08-08 03:47:22    --------    d-----w-    C:\Program Files (x86)\VSO
2013-08-08 03:47:22    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-08-08 03:47:22    --------    d-----w-    C:\Program Files (x86)\uTorrent
2013-08-08 03:46:00    --------    d-----w-    C:\Program Files (x86)\Ulead Systems
2013-08-08 03:46:00    --------    d-----w-    C:\Program Files (x86)\TorrentSearch
2013-08-08 03:46:00    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy
2013-08-08 03:45:59    --------    d-----w-    C:\Program Files (x86)\Spotify
2013-08-07 23:08:29    --------    d-----w-    C:\Program Files (x86)\SOS Online Backup
2013-08-07 23:08:22    --------    d-----w-    C:\Program Files (x86)\Siber Systems
2013-08-07 23:08:22    --------    d-----r-    C:\Program Files (x86)\Skype
2013-08-07 23:08:01    --------    d-----w-    C:\Program Files (x86)\Reviversoft
2013-08-07 23:07:17    --------    d-----w-    C:\Program Files (x86)\palmOne
2013-08-07 23:07:17    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-07 23:04:16    --------    d-----w-    C:\Program Files (x86)\Microsoft ActiveSync
2013-08-07 23:04:16    --------    d-----w-    C:\Program Files (x86)\Microsoft
2013-08-07 23:04:15    --------    d-----w-    C:\Program Files (x86)\Marvell
2013-08-07 23:04:15    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-07 23:04:15    --------    d-----w-    C:\Program Files (x86)\LimeWire
2013-08-07 23:00:50    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-08-07 23:00:50    --------    d-----w-    C:\Program Files (x86)\Intuit
2013-08-07 23:00:44    --------    d-----w-    C:\Program Files (x86)\InterVideo
2013-08-07 23:00:44    --------    d-----w-    C:\Program Files (x86)\intellidownload
2013-08-07 23:00:07    --------    d-----w-    C:\Program Files (x86)\iLivid
2013-08-07 23:00:07    --------    d-----w-    C:\Program Files (x86)\Graboid
2013-08-07 22:58:28    --------    d-----w-    C:\Program Files (x86)\FLAC
2013-08-07 22:58:24    --------    d-----w-    C:\Program Files (x86)\Dropbox
2013-08-07 22:58:23    --------    d-----w-    C:\Program Files (x86)\DriverUpdate
2013-08-07 22:58:23    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-08-07 22:57:54    --------    d-----w-    C:\Program Files (x86)\Citrix
2013-08-07 22:57:52    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-08-07 22:57:39    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2013-08-07 22:57:36    --------    d-----w-    C:\Program Files (x86)\Amazon
2013-08-07 22:57:27    --------    d-----w-    C:\Program Files (x86)\Airfoil
2013-08-07 22:18:46    --------    d-----w-    C:\Program Files (x86)\ActivePDF
2013-08-07 22:18:14    --------    d-----w-    C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
2013-08-07 22:18:14    --------    d-----w-    C:\Program Files (x86)\1ClickDownload
2013-08-07 22:18:02    --------    d-----w-    C:\windows\SysWow64\Adobe
2013-08-07 22:18:01    --------    d-----w-    C:\windows\System32\tr
2013-08-07 22:18:01    --------    d-----w-    C:\windows\System32\sv
2013-08-07 22:18:01    --------    d-----w-    C:\windows\System32\sk
2013-08-07 22:18:01    --------    d-----w-    C:\windows\System32\ru
2013-08-07 22:18:01    --------    d-----w-    C:\windows\System32\pt
2013-08-07 22:18:01    --------    d-----w-    C:\windows\System32\pl
2013-08-07 22:18:01    --------    d-----w-    C:\windows\System32\no
2013-08-07 22:18:01    --------    d-----w-    C:\windows\System32\nl
2013-08-07 22:16:47    --------    d-sh--w-    C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-08-07 22:14:57    --------    d-----w-    C:\ProgramData\Citrix
2013-08-07 22:14:14    --------    d-----w-    C:\ProgramData\avg9
2013-08-07 22:14:14    --------    d-----w-    C:\ProgramData\AVG2012
2013-08-07 22:14:14    --------    d-----w-    C:\ProgramData\AVG10
2013-08-07 22:12:03    --------    d-----w-    C:\windows\PCHEALTH
2013-08-07 22:09:48    --------    d-----w-    C:\windows\Downloaded Installations
2013-08-07 22:07:05    --------    d-----w-    C:\WORKSSETUP
2013-08-07 22:07:05    --------    d-----w-    C:\WePrint
2013-08-07 22:05:35    --------    d-----w-    C:\product
2013-08-07 22:05:27    --------    d-----w-    C:\Prey
2013-08-07 21:59:47    --------    d-sh--w-    C:\found.000
2013-08-07 21:59:47    --------    d-----w-    C:\DOCS
2013-08-07 21:59:47    --------    d-----w-    C:\344572fd11628ea17b87f31d63
2013-08-07 21:04:52    --------    d-----w-    C:\Program Files (x86)\Common Files\Laplink
2013-08-07 21:04:50    --------    d-----w-    C:\Program Files (x86)\Laplink
2013-08-07 19:46:54    --------    d-----w-    C:\ProgramData\Laplink
2013-08-07 19:40:55    --------    d-----w-    C:\Users\Drew\AppData\Local\Downloaded Installations
2013-08-07 19:21:50    87040    ----a-w-    C:\windows\System32\drivers\WUDFPf.sys
2013-08-07 19:21:50    84992    ----a-w-    C:\windows\System32\WUDFSvc.dll
2013-08-07 19:21:50    744448    ----a-w-    C:\windows\System32\WUDFx.dll
2013-08-07 19:21:50    45056    ----a-w-    C:\windows\System32\WUDFCoinstaller.dll
2013-08-07 19:21:50    229888    ----a-w-    C:\windows\System32\WUDFHost.exe
2013-08-07 19:21:50    198656    ----a-w-    C:\windows\System32\drivers\WUDFRd.sys
2013-08-07 19:21:50    194048    ----a-w-    C:\windows\System32\WUDFPlatform.dll
2013-08-07 19:17:05    1930752    ----a-w-    C:\windows\System32\authui.dll
2013-08-07 19:17:04    70144    ----a-w-    C:\windows\System32\appinfo.dll
2013-08-07 19:17:04    1796096    ----a-w-    C:\windows\SysWow64\authui.dll
2013-08-07 19:17:04    111448    ----a-w-    C:\windows\System32\consent.exe
2013-08-07 19:17:00    1424384    ----a-w-    C:\windows\System32\WindowsCodecs.dll
2013-08-07 19:17:00    1230336    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2013-08-07 18:52:31    --------    d-----w-    C:\windows\System32\appmgmt
2013-08-07 18:24:43    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2013-08-07 18:13:50    --------    d-----w-    C:\ProgramData\Book Place
2013-08-07 18:13:34    --------    d-----w-    C:\Users\Drew\AppData\Roaming\Book Place
2013-08-07 17:57:11    826880    ----a-w-    C:\windows\SysWow64\rdpcore.dll
2013-08-07 17:57:11    23552    ----a-w-    C:\windows\System32\drivers\tdtcp.sys
2013-08-07 17:57:11    1031680    ----a-w-    C:\windows\System32\rdpcore.dll
2013-08-07 13:55:05    --------    d-----w-    C:\Users\Drew\AppData\Local\TOSHIBA
2013-08-07 13:54:31    --------    d-----w-    C:\Users\Drew\AppData\Local\VirtualStore
2013-08-07 13:53:24    2622464    ----a-w-    C:\windows\System32\wucltux.dll
2013-08-07 13:53:07    13    --sh--r-    C:\windows\System32\drivers\fbd.sys
2013-08-07 13:52:48    99840    ----a-w-    C:\windows\System32\wudriver.dll
2013-08-07 13:52:15    36864    ----a-w-    C:\windows\System32\wuapp.exe
2013-08-07 13:52:15    186752    ----a-w-    C:\windows\System32\wuwebv.dll
.
==================== Find3M  ====================
.
2013-08-11 13:51:02    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-11 13:51:02    692104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:12:08    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-07-26 03:12:04    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54    1888768    ----a-w-    C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2013-07-09 06:03:30    5550528    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\windows\System32\wow64.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\windows\System32\rpcrt4.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\windows\SysWow64\user.exe
2013-07-06 06:03:53    1910208    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16    39936    ----a-w-    C:\windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27    3153920    ----a-w-    C:\windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
.
============= FINISH:  2:19:03.59 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 drdrew

drdrew
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 04 September 2013 - 05:50 PM

Hi.  Is there any other info I should post to help get to the source of this problem?

 

Thanks,

Drew



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 05 September 2013 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#4 drdrew

drdrew
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 05 September 2013 - 09:35 PM

Hi nasdaq,

 

I  followed through with your advice.  It appears that your tools found and removed several problems.  So far, after about an hour since I finished, there have been no more instances of internet explorer opening unexpectedly.  I would have expected it to have happened by now, so I'm optimistic so far.  The computer also seems to be working more quickly overall.

 

The only other issue I'm having, which I'm not sure is related, is that Itunes does not seem to recognize my Iphone.  This was occurring before the changes you had me make, so I don't think it's related to malware.

 

Thank you for your help!  That was easier than I expected.  I'll let you know if it recurs.  Thanks again.

 

Drew

 

Here are the requested logs.

 

Roguekiller:

 

RogueKiller V8.6.9 _x64_ [Sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Drew [Admin rights]
Mode : Scan -- Date : 09/05/2013 19:59:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] CrossLoopService.exe -- C:\Users\Drew\AppData\Local\CrossLoop\CrossLoopService.exe [7] -> KILLED [TermProc]
[SUSP PATH] CrossLoopConnect.exe -- C:\Users\Drew\AppData\Local\CrossLoop\CrossLoopConnect.exe [7] -> KILLED [TermProc]
[SUSP PATH] GoogleUpdate.exe -- C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : CrossLoop ("C:\Users\Drew\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server  -minimize [7][x][x][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-84231429-3990678696-3367150920-1001\[...]\Run : CrossLoop ("C:\Users\Drew\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server  -minimize [7][x][x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-84231429-3990678696-3367150920-1001\[...]\Run : Google Update ("C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ATA HGST HTS541010A9 SCSI Disk Device +++++
--- User ---
[MBR] 2287e69ebc2b3469e38ab92d3a1d30ae
[BSP] 4817a8e65f45041a1caf4325fe277044 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 942755 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1933836288 | Size: 9613 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09052013_195922.txt >>


AdwCleaner:

 

# AdwCleaner v3.002 - Report created 05/09/2013 at 20:04:08
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Drew - DREW-PC
# Running from : C:\Users\Drew\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Folder Found C:\Program Files (x86)\1ClickDownload
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Ilivid
Folder Found C:\Program Files\Updater By SweetPacks
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\Drew\AppData\Local\cre
Folder Found C:\Users\Drew\AppData\Local\Ilivid Player
Folder Found C:\Users\Drew\AppData\Local\Supreme Savings
Folder Found C:\Users\Drew\AppData\Local\SwvUpdater
Folder Found C:\Users\Drew\AppData\LocalLow\Conduit
Folder Found C:\Users\Drew\AppData\LocalLow\PriceGong
Folder Found C:\Users\Drew\AppData\LocalLow\Vuze_Remote

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\ilivid
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\ilivid
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\b6cf1l04.default-1373223020928\prefs.js ]

Line Found : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={ACB44ADF-F0B2-11E2-AC21-001E68832E9B}&q=");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={ACB44ADF-F0B2-11E2-AC21-001E68832E9B}");

[ File : C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6157 octets] - [05/09/2013 20:04:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6217 octets] ##########
 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Professional x64
Ran by Drew on Thu 09/05/2013 at 20:29:55.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Drew\AppData\Roaming\mozilla\firefox\profiles\b6cf1l04.default-1373223020928\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/05/2013 at 20:35:35.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 drdrew

drdrew
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 05 September 2013 - 10:11 PM

Hi nasdaq,

 

Darn.  About 30 minutes later the problem with IE opening started up again.  Do you know what the next step is?

 

Drew



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 06 September 2013 - 07:34 AM

The only other issue I'm having, which I'm not sure is related, is that Itunes does not seem to recognize my Iphone. This was occurring before the changes you had me make, so I don't think it's related to malware.


I would reinstall Itunes and or you Iphone. It may help.
===

Did you run the Delete function with the RogueKiller tool.
A restart is required after.
===

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
===

Open Internet Explorer Menu > Tools > Internet Options > General tab.
Reset the IE setting, buttom of the pane.
Restart the computer normally.
===

If the problem persists execute the following.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

#7 drdrew

drdrew
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 06 September 2013 - 02:04 PM

Yes, I did hit delete after Roguekiller and I did Restart afterwards.

 

I followed the rest of your directions.  Here is the log from ComboFix:

 

 

ComboFix 13-09-06.01 - Drew 09/06/2013  14:44:20.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.7948.5737 [GMT -4:00]
Running from: c:\users\Drew\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Drew\AppData\Local\Temp\7zS7C7C\HPSLPSVC64.DLL
c:\windows\Installer\{7093E21A-5E1F-4EB0-B867-F11D1FC0E9AD}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-06 to 2013-09-06  )))))))))))))))))))))))))))))))
.
.
2013-09-06 08:57 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB54C8C0-D322-4F69-903E-6127588BAF4B}\mpengine.dll
2013-09-06 00:29 . 2013-09-06 00:29    --------    d-----w-    c:\windows\ERUNT
2013-09-06 00:03 . 2013-09-06 00:13    --------    d-----w-    C:\AdwCleaner
2013-08-26 22:19 . 2013-08-26 22:19    --------    d-----w-    C:\EEK
2013-08-26 21:45 . 2013-08-26 21:45    --------    d-----w-    c:\users\Drew\AppData\Roaming\SUPERAntiSpyware.com
2013-08-26 21:45 . 2013-08-26 21:45    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-08-26 21:45 . 2013-08-26 21:45    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-08-24 02:01 . 2013-08-24 02:01    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-24 02:01 . 2013-08-24 02:01    --------    d-----w-    c:\program files\iTunes
2013-08-24 02:01 . 2013-08-24 02:01    --------    d-----w-    c:\program files\iPod
2013-08-16 05:20 . 2013-09-06 18:06    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-08-16 05:19 . 2013-09-06 18:39    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2013-08-14 22:34 . 2013-08-15 11:37    --------    d-----w-    c:\users\Drew\AppData\Local\LogMeIn Rescue Applet
2013-08-14 07:03 . 2013-07-26 05:13    1084928    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-14 07:03 . 2013-07-26 05:13    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-08-14 07:03 . 2013-07-26 03:13    817664    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-14 07:03 . 2013-07-26 03:12    108032    ----a-w-    c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-14 07:03 . 2013-07-26 05:13    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-08-14 07:03 . 2013-07-26 05:12    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-08-14 07:03 . 2013-07-26 03:13    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-08-14 07:03 . 2013-07-26 05:12    15405056    ----a-w-    c:\windows\system32\ieframe.dll
2013-08-14 07:03 . 2013-07-26 05:12    19239424    ----a-w-    c:\windows\system32\mshtml.dll
2013-08-14 07:00 . 2013-08-14 07:02    --------    d-----w-    c:\windows\system32\MRT
2013-08-14 06:05 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 06:05 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 06:05 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 06:05 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 06:05 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 06:05 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-14 06:05 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 06:05 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-13 13:41 . 2013-08-13 13:41    --------    d-----w-    c:\program files (x86)\AirPort
2013-08-11 04:43 . 2013-08-11 04:43    --------    d-----w-    c:\users\Drew\AppData\Roaming\Malwarebytes
2013-08-11 04:42 . 2013-08-11 04:42    --------    d-----w-    c:\programdata\Malwarebytes
2013-08-11 04:42 . 2013-04-04 18:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-09 01:34 . 2013-08-09 01:34    --------    d-----w-    c:\programdata\Visan
2013-08-09 01:34 . 2013-08-09 01:34    --------    d-----w-    c:\programdata\HP Photo Creations
2013-08-09 01:34 . 2013-08-09 01:34    --------    d-----w-    c:\program files (x86)\HP Photo Creations
2013-08-09 01:33 . 2012-10-17 08:31    741480    ------w-    c:\windows\system32\HPDiscoPMAF11.dll
2013-08-09 01:33 . 2013-08-09 01:49    --------    d-----w-    c:\program files (x86)\HP
2013-08-09 01:33 . 2013-08-09 01:33    --------    d-----w-    c:\program files\HP
2013-08-09 01:31 . 2013-08-09 01:46    --------    d-----w-    c:\users\Drew\AppData\Local\HP
2013-08-09 01:26 . 2013-08-09 01:33    --------    d-----w-    c:\programdata\HP
2013-08-09 01:21 . 2013-08-09 01:21    --------    d-----w-    c:\users\Drew\AppData\Local\Diagnostics
2013-08-09 01:19 . 2013-08-09 01:21    --------    d-----w-    c:\users\Drew\AppData\Local\ElevatedDiagnostics
2013-08-08 23:45 . 2013-08-08 23:45    --------    dc----w-    c:\windows\system32\DRVSTORE
2013-08-08 23:45 . 2012-08-21 17:01    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-08-08 23:07 . 2013-08-30 22:40    --------    d-----w-    c:\users\Drew\AppData\Local\CrashDumps
2013-08-08 21:18 . 2013-08-08 21:26    --------    d-----w-    c:\users\Drew\AppData\Local\Xobni
2013-08-08 20:58 . 2013-08-08 20:58    378944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-08-08 20:58 . 2013-05-09 08:59    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-08-08 20:58 . 2013-05-09 08:59    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-08-08 20:58 . 2013-05-09 08:59    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-08-08 20:58 . 2013-08-08 20:58    189936    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-08-08 20:58 . 2013-08-08 20:58    1030952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-08-08 20:58 . 2013-05-09 08:59    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-08-08 20:58 . 2013-05-09 08:59    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-08-08 20:58 . 2013-05-09 08:58    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-08-08 20:56 . 2013-05-09 08:58    41664    ----a-w-    c:\windows\avastSS.scr
2013-08-08 20:56 . 2013-08-08 20:56    --------    d-----w-    c:\program files\AVAST Software
2013-08-08 20:55 . 2013-08-08 20:56    --------    d-----w-    c:\programdata\AVAST Software
2013-08-08 20:33 . 2013-08-08 20:33    --------    d-----w-    c:\users\Drew\AppData\Local\Macromedia
2013-08-08 20:19 . 2013-09-06 18:40    --------    d-----r-    c:\users\Drew\Dropbox
2013-08-08 20:14 . 2013-09-06 18:52    29    ----a-w-    c:\windows\SysWow64\TempWmicBatchFile.bat
2013-08-08 18:12 . 2013-08-08 18:12    --------    d-----w-    c:\users\Drew\AppData\Roaming\Winamp
2013-08-08 18:12 . 2013-08-08 18:12    --------    d-----w-    c:\users\Drew\AppData\Roaming\VSO
2013-08-08 18:12 . 2013-08-08 18:12    --------    d-----w-    c:\users\Drew\AppData\Roaming\vlc
2013-08-08 18:12 . 2013-08-08 18:12    --------    d-----w-    c:\users\Drew\AppData\Roaming\uTorrent
2013-08-08 18:12 . 2013-08-08 18:12    --------    d-----w-    c:\users\Drew\AppData\Roaming\TuneUp Software
2013-08-08 18:12 . 2013-08-08 18:12    --------    d-----w-    c:\users\Drew\AppData\Roaming\TOSHIBA
2013-08-08 18:12 . 2013-08-08 18:12    --------    d-----w-    c:\users\Drew\AppData\Roaming\Template
2013-08-08 18:12 . 2013-08-08 18:12    --------    d-----w-    c:\users\Drew\AppData\Roaming\TeamViewer
2013-08-08 18:11 . 2013-09-06 18:41    --------    d-----w-    c:\users\Drew\AppData\Roaming\Spotify
2013-08-08 18:11 . 2013-08-08 18:11    --------    d-----w-    c:\users\Drew\AppData\Roaming\skypePM
2013-08-08 18:11 . 2013-09-04 11:04    --------    d-----w-    c:\users\Drew\AppData\Roaming\Skype
2013-08-08 18:11 . 2013-08-08 18:11    --------    d-----w-    c:\users\Drew\AppData\Roaming\Reviversoft
2013-08-08 18:11 . 2013-08-08 18:11    --------    d-----w-    c:\users\Drew\AppData\Roaming\Nikon
2013-08-08 18:11 . 2013-08-08 18:11    --------    d-----w-    c:\users\Drew\AppData\Roaming\Media Player Classic
2013-08-08 18:11 . 2013-08-08 18:11    --------    d-----w-    c:\users\Drew\AppData\Roaming\iConcertCal
2013-08-08 18:11 . 2013-08-08 18:11    --------    d-----w-    c:\users\Drew\AppData\Roaming\ICAClient
2013-08-08 18:11 . 2013-08-16 01:42    --------    d-----w-    c:\users\Drew\AppData\Roaming\HpUpdate
2013-08-08 18:10 . 2013-08-08 18:11    --------    d-----w-    c:\users\Drew\AppData\Roaming\GoodSync
2013-08-08 18:10 . 2013-08-08 18:10    --------    d-----w-    c:\users\Drew\AppData\Roaming\FrostWire
2013-08-08 18:10 . 2013-08-08 18:10    --------    d-----w-    c:\users\Drew\AppData\Roaming\Facebook
2013-08-08 18:10 . 2013-09-06 18:41    --------    d-----w-    c:\users\Drew\AppData\Roaming\Dropbox
2013-08-08 18:10 . 2013-08-08 18:10    --------    d-----w-    c:\users\Drew\AppData\Roaming\Azureus
2013-08-08 18:10 . 2013-08-08 18:10    --------    d-----w-    c:\users\Drew\AppData\Roaming\ATI
2013-08-08 18:10 . 2013-08-08 18:10    --------    d-----w-    c:\users\Drew\AppData\Roaming\Arcsoft
2013-08-08 17:00 . 2013-08-08 18:10    --------    d-----w-    c:\users\Drew\AppData\Roaming\Apple Computer
2013-08-08 17:00 . 2013-08-08 17:00    --------    d-----w-    c:\users\Drew\AppData\Roaming\Amazon
2013-08-08 17:00 . 2013-08-08 17:00    --------    d-----w-    c:\users\Drew\AppData\Local\Yahoo
2013-08-08 16:56 . 2013-08-08 17:00    --------    d-----w-    c:\users\Drew\AppData\Local\Spotify
2013-08-08 16:56 . 2013-08-08 16:56    --------    d-----w-    c:\users\Drew\AppData\Local\SOS Online Backup
2013-08-08 16:56 . 2013-08-08 16:56    --------    d-----w-    c:\users\Drew\AppData\Local\SlimWare Utilities Inc
2013-08-08 16:55 . 2013-08-08 16:55    --------    d-----w-    c:\users\Drew\AppData\Local\Simplify Media
2013-08-08 16:55 . 2013-08-08 16:55    --------    d-----w-    c:\users\Drew\AppData\Local\Rogue_Amoeba
2013-08-08 16:55 . 2013-08-08 16:55    --------    d-----w-    c:\users\Drew\AppData\Local\Rogue Amoeba
2013-08-08 16:55 . 2013-08-11 04:40    --------    d-----w-    c:\users\Drew\AppData\Local\Programs
2013-08-08 16:53 . 2013-08-08 16:53    --------    d-----w-    c:\users\Drew\AppData\Local\Mozilla
2013-08-08 16:31 . 2013-08-08 16:31    --------    d-----w-    c:\users\Drew\AppData\Local\MFAData
2013-08-08 16:31 . 2013-08-08 16:31    --------    d-----w-    c:\users\Drew\AppData\Local\Last.fm
2013-08-08 16:31 . 2013-08-08 16:31    --------    d-----w-    c:\users\Drew\AppData\Local\Geckofx
2013-08-08 16:31 . 2013-08-08 16:31    --------    d-----w-    c:\users\Drew\AppData\Local\Deployment
2013-08-08 16:31 . 2013-09-05 22:47    --------    d-----w-    c:\users\Drew\AppData\Local\CrossLoop
2013-08-08 16:31 . 2013-08-08 16:31    --------    d-----w-    c:\users\Drew\AppData\Local\Citrix
2013-08-08 16:31 . 2013-08-08 16:31    --------    d-----w-    c:\users\Drew\AppData\Local\ATI
2013-08-08 16:31 . 2013-08-08 16:31    --------    d-----w-    c:\users\Drew\AppData\Local\Apps
2013-08-08 16:29 . 2013-08-08 16:31    --------    d-----w-    c:\users\Drew\AppData\Local\Apple Computer
2013-08-08 16:29 . 2013-08-08 16:29    --------    d-----w-    c:\users\Drew\AppData\Local\Apple
2013-08-08 16:29 . 2013-08-08 16:29    --------    d-----w-    c:\users\Drew\AppData\Local\Adobe
2013-08-08 14:00 . 2013-08-08 14:00    --------    d-----w-    c:\program files (x86)\TeamViewer
2013-08-08 14:00 . 2013-08-08 14:00    --------    d-----w-    c:\program files (x86)\FrostWire
2013-08-08 14:00 . 2013-08-08 14:00    --------    d-----w-    c:\program files (x86)\DivX
2013-08-08 14:00 . 2013-08-08 14:00    --------    d-----w-    c:\program files (x86)\Audible
2013-08-08 14:00 . 2013-08-08 14:00    --------    d-----w-    c:\program files (x86)\Audacity
2013-08-08 13:51 . 2013-08-16 01:09    --------    d-----w-    c:\users\Drew\AppData\Local\Google
2013-08-08 07:06 . 2013-08-08 07:06    --------    d-----w-    c:\windows\SysWow64\Wat
2013-08-08 07:06 . 2013-08-08 07:06    --------    d-----w-    c:\windows\system32\Wat
2013-08-08 03:53 . 2013-08-08 03:53    --------    d-----w-    c:\users\Drew\Roaming
2013-08-08 03:51 . 2013-08-08 03:51    --------    d-----w-    c:\users\Default\Roaming
2013-08-08 03:51 . 2013-08-08 03:51    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2013-08-08 03:51 . 2013-08-08 03:51    --------    d-----w-    c:\program files (x86)\Common Files\Ulead Systems
2013-08-08 03:51 . 2013-08-08 03:51    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2013-08-08 03:51 . 2013-08-08 03:51    --------    d-----w-    c:\program files (x86)\Common Files\PX Storage Engine
2013-08-08 03:50 . 2013-08-08 03:50    --------    d-----w-    c:\program files (x86)\Common Files\Java
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 13:51 . 2013-06-07 03:12    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-11 13:51 . 2013-06-07 03:12    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 06:04    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"HP Photosmart 6520 series (NET)"="c:\program files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
"Spotify Web Helper"="c:\users\Drew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-01 1104384]
"Spotify"="c:\users\Drew\AppData\Roaming\Spotify\Spotify.exe" [2013-07-01 4643328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DTS Studio Sound"="c:\program files (x86)\DTS" [X]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2008-08-03 36352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"SOSUAUI"="c:\program files (x86)\SOS Online Backup\sosuploadagent.exe" [2013-08-01 57728]
"SMessaging"="c:\program files (x86)\SOS Online Backup\SMessaging.exe" [2013-08-01 66944]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2009-12-17 1795488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tvnserver;TightVNC Server;c:\users\Drew\AppData\Local\CrossLoop\tvnserver.exe;c:\users\Drew\AppData\Local\CrossLoop\tvnserver.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]
S2 CrossLoopService;CrossLoop Service;c:\users\Drew\AppData\Local\CrossLoop\CrossLoopService.exe;c:\users\Drew\AppData\Local\CrossLoop\CrossLoopService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 dts_apo_service;DTS APO Service;c:\program files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe;c:\program files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 SMITS;SMITS;c:\windows\SysWOW64\SMITSC.exe;c:\windows\SysWOW64\SMITSC.exe [x]
S2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S3 ETD;ELAN PS/2_SMBus Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 11:24    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-07 13:51]
.
2013-09-06 c:\windows\Tasks\Online Backup Update Notifier.job
- c:\program files (x86)\SOS Online Backup\SUpdateNotifier.exe [2013-08-01 01:39]
.
2013-09-06 c:\windows\Tasks\SOS Online Backup - drdrew.job
- c:\program files (x86)\SOS Online Backup\sosuploadagent.exe [2013-08-01 01:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-13 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-13 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-13 444400]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2013-01-11 894048]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"UMonit64"="c:\windows\SysWOW64\UMonit64.exe" [2013-04-09 40960]
"TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2013-05-07 997216]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba13.msn.com
mDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://toshiba13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Internet Explorer provided by TOSHIBA
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:8080
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\b6cf1l04.default-1373223020928\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=webhp#t_0
FF - ExtSQL: 2013-07-07 10:04; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-08-08 16:57; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Tango - c:\program files (x86)\Tango\Tango.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk - c:\windows\Installer\{7093E21A-5E1F-4EB0-B867-F11D1FC0E9AD}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe /startup
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-BatteryManager - c:\program files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-09-06  14:56:14 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-06 18:56
.
Pre-Run: 765,650,272,256 bytes free
Post-Run: 765,266,096,128 bytes free
.
- - End Of File - - 60FFF50416E08AF507B6E7E06FB672E1
5B5E648D12FCADC244C1EC30318E1EB9
 



#8 drdrew

drdrew
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 07 September 2013 - 01:22 AM

Update.  It's been about ten hours since I ran ComboFix, and so far there have been no more occurrences of IE popping up.  Last time I got my hopes up too quickly, but maybe this time it's worked.  I'll give it another few days before we declare victory, but so far so good!



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 07 September 2013 - 08:37 AM

Good news.

One last scan.

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#10 drdrew

drdrew
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 07 September 2013 - 12:38 PM

About 24 hours out, and it happened again!  So frustrating.  In addition, this time when I went to close IE I got the following message in a Windows pop-up box:  "You are about to leave a secure Internet connection. It will be possible for others to view information you send.  Do you want to continue?"

 

Arrggh!  More ideas?
 



#11 drdrew

drdrew
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 07 September 2013 - 12:47 PM

The IE popup is still occurring after all, as noted above.

 

Here is checkup.txt:

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 26  
 Java 7 Update 25  
 Java™ 6 Update 3  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox (23.0.1)
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 SOS Online Backup SUpdateNotifier.exe   
 SOS Online Backup SMessaging.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 07 September 2013 - 01:34 PM

Remove these old versions of Java using the Add/Remove Progams.

Java™ 6 Update 3
Java™ 6 Update 26


===

"You are about to leave a secure Internet connection. It will be possible for others to view information you send. Do you want to continue?"


Open IE Menu &gt; Tools &gt; Internet Options &gt; Advanced Tab
Near the bottom. Warn when Changine.... Uncheck the box.
Click apply if required.

===

Post No 6. execute again the ipconfig settings.
===
Empty flash cache.
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
&lt;&lt;&lt;&gt;&gt;&gt;
Clean the Java Cache. Tutorial.
http://www.java.com/en/download/help/plugin_cache.xml


Restart the computer normally.

Keep me posted.
...

Edited by nasdaq, 07 September 2013 - 01:36 PM.


#13 drdrew

drdrew
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 07 September 2013 - 02:09 PM

All finished.  Did you want me to restore IE default settings under the advanced tab again too?  This was in post #6 after all the ipconfig stuff.



#14 drdrew

drdrew
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 07 September 2013 - 11:49 PM

Despite finishing all of the above, this problem with IE is still happening. 4X in the last hour.  



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 08 September 2013 - 08:43 AM

The only this I can now suggest is that your remove IE 10 using the Add/Remove programs.

This should restore the previous version.

Test that version and let me know if the problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users