# Virus did something to my power



## gib65 (Aug 27, 2014)

Hello,

I recent had a virus that I believe I got rid of. However, it seems to have done something to my power. Now, when I plug my power cable in, it only recharges the battery half the time. The other half, the battery continues to be drained. It's able to detect that the cable is plugged in as it says "plugged in, recharging" even though it is NOT recharging.

I would consider that maybe I've got a problem with my power cable, but this is the second time this has happened. Last time, I had a virus, I got rid of it, and then the power started doing exactly the same thing. I got a replacement power cable and that seemed to fix the problem. However, this can't be just coincidence. Both times, the power failed to recharge exactly when I got the virus and continued after I got rid of the virus.

Can someone please help me figure out if this can be fixed via the software?


----------



## Agent Smith (Aug 28, 2014)

I would try to reinstall the USB drivers. Use Sandboxie if your getting viruses.


----------



## gib65 (Aug 30, 2014)

I think I'm going to need more than the USB drivers. It appears my anti-virus didn't kill the virus by just scared it away temporarily.

It's back now and it's got the following symptoms:

-Clicking on links sometimes opens up unwanted websites in new tabs.
-Does funky things with the power (as you know).
-hyperlinks key words in texts (mainly internet forums) like in the attachment.


----------



## johnb35 (Aug 30, 2014)

Please do the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.






TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.






Please reboot the system if asked to do so. 

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example,  C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt  

Please open the log and copy and paste it back here.


----------



## Agent Smith (Aug 30, 2014)

Run Rkill first then scan your computer with Malwarebytes, Herdprotect, ADwcleaner  and SUPERAntiSpyware Free Edition.

http://www.bleepingcomputer.com/download/rkill/

https://www.malwarebytes.org/mwb-download/

http://www.herdprotect.com/downloads.aspx

http://www.bleepingcomputer.com/download/adwcleaner/

http://www.superantispyware.com/superantispywarefreevspro.html


----------



## gib65 (Aug 30, 2014)

I ran TDSSKiller, but it detected no threats.

I then ran through Agent Smith's list, it detected some things, but I'm still seeing the hyperlinked texts in my web browser.

Here are the logs:

RKill:

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/30/2014 11:19:29 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\gib\AppData\Roaming\Google\Google Talk\googletalk.exe (PID: 1296) [UP-HEUR]
 * C:\Users\gib\AppData\Local\Temp\Adobelm_Cleanup.0001 (PID: 4000) [UP-HEUR]
 * C:\Users\gib\AppData\Local\Temp\Adobelm_Cleanup.0001 (PID: 4000) [T-HEUR]
 * C:\Users\gib\AppData\Local\Temp\Adobelm_Cleanup.0001 (PID: 8408) [UP-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1       localhost

Program finished at: 08/30/2014 11:22:18 AM
Execution time: 0 hours(s), 2 minute(s), and 48 seconds(s)


MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/08/2014
Scan Time: 11:29:00 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.30.05
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: gib

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 414863
Time Elapsed: 19 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


AdCleaner:

# AdwCleaner v3.308 - Report created 30/08/2014 at 14:29:11
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : gib - GIBS-LAPTOP
# Running from : F:\anti-malware\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\gib\Documents\Updater

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\gib\AppData\Roaming\Mozilla\Firefox\Profiles\ekm94xc0.default-1361245500945\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\gib\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1605 octets] - [22/08/2013 18:52:18]
AdwCleaner[R1].txt - [1845 octets] - [13/04/2014 11:40:21]
AdwCleaner[R2].txt - [3787 octets] - [17/08/2014 11:03:23]
AdwCleaner[R3].txt - [1521 octets] - [23/08/2014 11:30:16]
AdwCleaner[R4].txt - [1539 octets] - [30/08/2014 14:25:44]
AdwCleaner[S0].txt - [1688 octets] - [22/08/2013 18:53:54]
AdwCleaner[S1].txt - [1932 octets] - [13/04/2014 11:45:14]
AdwCleaner[S2].txt - [3575 octets] - [17/08/2014 11:07:49]
AdwCleaner[S3].txt - [1588 octets] - [23/08/2014 11:38:16]
AdwCleaner[S4].txt - [1464 octets] - [30/08/2014 14:29:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1524 octets] ##########


SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/30/2014 at 03:24 PM

Application Version : 6.0.1130
Database Version : 11471

Scan type       : Complete Scan
Total Scan Time : 00:39:58

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 855
Memory threats detected   : 0
Registry items scanned    : 63675
Registry threats detected : 0
File items scanned        : 41048
File threats detected     : 173

Adware.Tracking Cookie
	C:\Users\gib\AppData\Roaming\Microsoft\Windows\Cookies\3DUCKZZB.txtC:\Users\gib\AppData\Roaming\Microsoft\Windows\Cookies\3DUCKZZB.txt [ /mediaplex.com ]
	C:\Users\gib\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0LF92V0.txtC:\Users\gib\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0LF92V0.txt [ /doubleclick.net ]
	.adserver.adtechus.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.at.atwola.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	8tracks.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.8tracks.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.8tracks.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	8tracks.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtechus.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atwola.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.telus.122.2o7.net [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ero-advertising.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	delivery.trafficforce.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.porntube.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads2.zeusclicks.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads.ibtracking.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pornhub.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pornhub.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pornhub.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adultfriendfinder.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adultfriendfinder.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.yadro.ru [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.sextubeset.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.sextubeset.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.enoratraffic.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.xxxconnect.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	wt.xxxconnect.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.streamsexclips.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.embeds.sunporno.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.embeds.sunporno.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	in.getclicky.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficshop.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficshop.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.ixxx.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ixxx.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ixxx.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ixxx.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.youporn.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.youporn.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficjunky.net [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.youporn.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.youporn.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.youporn.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	sexcategory.xxx [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.sexpillguru.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.sexad.net [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxpansion.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxpansion.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxpansion.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.at.atwola.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\GIB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	cdn1b.static.pornhub.phncdn.com [ C:\USERS\GIB\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8ZWZ5KLD ]
	.doubleclick.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.dmtracker.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.eyeviewads.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	tracking-lr.adsafety.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	c1.adform.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.adtechus.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	c1.adform.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.cracked.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.atlanticmedia.122.2o7.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.revenuemantra.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	click.dealshark.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.pornhub.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.pornhub.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.pornhub.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	ads.trafficjunky.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	ads.trafficjunky.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	ads.trafficjunky.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.trafficjunky.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.exoclick.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.exoclick.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.ad.mlnadvertising.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.trackalyzer.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.googleadservices.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	coreclickhoo.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.track.itrc888.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	click.blueseek.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\GIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EKM94XC0.DEFAULT-1361245500945\COOKIES.SQLITE ]

PUP.CNETInstaller
	C:\INSTALL PACKAGES\CNET2_SC11A_EXE.EXE

============
 End of Log 
============


I didn't get a log for HerdProtect.

Also, I can upload the TDSSKiller log (even though it said it didn't detect any threats), but it's too long to post here.


----------



## johnb35 (Aug 31, 2014)

Run a temp file cleaner to get rid of the hyper links temporarily.  They will return shortly though.  Use adblock plus to totally block those ads. 

https://adblockplus.org

Also run the following.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.




We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  


If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine. 


In your next reply please post:

The ComboFix log
An update on how your computer is running


----------



## gib65 (Aug 31, 2014)

johnb35 said:


> Run a temp file cleaner to get rid of the hyper links temporarily.



What would be a good example of a temp file cleaner?


----------



## spirit (Aug 31, 2014)

gib65 said:


> What would be a good example of a temp file cleaner?



CCleaner or the in-built Windows Disk Cleaner.


----------



## gib65 (Aug 31, 2014)

The popup blocker doesn't seem to be blocking the hyperlinked texts.

I ran combofix and here's the log:


ComboFix 14-08-31.01 - gib 31/08/2014  11:41:35.11.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7655.4771 [GMT -6:00]
Running from: c:\users\gib\Desktop\ComboFix.exe
AV: TELUS security services Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: TELUS security services Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: TELUS security services Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-31  )))))))))))))))))))))))))))))))
.
.
2014-08-31 17:49 . 2014-08-31 17:49	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-08-31 17:49 . 2014-08-31 17:49	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2014-08-23 16:40 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-23 16:40 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-08-23 16:40 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2014-08-23 16:40 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-08-23 16:40 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-23 16:40 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-08-23 16:40 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-23 16:40 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-21 01:28 . 2014-05-14 16:23	44512	----a-w-	c:\windows\system32\wups2.dll
2014-08-21 01:28 . 2014-05-14 16:23	58336	----a-w-	c:\windows\system32\wuauclt.exe
2014-08-21 01:28 . 2014-05-14 16:21	2620928	----a-w-	c:\windows\system32\wucltux.dll
2014-08-21 01:28 . 2014-05-14 16:23	2477536	----a-w-	c:\windows\system32\wuaueng.dll
2014-08-21 01:27 . 2014-05-14 16:23	38880	----a-w-	c:\windows\system32\wups.dll
2014-08-21 01:27 . 2014-05-14 16:23	36320	----a-w-	c:\windows\SysWow64\wups.dll
2014-08-21 01:27 . 2014-05-14 16:23	700384	----a-w-	c:\windows\system32\wuapi.dll
2014-08-21 01:27 . 2014-05-14 16:23	581600	----a-w-	c:\windows\SysWow64\wuapi.dll
2014-08-21 01:27 . 2014-05-14 16:20	97792	----a-w-	c:\windows\system32\wudriver.dll
2014-08-21 01:27 . 2014-05-14 16:17	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2014-08-21 01:27 . 2014-05-14 15:23	198600	----a-w-	c:\windows\system32\wuwebv.dll
2014-08-21 01:27 . 2014-05-14 15:23	179656	----a-w-	c:\windows\SysWow64\wuwebv.dll
2014-08-21 01:27 . 2014-05-14 15:20	36864	----a-w-	c:\windows\system32\wuapp.exe
2014-08-21 01:27 . 2014-05-14 15:17	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2014-08-17 17:14 . 2014-08-31 16:43	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-17 17:13 . 2014-05-12 13:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-17 17:13 . 2014-05-12 13:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-17 17:04 . 2010-08-30 14:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-08-17 16:06 . 2014-08-23 18:17	--------	d-----w-	C:\anti-virus
2014-08-15 14:35 . 2014-08-15 14:35	--------	d-----w-	c:\program files (x86)\EZ Software Updater
2014-08-14 09:46 . 2014-07-16 03:23	2048	----a-w-	c:\windows\system32\tzres.dll
2014-08-14 09:46 . 2014-07-16 02:46	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-08-14 09:46 . 2014-06-03 10:02	3241984	----a-w-	c:\windows\system32\msi.dll
2014-08-14 09:46 . 2014-06-03 10:02	112064	----a-w-	c:\windows\system32\consent.exe
2014-08-14 09:46 . 2014-06-03 10:02	504320	----a-w-	c:\windows\system32\msihnd.dll
2014-08-14 09:46 . 2014-06-03 10:02	1941504	----a-w-	c:\windows\system32\authui.dll
2014-08-14 09:46 . 2014-06-03 09:29	337408	----a-w-	c:\windows\SysWow64\msihnd.dll
2014-08-14 09:46 . 2014-06-03 09:29	2363392	----a-w-	c:\windows\SysWow64\msi.dll
2014-08-14 09:46 . 2014-06-03 09:29	1805824	----a-w-	c:\windows\SysWow64\authui.dll
2014-08-14 09:46 . 2014-06-16 02:10	985536	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2014-08-14 09:46 . 2014-06-25 02:05	14175744	----a-w-	c:\windows\system32\shell32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 02:16 . 2012-03-30 02:31	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-29 02:16 . 2012-03-30 02:31	699568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-23 16:47 . 2012-03-20 03:45	99218768	----a-w-	c:\windows\system32\MRT.exe
2014-08-05 15:20 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-06-18 02:18 . 2014-07-09 01:49	692736	----a-w-	c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 01:49	646144	----a-w-	c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 01:49	624128	----a-w-	c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 01:49	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 01:48	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 01:48	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 01:48	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-08-14 7762712]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"googletalk"="c:\users\gib\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-11 343168]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Tsa.exe"="c:\program files (x86)\TELUS\TELUS security advisor\Tsa.exe" [2010-12-16 4318520]
"Adobe Version Cue CS2"="c:\adobe creative suite 2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-05-11 3478600]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-08-31 452272]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
.
c:\users\gib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-11-6 576000]
Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe auto [2013-10-27 2447360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bdfsfltr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\scan]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EZ Software Updater;EZ Software Updater;c:\program files (x86)\EZ Software Updater\EZ Software Updater.exe;c:\program files (x86)\EZ Software Updater\EZ Software Updater.exe [x]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [x]
R2 Radialpoint Security Services;TELUS security services;c:\program files (x86)\TELUS\TELUS security services\RpsSecurityAwareR.exe;c:\program files (x86)\TELUS\TELUS security services\RpsSecurityAwareR.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\SysWOW64\drivers\AVGIDSEH.sys;c:\windows\SysWOW64\drivers\AVGIDSEH.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent;c:\program files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 ServicepointService;ServicepointService;c:\program files (x86)\TELUS\TELUS security advisor\ServicepointService.exe;c:\program files (x86)\TELUS\TELUS security advisor\ServicepointService.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys;c:\windows\SYSNATIVE\drivers\lmvac.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys;c:\program files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [x]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys;c:\program files (x86)\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
*Deregistered* - MBAMWebAccessControl
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 00:30	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:16]
.
2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-15 04:10]
.
2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-15 04:10]
.
2014-08-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 17f8adbe-4d88-4694-aa34-dabd2d3b6a69.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-08-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5f3b6e34-dd37-492e-a4f1-ee20b42f627a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 64.59.135.145 64.59.128.114
FF - ProfilePath - c:\users\gib\AppData\Roaming\Mozilla\Firefox\Profiles\ekm94xc0.default-1361245500945\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{A466B1B6-033B-8383-19D8-660A8A83F8CD} - c:\progra~3\INSTAL~1\{2B2ED~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-31  11:52:29
ComboFix-quarantined-files.txt  2014-08-31 17:52
ComboFix2.txt  2014-08-23 18:37
ComboFix3.txt  2013-08-22 02:34
ComboFix4.txt  2013-06-28 01:59
ComboFix5.txt  2014-08-31 17:39
.
Pre-Run: 555,540,971,520 bytes free
Post-Run: 556,019,224,576 bytes free
.
- - End Of File - - 4FCD9B37BBC866E91FFF715F35930E44
5B5E648D12FCADC244C1EC30318E1EB9


----------



## johnb35 (Aug 31, 2014)

What popup blocker?  If you are talking about adblock, its not a popup blocker, its an ad blocker.  Did you install adblocker or something else?  If you hover over the hyperlinked text, you will see that a box will pop up and they are usually labeled kontera or vibrant or something like that.  Those are ads.  If you run Ccleaner, they will stop temporarily.


----------



## gib65 (Aug 31, 2014)

Sorry, I meant ad blocker. And yes, I ran Adblocker.

Here's an image of what pops up:


----------



## Agent Smith (Aug 31, 2014)

If you use Pale Moon or Firefox install Adblock edge. Add the privacy and Malware lists. If you surf for porn which your logs seem to indicate you should use Sandboxie. To make it much safer install Noscript and go into the options and allow base 2nd level domains by default to lessen the cumbersomeness. Herdprotect will have to run a second time. But I doubt it will find anything.


----------



## johnb35 (Aug 31, 2014)

Please provide the uninstall list from combofix.  Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt  Open that file and copy and paste the contents back here. 

You have 1 program I see that shouldn't be installed so we will check for others.

Ez software updater needs to be uninstalled.


----------



## gib65 (Sep 1, 2014)

Here's the file contents:

 Tools for .Net 3.5
Adobe Acrobat XI Pro
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Creative Suite 2
Adobe Download Assistant
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Media Player
Adobe Photoshop CS2
Adobe Photoshop Elements 11
Adobe Reader 9.3.4
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Amazon Kindle
AMD VISION Engine Control Center
ANTware II
Apple Application Support
Apple Software Update
Audacity 2.0.5
BitTorrent
BookWright version 1.0.32
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon IJ Scan Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Elements 11 Organizer
Entity Framework Designer for Visual Studio 2012 - enu
EZ Software Updater version 1.2.0.3
Google Chrome
Google Talk (remove only)
Google Update Helper
HiJackThis
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
LAME v3.99.3 (for Windows)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio Express 2012 for Web
Microsoft ASP.NET MVC 4 - Visual Studio Express 2012 for Web
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio Express 2012 for Web
Microsoft ASP.NET Web Pages 2 - Visual Studio Express 2012 for Web
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Help Viewer 2.0
Microsoft NuGet - Visual Studio Express 2012 for Web
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Data-Tier App Framework 
Microsoft SQL Server 2012 Management Objects 
Microsoft SQL Server 2012 T-SQL Language Service 
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft SQL Server System CLR Types
Microsoft System CLR Types for SQL Server 2012
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Web - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Developer Tools - Visual Studio Express 2012 for Web
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mobipocket Reader 6.2
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.50
MSVCRT
MSVCRT_amd64
MySQL Connector J
MySQL Connector Net 6.5.4
MySQL Documents 5.5
MySQL Examples and Samples 5.5
MySQL For Excel 1.1.0
MySQL Installer
MySQL Notifier 1.0.3
MySQL Workbench 5.2 CE
NaturalReaderFree
Netwaiting
Notepad++
OpenVPN Client
Opera 12.16
PDF Index Generator v1.9
Prerequisites for SSDT 
Protected Music Converter version 1.9.7.5
PSE11 STI Installer
QuickShare
QuickTime
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
RPS CRT
RPS PerfectDiskStub
RPS RpsCore
Safari
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sigil 0.7.4
Skype™ 6.11
Suite Specific
Super Finder XT 1.6.3.2
TELUS security advisor 3.7.44
TELUS security services
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
Total Recorder 8.3 Standard Edition
Update for  (KB2504637)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (32-bit)
Yahoo! Messenger
Yahoo! Software Update

I'll go ahead an uninstall EZ Software Updater.


----------



## johnb35 (Sep 5, 2014)

Sorry for the late reply.  Are you still getting the links?  Download and run this program.  

http://www.bleepingcomputer.com/download/tfc/dl/92/


Download TFC from the download link above and save the file on your desktop.
Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
Double-click on the TFC icon.
When the program starts, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
When done, press OK to reboot your computer and finish the cleanup.

Also please uninstall the following.  

Java Auto Updater
Java(TM) 6 Update 20

You can download and install the latest version from here if you need to have java installed.

www.java.com


----------



## gib65 (Sep 6, 2014)

Well, this virus seems to "pretend" to disappear for a while but then return. It disappeared temporarily after I uninstalled Ez software updater but it came back 2 days ago.

I ran TFC, uninstalled Java(TM) 6 Update 20 (Java Auto Updater wasn't there), but the virus is still with me.


----------



## johnb35 (Sep 6, 2014)

Are you sure ad block plus is installed and running?  As I said, running a temp file cleaner will stop them from appearing temporarily.  They will start back up in a day or so.  Also a block plus if running should stop these totally.


----------



## gib65 (Sep 7, 2014)

Well, I use Firefox and it seems to be installed:






And I get a little "block" tag in the upper right corner youtube video links:


----------



## johnb35 (Sep 7, 2014)

Basically it's a temp file on your system that is causing the adds to appear.  Not sure why ad block isn't blocking it unless some new company not on their database yet.  What types of websites are you visiting?


----------



## gib65 (Sep 9, 2014)

Mostly internet forums like this one.

The virus hasn't shown up in a few days now. I've got SuperAntiSpyware doing a daily scan so maybe it fixed something.


----------

