I have been noticing weird symptoms with my computer - in the event viewer logs, I am seeing errors such as "Cryptographics Services service terminated unexpectedly" repeatedly, programs sometimes freeze and do not respond for 60-90 seconds (but eventually do), etc. Running boot_cleaner.exe (bootkit_remover) and it states "Boot code on some of your physical disks is hidden by a rootkit."
Here are my logs:
****************DDS.TXT*******************
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447
Run by jonesas at 10:06:26 on 2013-02-28
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3819.1647 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\CCM\CcmExec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.coupons.com/
BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clayton
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
TCP: NameServer = 10.2.1.2 10.1.16.111 10.2.1.1
TCP: Interfaces\{6858871A-2138-40E3-A415-DF12B09FECCF} : DHCPNameServer = 10.2.1.2 10.1.16.111 10.2.1.1
TCP: Interfaces\{6858871A-2138-40E3-A415-DF12B09FECCF}\A4F6E6563727163696E676 : DHCPNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{C8CBD6A1-7D4D-469A-B021-8FF78BA781CE} : DHCPNameServer = 10.2.1.2 10.1.16.111 10.2.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\katrack.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\WFU2012\AppData\Roaming\Mozilla\Firefox\Profiles\gpfneout.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://google.wfu.edu
FF - prefs.js: keyword.URL - hxxp://search.fantastigames.com/web?src=ffb&appid=103&systemid=453&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-16 07:31; adapter@gingersoftware.com; C:\Users\WFU2012\AppData\Roaming\Mozilla\Firefox\Profiles\gpfneout.default\extensions\adapter@gingersoftware.com
FF - ExtSQL: !HIDDEN! 2012-10-28 17:27; adapter@gingersoftware.com; C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-12-12 29512]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-20 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 203888]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2013-2-27 33800]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-28 25416]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-12-12 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-12-12 101888]
R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-6-20 216704]
R3 AMPPAL;IntelÆ CentrinoÆ Wireless BluetoothÆ + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-7-2 163368]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-12-12 594472]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-7-2 39976]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-20 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-20 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-19 25528]
R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-6-20 27432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;IntelÆ CentrinoÆ Wireless BluetoothÆ + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-12-8 71168]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-19 35256]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-20 331264]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 98688]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-12-8 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-12-8 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-12-8 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-8 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-12-8 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-12-8 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
S4 AMPPALR3;IntelÆ CentrinoÆ Wireless BluetoothÆ + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
S4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
S4 Cisco WebEx Connect Upgrade Service;Cisco WebEx Connect Upgrade Service;C:\Program Files (x86)\WebEx\Connect\apUpdate.exe [2011-12-1 856888]
S4 CorelCreatorMessages;CorelCreatorMessages;C:\Windows\System32\CorelCreatorMessages.exe [2012-4-25 105984]
S4 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-6-20 320576]
S4 GingerUpdateService;GingerUpdateService;C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [2013-2-14 272680]
S4 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
S4 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
S4 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-6-20 58192]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-12 101736]
S4 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-6-20 61264]
S4 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-6-20 175440]
S4 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-12 133992]
S4 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-12-12 1662560]
S4 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-12-12 1665120]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S4 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-12 145256]
S4 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-2-12 144960]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-12 363800]
.
=============== Created Last 30 ================
.
2013-02-28 13:55:16 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF2D3B2D-9954-423D-93C7-96FCB26C7429}\mpengine.dll
2013-02-28 13:41:57 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-27 21:36:22 -------- d-----w- C:\New folder
2013-02-27 21:30:24 -------- d-----w- C:\bootkit_remover
2013-02-27 19:52:08 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2013-02-27 19:52:04 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-02-27 18:58:37 39424 ----a-w- C:\esentprf.dll
2013-02-27 18:58:37 2565632 ----a-w- C:\esent.dll
2013-02-26 22:37:35 -------- d-----w- C:\FRST
2013-02-26 16:19:06 98816 ----a-w- C:\Windows\sed.exe
2013-02-26 16:19:06 256000 ----a-w- C:\Windows\PEV.exe
2013-02-26 16:19:06 208896 ----a-w- C:\Windows\MBR.exe
2013-02-26 15:55:05 -------- d-----w- C:\Windows\pss
2013-02-26 14:54:11 -------- d-----w- C:\Program Files (x86)\CleanUp!
2013-02-26 14:24:47 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-26 14:21:03 -------- d-----w- C:\Users\WFU2012\AppData\Roaming\SUPERAntiSpyware.com
2013-02-26 14:20:50 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-02-26 14:20:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-02-25 20:24:06 -------- d-----w- C:\Users\WFU2012\AppData\Local\Programs
2013-02-25 12:48:29 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-02-25 12:48:28 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-25 12:34:37 -------- d-----w- C:\Program Files (x86)\JavaJREUpdate
2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 16:29:02 -------- d-----w- C:\Users\WFU2012\AppData\Local\WebEx Connect
2013-02-13 16:28:43 -------- d-----w- C:\Users\WFU2012\AppData\Roaming\WebEx Connect
2013-02-13 13:52:39 249 ----a-w- C:\Reset_and_Clear_Print_Spooler_Queue.bat
2013-02-12 16:15:18 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-02-12 16:15:18 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-02-12 16:15:18 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-02-12 16:15:18 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-02-12 16:15:17 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-02-12 15:06:07 68864 ----a-w- C:\Windows\System32\drivers\stream.sys
2013-02-12 14:48:10 569152 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2013-02-06 13:10:57 -------- d-----w- C:\Users\WFU2012\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2013-02-13 18:46:13 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 18:46:13 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 10:06:58.23 ===============
**************MALWAREBYTES**************
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.25.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jonesas :: JONESAS-6920 [administrator]
2/28/2013 9:29:59 AM
mbam-log-2013-02-28 (09-29-59).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 424711
Time elapsed: 34 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\WFU2012\Downloads\CD\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
(end)
Attach.txt will be added separately since it is so long
Here are my logs:
****************DDS.TXT*******************
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447
Run by jonesas at 10:06:26 on 2013-02-28
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3819.1647 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\CCM\CcmExec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.coupons.com/
BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clayton
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
TCP: NameServer = 10.2.1.2 10.1.16.111 10.2.1.1
TCP: Interfaces\{6858871A-2138-40E3-A415-DF12B09FECCF} : DHCPNameServer = 10.2.1.2 10.1.16.111 10.2.1.1
TCP: Interfaces\{6858871A-2138-40E3-A415-DF12B09FECCF}\A4F6E6563727163696E676 : DHCPNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{C8CBD6A1-7D4D-469A-B021-8FF78BA781CE} : DHCPNameServer = 10.2.1.2 10.1.16.111 10.2.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\katrack.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\WFU2012\AppData\Roaming\Mozilla\Firefox\Profiles\gpfneout.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://google.wfu.edu
FF - prefs.js: keyword.URL - hxxp://search.fantastigames.com/web?src=ffb&appid=103&systemid=453&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-16 07:31; adapter@gingersoftware.com; C:\Users\WFU2012\AppData\Roaming\Mozilla\Firefox\Profiles\gpfneout.default\extensions\adapter@gingersoftware.com
FF - ExtSQL: !HIDDEN! 2012-10-28 17:27; adapter@gingersoftware.com; C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-12-12 29512]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-20 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 203888]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2013-2-27 33800]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-28 25416]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-12-12 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-12-12 101888]
R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-6-20 216704]
R3 AMPPAL;IntelÆ CentrinoÆ Wireless BluetoothÆ + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-7-2 163368]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-12-12 594472]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-7-2 39976]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-20 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-20 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-19 25528]
R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-6-20 27432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;IntelÆ CentrinoÆ Wireless BluetoothÆ + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-12-8 71168]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-19 35256]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-20 331264]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 98688]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-12-8 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-12-8 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-12-8 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-8 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-12-8 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-12-8 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
S4 AMPPALR3;IntelÆ CentrinoÆ Wireless BluetoothÆ + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
S4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
S4 Cisco WebEx Connect Upgrade Service;Cisco WebEx Connect Upgrade Service;C:\Program Files (x86)\WebEx\Connect\apUpdate.exe [2011-12-1 856888]
S4 CorelCreatorMessages;CorelCreatorMessages;C:\Windows\System32\CorelCreatorMessages.exe [2012-4-25 105984]
S4 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-6-20 320576]
S4 GingerUpdateService;GingerUpdateService;C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [2013-2-14 272680]
S4 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
S4 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
S4 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-6-20 58192]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-12 101736]
S4 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-6-20 61264]
S4 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-6-20 175440]
S4 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-12 133992]
S4 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-12-12 1662560]
S4 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-12-12 1665120]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S4 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-12 145256]
S4 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-2-12 144960]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-12 363800]
.
=============== Created Last 30 ================
.
2013-02-28 13:55:16 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF2D3B2D-9954-423D-93C7-96FCB26C7429}\mpengine.dll
2013-02-28 13:41:57 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-27 21:36:22 -------- d-----w- C:\New folder
2013-02-27 21:30:24 -------- d-----w- C:\bootkit_remover
2013-02-27 19:52:08 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2013-02-27 19:52:04 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-02-27 18:58:37 39424 ----a-w- C:\esentprf.dll
2013-02-27 18:58:37 2565632 ----a-w- C:\esent.dll
2013-02-26 22:37:35 -------- d-----w- C:\FRST
2013-02-26 16:19:06 98816 ----a-w- C:\Windows\sed.exe
2013-02-26 16:19:06 256000 ----a-w- C:\Windows\PEV.exe
2013-02-26 16:19:06 208896 ----a-w- C:\Windows\MBR.exe
2013-02-26 15:55:05 -------- d-----w- C:\Windows\pss
2013-02-26 14:54:11 -------- d-----w- C:\Program Files (x86)\CleanUp!
2013-02-26 14:24:47 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-26 14:21:03 -------- d-----w- C:\Users\WFU2012\AppData\Roaming\SUPERAntiSpyware.com
2013-02-26 14:20:50 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-02-26 14:20:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-02-25 20:24:06 -------- d-----w- C:\Users\WFU2012\AppData\Local\Programs
2013-02-25 12:48:29 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-02-25 12:48:28 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-25 12:34:37 -------- d-----w- C:\Program Files (x86)\JavaJREUpdate
2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 16:29:02 -------- d-----w- C:\Users\WFU2012\AppData\Local\WebEx Connect
2013-02-13 16:28:43 -------- d-----w- C:\Users\WFU2012\AppData\Roaming\WebEx Connect
2013-02-13 13:52:39 249 ----a-w- C:\Reset_and_Clear_Print_Spooler_Queue.bat
2013-02-12 16:15:18 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-02-12 16:15:18 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-02-12 16:15:18 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-02-12 16:15:18 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-02-12 16:15:17 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-02-12 15:06:07 68864 ----a-w- C:\Windows\System32\drivers\stream.sys
2013-02-12 14:48:10 569152 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2013-02-06 13:10:57 -------- d-----w- C:\Users\WFU2012\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2013-02-13 18:46:13 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 18:46:13 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 10:06:58.23 ===============
**************MALWAREBYTES**************
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.25.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jonesas :: JONESAS-6920 [administrator]
2/28/2013 9:29:59 AM
mbam-log-2013-02-28 (09-29-59).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 424711
Time elapsed: 34 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\WFU2012\Downloads\CD\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
(end)
Attach.txt will be added separately since it is so long