Solved Virus removal

hlevin

Posts: 85   +0
My computer is running slower than normal. My antivirus software also is not running correctly.
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Heather :: HEATHER-PC [administrator]

3/4/2013 6:43:16 PM
mbam-log-2013-03-04 (18-43-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242895
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by Heather at 18:46:08 on 2013-03-04
.
============== Running Processes ================
.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Heather\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.gwu.edu/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
uRun: [Spotify Web Helper] "C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [AIM for Windows] "C:\Users\Heather\AppData\Local\AOL\AIM\aim.exe"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Google Update] "C:\Users\Heather\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00109-0002-0009-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F845B6DB-060C-4445-B970-4BFD8AACAFC7} - hxxp://my.gwu.edu/tools/xc_loader_activex.ocx
TCP: NameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B} : DHCPNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\354796E6B697144684F636 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\354796E6B69794E684562756 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\463693 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\74751385 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\7677962756C6563737 : DHCPNameServer = 10.10.1.7 10.10.1.8
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\8656C6C6F623 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\C696E6B6379737 : DHCPNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{5FF516EE-2E91-4BCB-83F2-349553B5655D} : DHCPNameServer = 208.59.247.45 208.59.247.46
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe
x64-Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\ad9n3oru.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.gwu.edu/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Heather\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Heather\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Heather\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Heather\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Heather\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R? AMPPALP;Intelr Centrinor Wireless Bluetoothr 3.0 + High Speed Protocol
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? Impcd;Impcd
R? intaud_WaveExtensible;Intel WiDi Audio Device
R? JMCR;JMCR
R? MyWiFiDHCPDNS;Wireless PAN DHCP Server
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? RoxMediaDB12OEM;RoxMediaDB12OEM
R? RoxWatch12;Roxio Hard Drive Watcher 12
R? SkypeUpdate;Skype Updater
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
S? AERTFilters;Andrea RT Filters Service
S? AMPPAL;Intelr Centrinor Wireless Bluetoothr 3.0 + High Speed Virtual Adapter
S? AMPPALR3;Intelr Centrinor Wireless Bluetoothr 3.0 + High Speed Service
S? Bluetooth Device Monitor;Bluetooth Device Monitor
S? Bluetooth Media Service;Bluetooth Media Service
S? Bluetooth OBEX Service;Bluetooth OBEX Service
S? BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service
S? btmaudio;Intel Bluetooth Audio Service
S? btmaux;Intel Bluetooth Auxiliary Service
S? btmhsf;btmhsf
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? cvhsvc;Client Virtualization Handler
S? cyhid;Cypress Input Device
S? cykbfltrService;Cypress Keyboard Filter Driver
S? cymfltrService;Cypress Trackpad Filter Driver
S? dlbk_device;dlbk_device
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? iBtFltCoex;iBtFltCoex
S? IntcDAud;Intel(R) Display Audio
S? iwdbus;IWD Bus Enumerator
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? lxea_device;lxea_device
S? MpFilter;Microsoft Malware Protection Driver
S? NOBU;Dell DataSafe Online
S? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
S? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
S? nvkflt;nvkflt
S? nvpciflt;nvpciflt
S? PSI;PSI
S? PxHlpa64;PxHlpa64
S? SDScannerService;Spybot-S&D 2 Scanner Service
S? SDUpdateService;Spybot-S&D 2 Updating Service
S? SDWSCService;Spybot-S&D 2 Security Center Service
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? SftService;SoftThinks Agent Service
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
S? Symantec AntiVirus;Symantec Endpoint Protection
S? TurboB;Turbo Boost UI Monitor driver
S? UNS;Intel(R) Management and Security Application User Notification Service
S? wdkmd;Intel WiDi KMD
.
=============== Created Last 30 ================
.
2013-03-04 08:02:34 -------- d-----w- C:\Windows\TempE04CF95F-3D09-7D18-ED9B-42568C2F4661-Signatures
2013-03-04 08:01:11 -------- d-----w- C:\4060226328c1a2dc99
2013-03-04 04:59:10 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C845D60-DF50-4738-9D56-37EA359CC41D}\offreg.dll
2013-03-04 04:47:39 -------- d-----w- C:\Windows\en
2013-03-04 04:46:33 57856 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2013-03-04 04:43:36 -------- d-----r- C:\Users\Heather\SkyDrive
2013-03-04 04:43:32 5659096 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c6ac95c11ce189216\skydrivesetup.exe
2013-03-04 04:43:32 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2013-03-04 04:43:22 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-03-04 04:43:11 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c170dc861ce189215\DSETUP.dll
2013-03-04 04:43:11 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c170dc861ce189215\DXSETUP.exe
2013-03-04 04:43:11 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c170dc861ce189215\dsetup32.dll
2013-03-04 04:41:05 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2013-03-04 04:41:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2013-03-04 04:41:05 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2013-03-04 04:41:05 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2013-03-04 04:41:03 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2013-03-04 04:41:03 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-03-04 04:41:02 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2013-03-04 04:41:02 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-03-04 04:39:01 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\300d90251ce189202\DSETUP.dll
2013-03-04 04:39:01 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\300d90251ce189202\DXSETUP.exe
2013-03-04 04:39:01 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\300d90251ce189202\dsetup32.dll
2013-03-04 04:38:56 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2dc54d5a1ce189201\DSETUP.dll
2013-03-04 04:38:56 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2dc54d5a1ce189201\DXSETUP.exe
2013-03-04 04:38:56 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2dc54d5a1ce189201\dsetup32.dll
2013-03-04 04:37:45 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-04 04:35:54 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C845D60-DF50-4738-9D56-37EA359CC41D}\mpengine.dll
2013-03-03 19:33:02 -------- d-----w- C:\Windows\Temp86CAAF9D-B4E9-ED21-1505-ED9D1037E00F-Signatures
2013-03-03 19:28:33 -------- d-----w- C:\Windows\TempA32CCA88-2B7F-8C49-0EEE-4915E48EF262-Signatures
2013-03-03 19:20:30 -------- d-----w- C:\Windows\Temp19A0B573-516E-49DF-A6B8-5925E3DDFA5C-Signatures
2013-03-03 19:07:11 -------- d-----w- C:\Windows\TempC2C5B6A1-2A7F-8E93-162E-368783613BB2-Signatures
2013-03-01 08:00:33 -------- d-----w- C:\Windows\TempF333846A-917B-4932-C180-2FE9579C0DEE-Signatures
2013-02-28 17:43:48 9162192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-28 15:17:30 -------- d-----w- C:\Windows\TempEAF5E822-E137-967B-8A1C-4C311DD4FA5B-Signatures
2013-02-28 08:01:04 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-02-28 08:01:04 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-02-28 08:01:04 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-02-28 08:01:04 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-02-27 06:29:47 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-02-24 00:46:08 -------- d-----w- C:\Program Files\iPod
2013-02-24 00:46:07 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 00:46:07 -------- d-----w- C:\Program Files\iTunes
2013-02-23 16:54:56 -------- d-----w- C:\Windows\TempA0B2A5A6-9BFF-FEFB-D41E-0CEA860F17FD-Signatures
2013-02-21 08:00:34 -------- d-----w- C:\Windows\TempEBD87E32-814D-8E72-6D45-A5257859D3FF-Signatures
2013-02-19 08:02:55 -------- d-----w- C:\Windows\Temp3F71CA7B-CF21-D267-F67F-0EACBDCA76E6-Signatures
2013-02-18 08:04:27 -------- d-----w- C:\Windows\Temp231ED61D-AA19-6111-12BB-711352A663FD-Signatures
2013-02-17 08:04:14 -------- d-----w- C:\Windows\Temp27F9C661-3362-8A4E-9405-C16E19803719-Signatures
2013-02-16 18:43:50 -------- d-----w- C:\Windows\Temp7B3B4EFD-571D-A13B-17CA-6D417D769C66-Signatures
2013-02-15 22:04:52 208448 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 12:14:24 -------- d-----w- C:\Windows\Temp15AB3785-95CF-73C0-ACDD-5CBA2C918337-Signatures
2013-02-14 12:09:05 -------- d-----w- C:\Windows\TempA61EFF70-1F39-AD6F-C4DC-7EEFD66D6D7E-Signatures
2013-02-14 09:17:34 -------- d-----w- C:\Windows\Temp78E8370C-CB6C-A097-CB0F-C2203938FBDA-Signatures
2013-02-14 08:17:04 -------- d-----w- C:\Windows\Temp5CEDDFEE-50F2-E594-F6D9-A68B264AC4C2-Signatures
2013-02-14 06:58:18 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 06:58:18 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 06:50:26 -------- d-----w- C:\Windows\Temp4143E78D-F4A4-126D-BA44-97D503E2A272-Signatures
2013-02-13 14:18:53 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 14:18:52 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 14:18:52 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 14:18:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 14:18:46 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 14:18:45 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 14:18:45 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 14:18:45 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 14:18:45 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 14:18:44 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 14:18:43 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 14:18:43 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-03-04 04:37:38 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-03-04 04:37:38 1085344 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-02-27 01:35:58 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-27 01:35:57 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-13 18:50:38 6112864 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-12-13 18:50:36 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
.
============= FINISH: 18:47:23.21 ===============
 
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Advanced Audio FX Engine
AIM for Windows
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Cozi
Cypress TrackPad
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
DivX Setup
Download Updater (AOL LLC)
Dropbox
Facebook Messenger 2.1.4590.0
FileHippo.com Update Checker
Free Alarm Clock 2.5.0
Google Talk Plugin
GoToMeeting 5.3.0.1009
Hulu Desktop
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Turbo Boost Technology Monitor 2.0
Intel(R) WiDi
Intel(R) Wireless Display
Internet Explorer
iTunes
Java 7 Update 15 (64-bit)
Java 7 Update 9
Java(TM) 6 Update 32
Java(TM) 6 Update 37 (64-bit)
Juniper Networks Network Connect 7.1.0
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client Activex Control
Junk Mail filter update
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Movie Maker
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.2.22.1
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenOffice.org 3.4.1
Photo Common
Photo Gallery
PhotoShowExpress
Quickset64
QuickTime
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Secunia PSI (3.0.0.4001)
SecureW2 Enterprise Client 3.5.9
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shared C Run-time for x64
Skype Toolbars
Skype™ 6.2
Sonic CinePlayer Decoder Pack
Spotify
Spybot - Search & Destroy
Symantec Endpoint Protection
TrustedID
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VoiceOver Kit
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================

redtarget.gif
Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Heather [Admin rights]
Mode : Remove -- Date : 03/04/2013 20:33:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AIM for Windows ("C:\Users\Heather\AppData\Local\AOL\AIM\aim.exe") [7] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500BPKT-75PK4T0 +++++
--- User ---
[MBR] c4d441a27258bc95be2bbf548713c1b2
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03042013_02d2033.txt >>
RKreport[1]_S_03042013_02d2032.txt ; RKreport[2]_D_03042013_02d2033.txt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.7 (03.03.2013:1)
OS: Windows 7 Home Premium x64
Ran by Heather on Mon 03/04/2013 at 20:37:37.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dnu.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdate
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller.1



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Heather\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"



~~~ FireFox

Successfully deleted: [File] C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\ad9n3oru.default\user.js
Successfully deleted the following from C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\ad9n3oru.default\prefs.js

user_pref("CT2260173.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\"}");
user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1354075573507,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("extensions.crossrider.bic", "13a8f308bb1083191b4cf4b605704350");
user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1351021883);
user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false);
user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);
user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);
user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);
user_pref("extensions.crossriderapp4493.4493.active", true);
user_pref("extensions.crossriderapp4493.4493.addressbar", "");
user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit()
user_pref("extensions.crossriderapp4493.4493.backgroundver", 7);
user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1351021883");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1351021883");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Wed Oct 24 2012 01:38:04 GMT-0400 (Eastern Daylight Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Tue Oct 30 2012 15:54:15 GMT-0400 (Eastern Daylight Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1351056778");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1351022060889");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%2297087%22");
user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1351022055600");
user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
user_pref("extensions.crossriderapp4493.4493.domain", "");
user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
user_pref("extensions.crossriderapp4493.4493.group", 0);
user_pref("extensions.crossriderapp4493.4493.homepage", "");
user_pref("extensions.crossriderapp4493.4493.iframe", false);
user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22197311839F734204A378AB49CC65D4E8IE%22%2C%22installer_verifier
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "40");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Wed Oct 24 2012 04:26:02 GMT-0400 (Eastern Daylight Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWare
user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\"
user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
user_pref("extensions.crossriderapp4493.4493.newtab", "");
user_pref("extensions.crossriderapp4493.4493.opensearch", "");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id}else{return appAP
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw n
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 7);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 4);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectio
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*9999999999999
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 3);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.deb
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b)}};appAPI.ready=functi
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(fu
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "17,14,16,47,1000015");
user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,1000014,28");
user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4493/plugins/085/ff/plugins.json");
user_pref("extensions.crossriderapp4493.4493.pluginsversion", 16);
user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
user_pref("extensions.crossriderapp4493.4493.thankyou", "");
user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
user_pref("extensions.crossriderapp4493.4493.ver", 40);
user_pref("extensions.crossriderapp4493.apps", "4493");
user_pref("extensions.crossriderapp4493.bic", "13a8f308bb1083191b4cf4b605704350");
user_pref("extensions.crossriderapp4493.cid", 4493);
user_pref("extensions.crossriderapp4493.firstrun", false);
user_pref("extensions.crossriderapp4493.hadappinstalled", true);
user_pref("extensions.crossriderapp4493.installationdate", 1351022054);
user_pref("extensions.crossriderapp4493.lastcheck", 22517426);
user_pref("extensions.crossriderapp4493.lastcheckitem", 22517613);
user_pref("extensions.crossriderapp4493.modetype", "production");
user_pref("extensions.crossriderapp4493.reportInstall", true);
user_pref("extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.aHR0cDovL2.data", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<domainEntitites>\n <domainEntity>\n <activationC
Emptied folder: C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\ad9n3oru.default\minidumps [80 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/04/2013 at 20:44:36.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.05.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Heather :: HEATHER-PC [administrator]

3/4/2013 9:22:45 PM
mbar-log-2013-03-04 (21-22-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30145
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.693000 GHz
Memory total: 8478961664, free: 5465739264

------------ Kernel report ------------
03/04/2013 21:05:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\SRTSP64.SYS
\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130303.009\EX64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130303.009\ENG64.SYS
\SystemRoot\System32\Drivers\SRTSPX64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\cykbfltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cymfltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\cyhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\WDKMD.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\btmaud.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009670060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007b18050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.05.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009670060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009670b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009670060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007808190, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007b18050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a008f2fe00, 0xfffffa8009670060, 0xfffffa8007881790
Lower DeviceData: 0xfffff8a01a2bb590, 0xfffffa8007b18050, 0xfffffa800e2a9840
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7F2837E

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 208782

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 212992 Numsec = 40960000
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 41172992 Numsec = 1423974128

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.693000 GHz
Memory total: 8478961664, free: 5469798400

------------ Kernel report ------------
03/04/2013 21:14:09
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\SRTSP64.SYS
\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130303.009\EX64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130303.009\ENG64.SYS
\SystemRoot\System32\Drivers\SRTSPX64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\cykbfltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cymfltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\cyhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\WDKMD.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\btmaud.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009670060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007b18050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa800e2a9840
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009670060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009670b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009670060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007808190, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007b18050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a007cb4fe0, 0xfffffa8009670060, 0xfffffa8007881790
Lower DeviceData: 0xfffff8a01d1f5e90, 0xfffffa8007b18050, 0xfffffa800e2a9840
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7F2837E

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 208782

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 212992 Numsec = 40960000
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 41172992 Numsec = 1423974128

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 13-03-04.01 - Heather 03/04/2013 22:11:32.2.4 - x64
Running from: c:\users\Heather\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\sw2_rsaproxy.exe
c:\program files (x86)\SecureW2\sw2_tray.exe
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5b35a8f1-54bf-4743-8fd7-358ffc15372a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9192d3e9-aa66-4560-a2e3-209867aafd30.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e238f8f5-5f0a-478f-b96a-d15f6f6cac94.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dll
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
.
.
((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 )))))))))))))))))))))))))))))))
.
.
2013-03-05 03:16 . 2013-03-05 03:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-05 03:16 . 2013-03-05 03:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-05 03:16 . 2013-03-05 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-05 01:37 . 2013-03-05 01:37 -------- d-----w- c:\windows\ERUNT
2013-03-05 01:36 . 2013-03-05 01:36 -------- d-----w- C:\JRT
2013-03-04 08:02 . 2013-03-04 08:02 -------- d-----w- c:\windows\TempE04CF95F-3D09-7D18-ED9B-42568C2F4661-Signatures
2013-03-04 08:01 . 2013-03-04 08:10 -------- d-----w- C:\4060226328c1a2dc99
2013-03-04 04:59 . 2013-03-04 04:59 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C845D60-DF50-4738-9D56-37EA359CC41D}\offreg.dll
2013-03-04 04:47 . 2013-03-04 04:47 -------- d-----w- c:\windows\en
2013-03-04 04:46 . 2012-09-12 20:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-03-04 04:46 . 2013-03-04 04:46 -------- d-----w- c:\program files\Windows Live
2013-03-04 04:43 . 2013-03-04 04:43 -------- d-----r- c:\users\Heather\SkyDrive
2013-03-04 04:43 . 2013-03-04 04:43 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-03-04 04:43 . 2013-03-04 04:43 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c6ac95c11ce189216\skydrivesetup.exe
2013-03-04 04:43 . 2013-03-04 04:43 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-03-04 04:43 . 2013-03-04 04:43 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c170dc861ce189215\DSETUP.dll
2013-03-04 04:43 . 2013-03-04 04:43 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c170dc861ce189215\DXSETUP.exe
2013-03-04 04:43 . 2013-03-04 04:43 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c170dc861ce189215\dsetup32.dll
2013-03-04 04:41 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-03-04 04:41 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-03-04 04:41 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-03-04 04:41 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-03-04 04:41 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-03-04 04:41 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-03-04 04:41 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-03-04 04:41 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-03-04 04:39 . 2013-03-04 04:39 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\300d90251ce189202\DSETUP.dll
2013-03-04 04:39 . 2013-03-04 04:39 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\300d90251ce189202\DXSETUP.exe
2013-03-04 04:39 . 2013-03-04 04:39 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\300d90251ce189202\dsetup32.dll
2013-03-04 04:38 . 2013-03-04 04:38 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2dc54d5a1ce189201\DSETUP.dll
2013-03-04 04:38 . 2013-03-04 04:38 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2dc54d5a1ce189201\DXSETUP.exe
2013-03-04 04:38 . 2013-03-04 04:38 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2dc54d5a1ce189201\dsetup32.dll
2013-03-04 04:37 . 2013-03-04 04:37 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-04 04:37 . 2013-03-04 04:37 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-04 04:35 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C845D60-DF50-4738-9D56-37EA359CC41D}\mpengine.dll
2013-03-03 19:33 . 2013-03-03 19:33 -------- d-----w- c:\windows\Temp86CAAF9D-B4E9-ED21-1505-ED9D1037E00F-Signatures
2013-03-03 19:28 . 2013-03-03 19:28 -------- d-----w- c:\windows\TempA32CCA88-2B7F-8C49-0EEE-4915E48EF262-Signatures
2013-03-03 19:20 . 2013-03-03 19:20 -------- d-----w- c:\windows\Temp19A0B573-516E-49DF-A6B8-5925E3DDFA5C-Signatures
2013-03-03 19:07 . 2013-03-03 19:07 -------- d-----w- c:\windows\TempC2C5B6A1-2A7F-8E93-162E-368783613BB2-Signatures
2013-03-01 08:00 . 2013-03-01 08:00 -------- d-----w- c:\windows\TempF333846A-917B-4932-C180-2FE9579C0DEE-Signatures
2013-02-28 17:43 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-28 15:17 . 2013-02-28 15:17 -------- d-----w- c:\windows\TempEAF5E822-E137-967B-8A1C-4C311DD4FA5B-Signatures
2013-02-28 08:01 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-02-28 08:01 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-28 08:01 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-02-28 08:01 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-02-24 00:46 . 2013-02-24 00:46 -------- d-----w- c:\program files\iPod
2013-02-24 00:46 . 2013-02-24 00:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 00:46 . 2013-02-24 00:46 -------- d-----w- c:\program files\iTunes
2013-02-23 16:54 . 2013-02-23 16:54 -------- d-----w- c:\windows\TempA0B2A5A6-9BFF-FEFB-D41E-0CEA860F17FD-Signatures
2013-02-21 08:00 . 2013-02-21 08:00 -------- d-----w- c:\windows\TempEBD87E32-814D-8E72-6D45-A5257859D3FF-Signatures
2013-02-19 08:02 . 2013-02-19 08:02 -------- d-----w- c:\windows\Temp3F71CA7B-CF21-D267-F67F-0EACBDCA76E6-Signatures
2013-02-18 08:04 . 2013-02-18 08:04 -------- d-----w- c:\windows\Temp231ED61D-AA19-6111-12BB-711352A663FD-Signatures
2013-02-17 08:04 . 2013-02-17 08:04 -------- d-----w- c:\windows\Temp27F9C661-3362-8A4E-9405-C16E19803719-Signatures
2013-02-16 18:43 . 2013-02-16 18:43 -------- d-----w- c:\windows\Temp7B3B4EFD-571D-A13B-17CA-6D417D769C66-Signatures
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 12:14 . 2013-02-14 12:14 -------- d-----w- c:\windows\Temp15AB3785-95CF-73C0-ACDD-5CBA2C918337-Signatures
2013-02-14 12:09 . 2013-02-14 12:09 -------- d-----w- c:\windows\TempA61EFF70-1F39-AD6F-C4DC-7EEFD66D6D7E-Signatures
2013-02-14 09:17 . 2013-02-14 09:17 -------- d-----w- c:\windows\Temp78E8370C-CB6C-A097-CB0F-C2203938FBDA-Signatures
2013-02-14 08:17 . 2013-02-14 08:17 -------- d-----w- c:\windows\Temp5CEDDFEE-50F2-E594-F6D9-A68B264AC4C2-Signatures
2013-02-14 06:58 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 06:58 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 06:50 . 2013-02-14 06:50 -------- d-----w- c:\windows\Temp4143E78D-F4A4-126D-BA44-97D503E2A272-Signatures
2013-02-13 14:18 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 14:18 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 14:18 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 14:18 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 14:18 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 14:18 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 14:18 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 14:18 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 14:18 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 14:18 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 14:18 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 14:18 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-04 04:37 . 2012-12-12 17:23 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-04 04:37 . 2012-12-12 17:23 188320 ----a-w- c:\windows\system32\java.exe
2013-03-04 04:37 . 2012-10-23 16:29 1085344 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-04 04:37 . 2011-10-11 15:31 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-27 01:35 . 2012-04-07 03:34 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 01:35 . 2011-10-11 15:22 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 07:00 . 2011-10-19 14:26 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 14:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 15:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 15:52 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:52 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:52 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2011-11-17 02:28 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 18:50 . 2012-12-13 18:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-12-13 18:50 . 2012-12-13 18:50 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-12-07 13:20 . 2013-01-09 14:30 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 14:30 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 14:30 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 14:30 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 14:30 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 14:30 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 14:30 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 14:30 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 14:30 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 14:30 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 14:30 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 14:30 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 14:30 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 14:30 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 14:30 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 14:30 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 14:30 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 14:30 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 14:30 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 14:30 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 14:30 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 14:30 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 14:30 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 14:30 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 14:30 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 14:30 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 14:30 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 14:30 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 14:30 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 14:30 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 14:30 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 14:30 51712 ----a-w- c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-04 04:43 220632 ----a-w- c:\users\Heather\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-04 04:43 220632 ----a-w- c:\users\Heather\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-04 04:43 220632 ----a-w- c:\users\Heather\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-24 1199576]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-08-20 115560]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-11 172632]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-19 1255736]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-06-26 567024]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-15 1052328]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-08-26 116736]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-08-29 13312]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-08-29 69632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-17 138912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 01:35]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2545821085-1060163002-239474142-1002Core.job
- c:\users\Heather\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-28 00:58]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2545821085-1060163002-239474142-1002UA.job
- c:\users\Heather\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-28 00:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-04 04:43 244696 ----a-w- c:\users\Heather\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-04 04:43 244696 ----a-w- c:\users\Heather\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-04 04:43 244696 ----a-w- c:\users\Heather\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-08-29 2357760]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-08-29 2353664]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-26 7214696]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.gwu.edu/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\354796E6B697144684F636: DhcpNameServer = 192.168.137.1
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\354796E6B69794E684562756: DhcpNameServer = 192.168.137.1
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\463693: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\74751385: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\7677962756C6563737: DhcpNameServer = 10.10.1.7 10.10.1.8
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\8656C6C6F623: DhcpNameServer = 192.168.137.1
TCP: Interfaces\{4016C68E-10D9-4BA1-A9A0-7C6AD45E012B}\C696E6B6379737: DhcpNameServer = 208.59.247.45 208.59.247.46
DPF: {F845B6DB-060C-4445-B970-4BFD8AACAFC7} - hxxp://my.gwu.edu/tools/xc_loader_activex.ocx
FF - ProfilePath - c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\ad9n3oru.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.gwu.edu/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-SecureW2 Tray - c:\program files (x86)\SecureW2\sw2_tray.exe
Wow6432Node-HKLM-RunOnce-Z1 - c:\users\Heather\Desktop\mbar-1.01.0.1021\mbar\mbar.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-Symantec Antvirus
AddRemove-SecureW2 Enterprise Client - c:\program files (x86)\SecureW2\Uninstall.exe
AddRemove-SoftwareUpdUtility - c:\program files (x86)\Common Files\Software Update Utility\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d4,8f,94,ed,49,aa,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-04 22:18:00
ComboFix-quarantined-files.txt 2013-03-05 03:18
.
Pre-Run: 622,665,912,320 bytes free
Post-Run: 622,170,116,096 bytes free
.
- - End Of File - - DD1BA106575B6787083841337693FFB7
 
Looks good.

Is your Symantec Endpoint Protection active or I see just some leftovers?

============================

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Run Norton Removal Tool: http://www.majorgeeks.com/Norton_Removal_Tool_d4749.html

Then....
Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Update, run full scan, report on any findings.
Next...follow my previous reply.
 
I cannot run norton removal tool. It says symantec antivirus must be removed throough add/remove programs before norton removal tool can proceed. I do not see symantec listed in my uninstall programs list.
 
We'll remove leftovers manually latter.
For now install one of three AV programs I mentioned above and then proceed with other steps.
 
Symantec endpoint protection stalls partway through the uninstall and won't complete. Microsoft Security Essentials stalls partway through the full scan and won't complete. Adwcleaner stalled during shut down and had to be forced shut down.
 
# AdwCleaner v2.114 - Logfile created 03/05/2013 at 14:45:43
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Heather - HEATHER-PC
# Boot Mode : Normal
# Running from : C:\Users\Heather\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\ad9n3oru.default\prefs.js

C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\ad9n3oru.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2970 octets] - [04/03/2013 22:25:28]
AdwCleaner[R2].txt - [3030 octets] - [04/03/2013 22:28:17]
AdwCleaner[S1].txt - [3132 octets] - [04/03/2013 22:29:23]
AdwCleaner[S2].txt - [955 octets] - [05/03/2013 14:45:43]

########## EOF - C:\AdwCleaner[S2].txt - [1014 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Windows 7 Home Premium x64
Ran by Heather on Tue 03/05/2013 at 15:21:48.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\ad9n3oru.default\prefs.js

user_pref("extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.aHR0cDovL2.data", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<domainEntitites>\n <domainEntity>\n <activationC
Emptied folder: C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\ad9n3oru.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/05/2013 at 15:28:49.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Try Revo to remove Symantec...

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the program you want to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish.
 
Symantec is not listed in Revo. I still see it listed in the add/remove programs list in windows though.
 
Back