Solved Virus removal

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-03-2013 01
Ran by SYSTEM at 06-03-2013 10:19:41
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2357760 2011-08-29] (Cypress Semiconductor Corporation)
HKLM\...\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2353664 2011-08-29] (Cypress Semiconductor, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10365952 2011-05-19] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-08-20] (Symantec Corporation)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Heather\...\Run: [Spotify Web Helper] "C:\Users\Heather\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-12-23] (Spotify Ltd)
HKU\Heather\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Heather\...\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background [307712 2012-11-23] (FileHippo.com)
HKU\Heather\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
AppInit_DLLs: C:\Windows\System32\nvinitx.dll C:\Windows\System32\nvinitx.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2009-08-20] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2009-08-20] (Symantec Corporation)
2 dlbk_device; C:\Windows\system32\dlbkcoms.exe -service [567024 2007-06-25] ( )
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2009-03-20] (Symantec Corporation)
2 lxea_device; C:\Windows\system32\lxeacoms.exe -service [1052328 2010-04-14] ( )
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22056 2013-01-27] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [1328736 2012-09-24] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [656480 2012-09-24] (Secunia)
2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3098440 2009-08-20] (Symantec Corporation)
3 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [387400 2009-08-20] (Symantec Corporation)
2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [2440632 2009-08-20] (Symantec Corporation)

==================== Drivers (Whitelisted) =====================

3 cyhid; C:\Windows\System32\Drivers\cyhid.sys [116736 2011-08-26] ()
3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13312 2011-08-29] (Cypress Semiconductor, Inc.)
3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [69632 2011-08-29] (Cypress Semiconductor, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130304.017\ENG64.SYS [126192 2013-01-18] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130304.017\EX64.SYS [2087664 2013-01-18] (Symantec Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [441904 2009-08-20] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [480304 2009-08-20] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-20] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-05 23:00 - 2013-03-06 09:55 - 00000850 ____A C:\Windows\setupact.log
2013-03-05 22:23 - 2013-03-05 22:23 - 00001266 ____A C:\Users\Heather\Desktop\Revo Uninstaller.lnk
2013-03-05 22:23 - 2013-03-05 22:23 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-03-05 22:22 - 2013-03-05 22:22 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Heather\Desktop\revosetup.exe
2013-03-05 14:38 - 2013-03-05 14:38 - 00602112 ____A (OldTimer Tools) C:\Users\Heather\Desktop\OTL.exe
2013-03-05 14:28 - 2013-03-05 14:28 - 00001072 ____A C:\Users\Heather\Desktop\JRT.txt
2013-03-05 13:45 - 2013-03-05 13:45 - 00001083 ____A C:\AdwCleaner[S2].txt
2013-03-05 11:50 - 2013-03-05 11:50 - 13475464 ____A (Microsoft Corporation) C:\Users\Heather\Downloads\mseinstall.exe
2013-03-04 23:15 - 2013-03-04 23:15 - 00000000 ____D C:\Users\Heather\Local Settings\Symantec
2013-03-04 23:15 - 2013-03-04 23:15 - 00000000 ____D C:\Users\Heather\Local Settings\Application Data\Symantec
2013-03-04 23:15 - 2013-03-04 23:15 - 00000000 ____D C:\Users\Heather\AppData\Local\Symantec
2013-03-04 21:39 - 2013-03-04 21:39 - 00866592 ____A C:\Users\Heather\Desktop\Norton_Removal_Tool.exe
2013-03-04 21:35 - 2013-03-04 21:35 - 00547723 ____A (Oleg N. Scherbakov) C:\Users\Heather\Desktop\JRT.exe
2013-03-04 21:31 - 2013-03-05 22:59 - 00022412 ____A C:\Windows\PFRO.log
2013-03-04 21:29 - 2013-03-04 21:29 - 00003132 ____A C:\AdwCleaner[S1].txt
2013-03-04 21:28 - 2013-03-04 21:28 - 00003030 ____A C:\AdwCleaner[R2].txt
2013-03-04 21:25 - 2013-03-04 21:25 - 00597667 ____A C:\Users\Heather\Desktop\adwcleaner.exe
2013-03-04 21:25 - 2013-03-04 21:25 - 00002970 ____A C:\AdwCleaner[R1].txt
2013-03-04 21:18 - 2013-03-04 21:18 - 00040259 ____A C:\ComboFix.txt
2013-03-04 21:09 - 2013-03-04 21:18 - 00000000 ____D C:\Qoobox
2013-03-04 21:09 - 2011-06-26 00:45 - 00256000 ____A C:\Windows\PEV.exe
2013-03-04 21:09 - 2010-11-07 11:20 - 00208896 ____A C:\Windows\MBR.exe
2013-03-04 21:09 - 2009-04-19 22:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-03-04 21:09 - 2000-08-30 18:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-03-04 21:09 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-03-04 21:09 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe
2013-03-04 21:09 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe
2013-03-04 21:09 - 2000-08-30 18:00 - 00068096 ____A C:\Windows\zip.exe
2013-03-04 19:37 - 2013-03-04 19:37 - 00000000 ____D C:\Windows\ERUNT
2013-03-04 19:36 - 2013-03-05 14:21 - 00000000 ____D C:\JRT
2013-03-04 02:02 - 2013-03-04 02:02 - 00000000 ____D C:\Windows\TempE04CF95F-3D09-7D18-ED9B-42568C2F4661-Signatures
2013-03-03 22:56 - 2013-03-03 22:56 - 00000000 ____A C:\Windows\setuperr.log
2013-03-03 22:47 - 2013-03-03 22:47 - 00000000 ____D C:\Windows\en
2013-03-03 22:46 - 2013-03-03 22:46 - 00000000 ____D C:\Program Files\Windows Live
2013-03-03 22:46 - 2012-09-12 14:20 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2013-03-03 22:43 - 2013-03-03 22:43 - 00000000 ___RD C:\Users\Heather\SkyDrive
2013-03-03 22:43 - 2013-03-03 22:43 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-03-03 22:43 - 2013-03-03 22:43 - 00000000 ____D C:\ProgramData\Application Data\Microsoft SkyDrive
2013-03-03 22:43 - 2013-03-03 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-03-03 22:41 - 2010-06-02 03:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-03-03 22:41 - 2010-06-02 03:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-03-03 22:41 - 2010-06-02 03:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-03-03 22:41 - 2010-06-02 03:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-03-03 22:41 - 2010-05-26 10:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-03-03 22:41 - 2010-05-26 10:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-03-03 22:41 - 2010-05-26 10:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-03-03 22:41 - 2010-05-26 10:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-03-03 22:37 - 2013-03-03 22:37 - 00310688 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-03-03 22:37 - 2013-03-03 22:37 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-03 13:33 - 2013-03-03 13:33 - 00000000 ____D C:\Windows\Temp86CAAF9D-B4E9-ED21-1505-ED9D1037E00F-Signatures
2013-03-03 13:28 - 2013-03-03 13:28 - 00000000 ____D C:\Windows\TempA32CCA88-2B7F-8C49-0EEE-4915E48EF262-Signatures
2013-03-03 13:20 - 2013-03-03 13:20 - 00000000 ____D C:\Windows\Temp19A0B573-516E-49DF-A6B8-5925E3DDFA5C-Signatures
2013-03-03 13:07 - 2013-03-03 13:07 - 00000000 ____D C:\Windows\TempC2C5B6A1-2A7F-8E93-162E-368783613BB2-Signatures
2013-03-01 02:00 - 2013-03-01 02:00 - 00000000 ____D C:\Windows\TempF333846A-917B-4932-C180-2FE9579C0DEE-Signatures
2013-02-28 09:17 - 2013-02-28 09:17 - 00000000 ____D C:\Windows\TempEAF5E822-E137-967B-8A1C-4C311DD4FA5B-Signatures
2013-02-28 02:01 - 2013-01-13 13:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-02-28 02:01 - 2013-01-13 13:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-02-28 02:01 - 2013-01-04 00:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-02-28 02:01 - 2013-01-04 00:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-02-28 02:00 - 2013-01-13 15:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 15:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 15:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 15:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-28 02:00 - 2013-01-13 15:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-28 02:00 - 2013-01-13 15:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 15:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 15:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 15:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 14:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 14:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 14:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 14:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-28 02:00 - 2013-01-13 14:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-02-28 02:00 - 2013-01-13 14:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-28 02:00 - 2013-01-13 14:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 14:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 14:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 14:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-28 02:00 - 2013-01-13 14:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-02-28 02:00 - 2013-01-13 14:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-02-28 02:00 - 2013-01-13 14:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-02-28 02:00 - 2013-01-13 14:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-02-28 02:00 - 2013-01-13 14:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-02-28 02:00 - 2013-01-13 13:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-02-28 02:00 - 2013-01-13 13:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-02-28 02:00 - 2013-01-13 13:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-02-28 02:00 - 2013-01-13 13:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-02-28 02:00 - 2013-01-13 13:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-02-28 02:00 - 2013-01-13 13:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-28 02:00 - 2013-01-13 13:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-02-28 02:00 - 2013-01-13 13:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-02-28 02:00 - 2013-01-13 13:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-02-28 02:00 - 2013-01-13 13:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-28 02:00 - 2013-01-13 13:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-02-28 02:00 - 2013-01-13 13:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-28 02:00 - 2013-01-13 13:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-02-28 02:00 - 2013-01-13 13:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-28 02:00 - 2013-01-13 13:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-28 02:00 - 2013-01-13 13:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-28 02:00 - 2013-01-13 13:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-02-28 02:00 - 2013-01-13 13:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-28 02:00 - 2013-01-13 13:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-02-28 02:00 - 2013-01-13 13:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-02-28 02:00 - 2013-01-13 12:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-02-28 02:00 - 2013-01-13 12:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-28 02:00 - 2013-01-13 12:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-02-28 02:00 - 2013-01-13 11:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-02-28 02:00 - 2013-01-13 11:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-02-27 00:29 - 2013-02-27 00:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-23 18:47 - 2013-02-23 18:47 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-02-23 18:47 - 2013-02-23 18:47 - 00001785 ____A C:\ProgramData\Desktop\iTunes.lnk
2013-02-23 18:46 - 2013-02-23 18:46 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-23 18:46 - 2013-02-23 18:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-23 18:46 - 2013-02-23 18:46 - 00000000 ____D C:\Program Files\iTunes
2013-02-23 18:46 - 2013-02-23 18:46 - 00000000 ____D C:\Program Files\iPod
2013-02-23 10:54 - 2013-02-23 10:54 - 00000000 ____D C:\Windows\TempA0B2A5A6-9BFF-FEFB-D41E-0CEA860F17FD-Signatures
2013-02-21 02:00 - 2013-02-21 02:00 - 00000000 ____D C:\Windows\TempEBD87E32-814D-8E72-6D45-A5257859D3FF-Signatures
2013-02-19 02:02 - 2013-02-19 02:02 - 00000000 ____D C:\Windows\Temp3F71CA7B-CF21-D267-F67F-0EACBDCA76E6-Signatures
2013-02-18 02:04 - 2013-02-18 02:04 - 00000000 ____D C:\Windows\Temp231ED61D-AA19-6111-12BB-711352A663FD-Signatures
2013-02-17 02:04 - 2013-02-17 02:04 - 00000000 ____D C:\Windows\Temp27F9C661-3362-8A4E-9405-C16E19803719-Signatures
2013-02-16 12:43 - 2013-02-16 12:43 - 00000000 ____D C:\Windows\Temp7B3B4EFD-571D-A13B-17CA-6D417D769C66-Signatures
2013-02-14 06:14 - 2013-02-14 06:14 - 00000000 ____D C:\Windows\Temp15AB3785-95CF-73C0-ACDD-5CBA2C918337-Signatures
2013-02-14 06:09 - 2013-02-14 06:09 - 00000000 ____D C:\Windows\TempA61EFF70-1F39-AD6F-C4DC-7EEFD66D6D7E-Signatures
2013-02-14 03:17 - 2013-02-14 03:17 - 00000000 ____D C:\Windows\Temp78E8370C-CB6C-A097-CB0F-C2203938FBDA-Signatures
2013-02-14 02:17 - 2013-02-14 02:17 - 00000000 ____D C:\Windows\Temp5CEDDFEE-50F2-E594-F6D9-A68B264AC4C2-Signatures
2013-02-14 00:50 - 2013-02-14 00:50 - 00000000 ____D C:\Windows\Temp4143E78D-F4A4-126D-BA44-97D503E2A272-Signatures
2013-02-14 00:48 - 2013-01-08 19:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-14 00:48 - 2013-01-08 19:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-14 00:48 - 2013-01-08 19:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-14 00:48 - 2013-01-08 19:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-14 00:48 - 2013-01-08 19:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-14 00:48 - 2013-01-08 19:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-14 00:48 - 2013-01-08 19:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-14 00:48 - 2013-01-08 19:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-14 00:48 - 2013-01-08 19:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-14 00:48 - 2013-01-08 19:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-14 00:48 - 2013-01-08 19:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-14 00:48 - 2013-01-08 19:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-14 00:48 - 2013-01-08 19:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-14 00:48 - 2013-01-08 19:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-14 00:48 - 2013-01-08 19:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-14 00:48 - 2013-01-08 19:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-14 00:48 - 2013-01-08 16:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-14 00:48 - 2013-01-08 16:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-14 00:48 - 2013-01-08 16:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-14 00:48 - 2013-01-08 16:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-14 00:48 - 2013-01-08 16:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-14 00:48 - 2013-01-08 16:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-14 00:48 - 2013-01-08 16:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-14 00:48 - 2013-01-08 16:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-14 00:48 - 2013-01-08 15:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-14 00:48 - 2013-01-08 15:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-14 00:48 - 2013-01-08 15:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-14 00:48 - 2013-01-08 15:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-14 00:48 - 2013-01-08 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-14 00:48 - 2013-01-08 15:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-14 00:48 - 2013-01-08 15:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-14 00:48 - 2013-01-08 15:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-13 08:18 - 2013-01-04 23:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-13 08:18 - 2013-01-04 23:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-13 08:18 - 2013-01-04 23:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-13 08:18 - 2013-01-03 23:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 08:18 - 2013-01-03 22:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-13 08:18 - 2013-01-03 21:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 08:18 - 2013-01-03 20:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-13 08:18 - 2013-01-03 20:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-13 08:18 - 2013-01-03 20:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-13 08:18 - 2013-01-03 20:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-13 08:18 - 2013-01-03 00:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 08:18 - 2013-01-03 00:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS


==================== One Month Modified Files and Folders =======

2013-03-06 10:19 - 2013-03-06 10:19 - 00000000 ____D C:\FRST
2013-03-06 10:16 - 2011-10-11 09:21 - 01617220 ____A C:\Windows\WindowsUpdate.log
2013-03-06 10:10 - 2013-01-27 18:58 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2545821085-1060163002-239474142-1002UA.job
2013-03-06 09:58 - 2009-07-13 23:13 - 00779788 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-06 09:55 - 2013-03-05 23:00 - 00000850 ____A C:\Windows\setupact.log
2013-03-06 09:35 - 2012-04-06 21:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-06 08:39 - 2011-10-11 09:42 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-03-05 23:09 - 2009-07-13 22:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-05 23:09 - 2009-07-13 22:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-05 23:02 - 2011-10-11 09:49 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-03-05 23:02 - 2011-10-11 09:49 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-03-05 23:02 - 2011-10-11 09:49 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-03-05 23:02 - 2011-10-11 09:49 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-03-05 23:02 - 2011-10-11 09:49 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-03-05 23:02 - 2011-10-11 09:49 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-03-05 23:01 - 2011-11-28 20:18 - 00000000 ___RD C:\Users\Heather\Dropbox
2013-03-05 23:01 - 2011-11-28 20:14 - 00000000 ____D C:\Users\Heather\Application Data\Dropbox
2013-03-05 23:01 - 2011-11-28 20:14 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Dropbox
2013-03-05 23:00 - 2011-10-11 09:18 - 00000000 ____D C:\ProgramData\NVIDIA
2013-03-05 23:00 - 2011-10-11 09:18 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-03-05 23:00 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-05 22:59 - 2013-03-04 21:31 - 00022412 ____A C:\Windows\PFRO.log
2013-03-05 22:23 - 2013-03-05 22:23 - 00001266 ____A C:\Users\Heather\Desktop\Revo Uninstaller.lnk
2013-03-05 22:23 - 2013-03-05 22:23 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-03-05 22:22 - 2013-03-05 22:22 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Heather\Desktop\revosetup.exe
2013-03-05 18:43 - 2013-01-27 18:58 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2545821085-1060163002-239474142-1002Core.job
2013-03-05 14:38 - 2013-03-05 14:38 - 00602112 ____A (OldTimer Tools) C:\Users\Heather\Desktop\OTL.exe
2013-03-05 14:28 - 2013-03-05 14:28 - 00001072 ____A C:\Users\Heather\Desktop\JRT.txt
2013-03-05 14:21 - 2013-03-04 19:36 - 00000000 ____D C:\JRT
2013-03-05 13:45 - 2013-03-05 13:45 - 00001083 ____A C:\AdwCleaner[S2].txt
2013-03-05 11:55 - 2012-10-23 13:39 - 00002153 ____A C:\Windows\epplauncher.mif
2013-03-05 11:50 - 2013-03-05 11:50 - 13475464 ____A (Microsoft Corporation) C:\Users\Heather\Downloads\mseinstall.exe
2013-03-05 02:01 - 2012-10-21 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-05 02:01 - 2012-10-18 22:21 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-04 23:15 - 2013-03-04 23:15 - 00000000 ____D C:\Users\Heather\Local Settings\Symantec
2013-03-04 23:15 - 2013-03-04 23:15 - 00000000 ____D C:\Users\Heather\Local Settings\Application Data\Symantec
2013-03-04 23:15 - 2013-03-04 23:15 - 00000000 ____D C:\Users\Heather\AppData\Local\Symantec
2013-03-04 22:12 - 2011-11-27 22:58 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-03-04 21:39 - 2013-03-04 21:39 - 00866592 ____A C:\Users\Heather\Desktop\Norton_Removal_Tool.exe
2013-03-04 21:35 - 2013-03-04 21:35 - 00547723 ____A (Oleg N. Scherbakov) C:\Users\Heather\Desktop\JRT.exe
2013-03-04 21:32 - 2009-07-13 23:08 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-03-04 21:29 - 2013-03-04 21:29 - 00003132 ____A C:\AdwCleaner[S1].txt
2013-03-04 21:28 - 2013-03-04 21:28 - 00003030 ____A C:\AdwCleaner[R2].txt
2013-03-04 21:25 - 2013-03-04 21:25 - 00597667 ____A C:\Users\Heather\Desktop\adwcleaner.exe
2013-03-04 21:25 - 2013-03-04 21:25 - 00002970 ____A C:\AdwCleaner[R1].txt
2013-03-04 21:18 - 2013-03-04 21:18 - 00040259 ____A C:\ComboFix.txt
2013-03-04 21:18 - 2013-03-04 21:09 - 00000000 ____D C:\Qoobox
2013-03-04 21:16 - 2009-07-13 20:34 - 00000215 ____A C:\Windows\system.ini
2013-03-04 19:37 - 2013-03-04 19:37 - 00000000 ____D C:\Windows\ERUNT
2013-03-04 14:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-04 11:21 - 2012-10-23 10:46 - 00000000 ____D C:\Users\Heather\Desktop\Scans
2013-03-04 02:02 - 2013-03-04 02:02 - 00000000 ____D C:\Windows\TempE04CF95F-3D09-7D18-ED9B-42568C2F4661-Signatures
2013-03-03 23:10 - 2011-10-17 19:03 - 00000000 ____D C:\Users\Heather\Application Data\Skype
2013-03-03 23:10 - 2011-10-17 19:03 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Skype
2013-03-03 23:07 - 2011-10-11 09:44 - 00000000 ____D C:\ProgramData\Skype
2013-03-03 23:07 - 2011-10-11 09:44 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-03-03 23:04 - 2011-10-11 09:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-03-03 22:56 - 2013-03-03 22:56 - 00000000 ____A C:\Windows\setuperr.log
2013-03-03 22:47 - 2013-03-03 22:47 - 00000000 ____D C:\Windows\en
2013-03-03 22:46 - 2013-03-03 22:46 - 00000000 ____D C:\Program Files\Windows Live
2013-03-03 22:46 - 2011-10-11 09:54 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-03-03 22:43 - 2013-03-03 22:43 - 00000000 ___RD C:\Users\Heather\SkyDrive
2013-03-03 22:43 - 2013-03-03 22:43 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-03-03 22:43 - 2013-03-03 22:43 - 00000000 ____D C:\ProgramData\Application Data\Microsoft SkyDrive
2013-03-03 22:43 - 2013-03-03 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-03-03 22:43 - 2011-10-17 17:24 - 00000000 ____D C:\users\Heather
2013-03-03 22:41 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-03-03 22:37 - 2013-03-03 22:37 - 00310688 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-03-03 22:37 - 2013-03-03 22:37 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-03 22:37 - 2012-12-12 11:23 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-03-03 22:37 - 2012-12-12 11:23 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-03-03 22:37 - 2012-10-23 10:29 - 01085344 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-03-03 22:37 - 2011-10-11 09:31 - 00963488 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-03-03 22:37 - 2011-10-11 09:31 - 00000000 ____D C:\Program Files\Java
2013-03-03 22:35 - 2011-11-27 22:07 - 00000000 ____D C:\Program Files\CCleaner
2013-03-03 22:23 - 2011-10-11 10:00 - 00000000 ____D C:\ProgramData\Sonic
2013-03-03 22:23 - 2011-10-11 10:00 - 00000000 ____D C:\ProgramData\Application Data\Sonic
2013-03-03 13:33 - 2013-03-03 13:33 - 00000000 ____D C:\Windows\Temp86CAAF9D-B4E9-ED21-1505-ED9D1037E00F-Signatures
2013-03-03 13:28 - 2013-03-03 13:28 - 00000000 ____D C:\Windows\TempA32CCA88-2B7F-8C49-0EEE-4915E48EF262-Signatures
2013-03-03 13:20 - 2013-03-03 13:20 - 00000000 ____D C:\Windows\Temp19A0B573-516E-49DF-A6B8-5925E3DDFA5C-Signatures
2013-03-03 13:07 - 2013-03-03 13:07 - 00000000 ____D C:\Windows\TempC2C5B6A1-2A7F-8E93-162E-368783613BB2-Signatures
2013-03-01 02:00 - 2013-03-01 02:00 - 00000000 ____D C:\Windows\TempF333846A-917B-4932-C180-2FE9579C0DEE-Signatures
2013-02-28 12:47 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-02-28 09:52 - 2012-09-02 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-28 09:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-02-28 09:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-02-28 09:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-02-28 09:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-02-28 09:17 - 2013-02-28 09:17 - 00000000 ____D C:\Windows\TempEAF5E822-E137-967B-8A1C-4C311DD4FA5B-Signatures
2013-02-27 14:11 - 2011-10-18 13:38 - 00000000 ____D C:\Users\Heather\Application Data\Mozilla
2013-02-27 14:11 - 2011-10-18 13:38 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Mozilla
2013-02-27 00:30 - 2013-02-27 00:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-26 19:35 - 2012-04-06 21:34 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-26 19:35 - 2011-10-11 09:22 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-23 18:47 - 2013-02-23 18:47 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-02-23 18:47 - 2013-02-23 18:47 - 00001785 ____A C:\ProgramData\Desktop\iTunes.lnk
2013-02-23 18:46 - 2013-02-23 18:46 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-23 18:46 - 2013-02-23 18:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-23 18:46 - 2013-02-23 18:46 - 00000000 ____D C:\Program Files\iTunes
2013-02-23 18:46 - 2013-02-23 18:46 - 00000000 ____D C:\Program Files\iPod
2013-02-23 18:46 - 2012-06-13 08:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-02-23 10:54 - 2013-02-23 10:54 - 00000000 ____D C:\Windows\TempA0B2A5A6-9BFF-FEFB-D41E-0CEA860F17FD-Signatures
2013-02-21 02:00 - 2013-02-21 02:00 - 00000000 ____D C:\Windows\TempEBD87E32-814D-8E72-6D45-A5257859D3FF-Signatures
2013-02-19 02:02 - 2013-02-19 02:02 - 00000000 ____D C:\Windows\Temp3F71CA7B-CF21-D267-F67F-0EACBDCA76E6-Signatures
2013-02-18 02:04 - 2013-02-18 02:04 - 00000000 ____D C:\Windows\Temp231ED61D-AA19-6111-12BB-711352A663FD-Signatures
2013-02-17 02:04 - 2013-02-17 02:04 - 00000000 ____D C:\Windows\Temp27F9C661-3362-8A4E-9405-C16E19803719-Signatures
2013-02-16 12:43 - 2013-02-16 12:43 - 00000000 ____D C:\Windows\Temp7B3B4EFD-571D-A13B-17CA-6D417D769C66-Signatures
2013-02-14 06:14 - 2013-02-14 06:14 - 00000000 ____D C:\Windows\Temp15AB3785-95CF-73C0-ACDD-5CBA2C918337-Signatures
2013-02-14 06:09 - 2013-02-14 06:09 - 00000000 ____D C:\Windows\TempA61EFF70-1F39-AD6F-C4DC-7EEFD66D6D7E-Signatures
2013-02-14 03:17 - 2013-02-14 03:17 - 00000000 ____D C:\Windows\Temp78E8370C-CB6C-A097-CB0F-C2203938FBDA-Signatures
2013-02-14 03:15 - 2012-02-07 23:36 - 00000000 ____D C:\Program Files (x86)\DivX
2013-02-14 03:15 - 2012-02-07 23:35 - 00000000 ____D C:\ProgramData\DivX
2013-02-14 03:15 - 2012-02-07 23:35 - 00000000 ____D C:\ProgramData\Application Data\DivX
2013-02-14 03:13 - 2011-10-11 09:42 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-02-14 03:13 - 2011-10-11 09:42 - 00000000 ____D C:\ProgramData\Adobe
2013-02-14 02:17 - 2013-02-14 02:17 - 00000000 ____D C:\Windows\Temp5CEDDFEE-50F2-E594-F6D9-A68B264AC4C2-Signatures
2013-02-14 01:28 - 2009-07-13 22:45 - 00489664 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-14 01:03 - 2011-11-06 18:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-02-14 01:03 - 2011-11-06 18:39 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-02-14 01:00 - 2011-10-19 08:26 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-14 00:50 - 2013-02-14 00:50 - 00000000 ____D C:\Windows\Temp4143E78D-F4A4-126D-BA44-97D503E2A272-Signatures
2013-02-12 08:54 - 2012-04-06 14:48 - 00000000 ____D C:\Program Files\Dell Support Center
2013-02-12 08:54 - 2011-10-19 09:00 - 00000000 ____D C:\ProgramData\PCDr
2013-02-12 08:54 - 2011-10-19 09:00 - 00000000 ____D C:\ProgramData\Application Data\PCDr

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-03 13:06:47
Restore point made on: 2013-03-03 13:19:25
Restore point made on: 2013-03-03 13:28:23
Restore point made on: 2013-03-03 13:32:54
Restore point made on: 2013-03-03 22:36:35
Restore point made on: 2013-03-03 22:38:51
Restore point made on: 2013-03-03 22:40:06
Restore point made on: 2013-03-03 22:40:55
Restore point made on: 2013-03-03 22:41:37
Restore point made on: 2013-03-03 22:42:48
Restore point made on: 2013-03-03 22:44:08
Restore point made on: 2013-03-03 22:44:39
Restore point made on: 2013-03-03 22:45:22
Restore point made on: 2013-03-03 22:45:54
Restore point made on: 2013-03-04 02:01:05
Restore point made on: 2013-03-04 21:01:38
Restore point made on: 2013-03-04 21:41:22
Restore point made on: 2013-03-04 22:08:50
Restore point made on: 2013-03-04 22:11:32
Restore point made on: 2013-03-05 02:00:47
Restore point made on: 2013-03-05 22:26:16

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8086.17 MB
Available physical RAM: 7307.55 MB
Total Pagefile: 8084.37 MB
Available Pagefile: 7294.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:679 GB) (Free:577.49 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 2048 KB
Disk 1 Online 1911 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 07F2837E

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 19 GB 104 MB
Partition 3 Primary 679 GB 19 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 101 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 19 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 679 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 657E51E3

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT Removable 1907 MB Healthy

=========================================================

Last Boot: 2013-03-04 23:56

==================== End Of Log =============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    2.1 KB · Views: 1
How do I do this? do I go into command prompt again? and do I just run the frst64 without mention of the fixlist?
 
You do this the very same way as you created original log, through System Recovery Options
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2013 01
Ran by SYSTEM at 2013-03-06 15:48:28 Run:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ccApp Value deleted successfully.
C:\Program Files (x86)\Common Files\Symantec Shared moved successfully.
ccEvtMgr service deleted successfully.
ccSetMgr service deleted successfully.
LiveUpdate service deleted successfully.
C:\PROGRA~2\Symantec moved successfully.
SmcService service deleted successfully.
SNAC service deleted successfully.
Symantec AntiVirus service deleted successfully.
C:\Program Files (x86)\Symantec not found.
eeCtrl service deleted successfully.
NAVENG service deleted successfully.
NAVEX15 service deleted successfully.
C:\PROGRA~3\Symantec moved successfully.
SRTSP service deleted successfully.
SRTSPL service deleted successfully.
SRTSPX service deleted successfully.
C:\Windows\System32\Drivers\SRTSP64.SYS moved successfully.
C:\Windows\System32\Drivers\SRTSPL64.SYS moved successfully.
C:\Windows\System32\Drivers\SRTSPX64.SYS moved successfully.
C:\Users\Heather\Local Settings\Symantec moved successfully.
C:\Users\Heather\Local Settings\Application Data\Symantec not found.
C:\Users\Heather\AppData\Local\Symantec not found.

==== End of Fixlog ====
 
Delete your OTL file, download fresh one and see if you can run it from normal or safe mode.
 
How is computer doing at the moment?

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Secunia PSI (3.0.0.4001)
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 32
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.6.602.171
Adobe Reader XI
Mozilla Firefox (19.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 03-03-2013
Ran by Heather (administrator) on 06-03-2013 at 18:13:59
Running from "C:\Users\Heather\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
I have not adjusted the time. That is the main thing I've noticed that's changed. And just the scans not completing right.
 
Eset found no threats.

I adjusted the time but it resets to the wrong time with restarting the computer.
 
You may need to replace CMOS battery.

Anything else wrong with your computer?
 
I don't think anything else is wrong. What is the CMOS battery? The time was correct before beginning this process.
 
How to replace CMOS battery: http://pctechnotes.com/how-to-change-your-cmos-battery/

Also....

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.
 
I really don't think it would be a battery problem. It's a pretty new computer and the time runs at the correct pace, just shows up as some hours behind (with the correct minutes). Also, this problem just started since we started these virus scans.

Also, the update Java link gives me this error message:
Verify Java Version

We are unable to verify if Java is currently installed and enabled in your browser.
If you have installed Java and there is an error with the verification, there could be a configuration issue (eg. browser, Java control panel, security settings).
 
Regarding Java...
Run JavaRa first.
Then go here: https://www.techspot.com/downloads/6463-java-se.html and download standalone installer.

As for computer clock...
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
Good luck :)
 
I suggest new topic in Windows forum regarding Java and computer clock issues.
 
Back