Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91980 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Web Redirects, mouse functioning erratically [Solved]


  • This topic is locked This topic is locked
17 replies to this topic

#1 radrodidodi

radrodidodi

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 26 February 2014 - 07:09 AM

Hi,

 

Lately I've been getting redirected in my web browser.  There aren't any popups or redirects to unknown pages, but instead it's redirecting me to pages that we've bookmarked or frequently visited.  When I got malware like this a couple of years ago, the innocuous redirects became more frequent and started to redirect to commercial/scam sites. It seems that the mouse is funtioning erratically, too, sometimes requiring 2-3 clicks instead of one (this mouse issue may or may not be related)  I've pasted the HijackThis log below.

 

Thank you - Radrodidodi

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:57:18 AM, on 2/26/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAA.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Michael\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\bin\IPS\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\supportsoft\bin\bcont.exe"  /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_Plugin.exe -update plugin
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files\Windows Media Player\wmpnscfg.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Windows\System32\wpcumi.exe
O4 - HKUS\S-1-5-21-1218617016-3022421040-3124855728-1001\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Michael')
O4 - HKUS\S-1-5-21-1218617016-3022421040-3124855728-1001\..\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Michael')
O4 - HKUS\S-1-5-21-1218617016-3022421040-3124855728-1001\..\Run: [EPSON Stylus CX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\Users\Michael\AppData\Local\Temp\E_S166D.tmp" /EF "HKCU" (User 'Michael')
O4 - HKUS\S-1-5-21-1218617016-3022421040-3124855728-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Michael')
O4 - S-1-5-21-1218617016-3022421040-3124855728-1001 Startup: Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Michael')
O4 - S-1-5-21-1218617016-3022421040-3124855728-1001 User Startup: Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Michael')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\snac.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

--
End of file - 12754 bytes
 


    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,095 posts
  • Interests:Boo!....
  • MVP

Posted 28 February 2014 - 10:08 AM

Hi and welcome

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
  • rkill.exe
  • rkill.com
  • rkill.scr
  • rkill.pif
  • WiNlOgOn.exe
  • uSeRiNiT.exe
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download Farbar Recovery Scan Tool

    (use correct version for your system.....Which system am I using?)
    and Tutorial http://www.geekstogo...very-scan-tool/



    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 radrodidodi

radrodidodi

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 28 February 2014 - 10:13 PM

Hi Juliet - thanks for your help!  Here are the two reports that you requested:

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by Crystal (administrator) on CRYSTAL-PC on 28-02-2014 22:10:12
Running from C:\Users\Michael\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\Smc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Logitech\QuickCam\Quickcam.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAA.EXE
(Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-08] (Google)
HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [41944 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640480 2012-07-30] (Adobe Systems Inc.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\QuickCam\Quickcam.exe [2656528 2008-12-20] ()
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2012-07-01] (RealNetworks, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1218617016-3022421040-3124855728-1000\...\Run: [Desktop Software] - C:\Program Files\Common Files\supportsoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\S-1-5-21-1218617016-3022421040-3124855728-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1218617016-3022421040-3124855728-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_Plugin.exe -update plugin
HKU\S-1-5-21-1218617016-3022421040-3124855728-1000\...\RunOnce: [Application Restart #0] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1218617016-3022421040-3124855728-1000\...\RunOnce: [Application Restart #1] - C:\Windows\System32\wpcumi.exe [176128 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-1218617016-3022421040-3124855728-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218617016-3022421040-3124855728-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-30] (Google Inc.)
HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\...\Run: [Google Update] - C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-16] (Google Inc.)
HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\...\Run: [EPSON Stylus CX4400 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE [180736 2007-03-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-09-08] (Google)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicyUsers\S-1-5-21-1218617016-3022421040-3124855728-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\s63sz2m5.default
FF Homepage: https://www.google.c...lt&ltmplcache=2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.5.109 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.5.109 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.5.109 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: ASPCA App By We-Care.com - C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\s63sz2m5.default\Extensions\wecarereminder@bryan [2012-07-01]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\s63sz2m5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-01]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF [2013-10-09]

========================== Services (Whitelisted) =================

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-08] (Google)
R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2013-05-25] (Symantec Corporation)
R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\Smc.exe [1804256 2013-05-25] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\snac.exe [288656 2013-05-25] (Symantec Corporation)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [544688 2013-01-24] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-01-24] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-01-24] (Cisco Systems, Inc.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R1 BHDrvx86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx86.sys [1098968 2013-12-17] (Symantec Corporation)
R1 ccSettings_{0807952E-B22C-403B-A5F9-93CF778D514E}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x86\ccSetx86.sys [134744 2013-05-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-20] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20140228.012\IDSvix86.sys [394456 2014-01-15] (Symantec Corporation)
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25624 2008-12-16] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-17] (Logitech Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140228.008\NAVENG.SYS [93272 2013-09-16] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140228.008\NAVEX15.SYS [1612376 2013-09-16] (Symantec Corporation)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2686104 2008-12-16] (Logitech Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x86\SRTSP.SYS [603224 2013-05-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x86\SRTSPX.SYS [32344 2013-05-25] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\SyDvCtrl32.sys [28576 2013-05-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x86\SYMDS.SYS [367704 2013-05-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x86\SYMEFA.SYS [934488 2013-05-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-09-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x86\Ironx86.SYS [175264 2013-05-25] (Symantec Corporation)
R1 SYMTDIV; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x86\SYMTDIV.SYS [352344 2013-05-25] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [114080 2013-09-22] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [72880 2013-05-25] (Symantec Corporation)
S3 WCG200VistaI386; C:\Windows\System32\DRIVERS\WCG200V2VistaI386.sys [14848 2006-12-18] (Cisco-Linksys, LLC.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 22:10 - 2014-02-28 22:10 - 00023490 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-02-28 22:09 - 2014-02-28 22:10 - 00000000 ____D () C:\FRST
2014-02-28 22:07 - 2014-02-28 22:07 - 01143808 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-02-28 22:01 - 2014-02-28 22:03 - 00003252 _____ () C:\Users\Crystal\Desktop\Rkill.txt
2014-02-28 22:00 - 2014-02-28 22:00 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\rkill.exe
2014-02-27 13:24 - 2014-02-27 13:24 - 00314416 _____ (Dropbox, Inc.) C:\Users\Michael\Downloads\DropboxInstaller(1).exe
2014-02-27 13:19 - 2014-02-28 07:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DropboxMaster
2014-02-27 13:19 - 2014-02-27 13:19 - 00000000 ____D () C:\Program Files\Dropbox
2014-02-27 13:16 - 2014-02-27 13:16 - 00314416 _____ (Dropbox, Inc.) C:\Users\Michael\Downloads\DropboxInstaller.exe
2014-02-27 13:14 - 2014-02-27 12:17 - 294967137 _____ () C:\Users\Michael\Desktop\Spanish Career Interview.mov
2014-02-26 21:00 - 2014-02-27 07:36 - 00000000 ____D () C:\Users\Michael\Desktop\Spanish Interview Questions_Andrea Quintanar
2014-02-26 06:57 - 2014-02-26 06:57 - 00012756 _____ () C:\Users\Michael\Desktop\hijackthis.log
2014-02-25 22:12 - 2014-02-25 22:12 - 00625664 _____ () C:\Users\Michael\Desktop\dds.scr
2014-02-25 22:11 - 2014-02-25 22:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Michael\Desktop\HiJackThis.exe
2014-02-25 22:09 - 2014-02-25 22:09 - 00602112 _____ (OldTimer Tools) C:\Users\Michael\Desktop\OTL.exe
2014-02-23 14:47 - 2014-02-23 14:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SketchUp
2014-02-23 14:43 - 2014-02-23 14:43 - 00003120 _____ () C:\Windows\system32\ALLFSAF13a.ocx
2014-02-23 14:39 - 2014-02-23 14:39 - 00002063 _____ () C:\Users\Public\Desktop\Style Builder 2013.lnk
2014-02-23 14:39 - 2014-02-23 14:39 - 00001977 _____ () C:\Users\Public\Desktop\LayOut 2013.lnk
2014-02-23 14:39 - 2014-02-23 14:39 - 00001896 _____ () C:\Users\Public\Desktop\SketchUp 2013.lnk
2014-02-23 14:37 - 2014-02-23 14:37 - 00000000 ____D () C:\ProgramData\SketchUp
2014-02-23 14:37 - 2014-02-23 14:37 - 00000000 ____D () C:\Program Files\SketchUp
2014-02-23 14:22 - 2014-02-23 14:25 - 75726696 _____ (Trimble Navigation Limited) C:\Users\Michael\Downloads\SketchUpWEN.exe
2014-02-20 22:17 - 2014-02-20 22:17 - 00000000 ____D () C:\Users\Crystal\Downloads\TL-WDR4300_V1_130617
2014-02-20 22:11 - 2014-02-20 22:11 - 06028681 _____ () C:\Users\Crystal\Downloads\TL-WDR4300_V1_130617.zip
2014-02-20 21:09 - 2014-02-20 21:09 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Skype
2014-02-20 21:08 - 2014-02-21 02:38 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\Skype
2014-02-15 00:32 - 2014-02-15 00:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 03:03 - 2014-02-05 02:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 03:03 - 2014-02-05 02:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 03:03 - 2014-02-05 02:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 03:03 - 2014-02-05 02:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 03:03 - 2014-02-05 02:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 03:03 - 2014-02-05 02:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 03:03 - 2014-02-05 02:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-14 03:03 - 2014-02-05 02:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 03:03 - 2014-02-05 02:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-14 03:03 - 2014-02-05 02:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 03:03 - 2014-02-05 02:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 03:03 - 2014-02-05 02:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 03:03 - 2014-02-05 02:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 03:03 - 2014-02-05 02:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 03:03 - 2014-02-05 02:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-14 03:03 - 2014-02-05 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 07:13 - 2013-12-04 20:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-09 15:10 - 2014-02-09 15:12 - 00008943 _____ () C:\Users\Michael\Documents\Pregnancy Costs 2014.xlsx
2014-02-06 20:08 - 2014-02-27 03:21 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-02-06 20:08 - 2014-02-06 20:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Skype
2014-02-06 20:07 - 2014-02-06 20:09 - 00002487 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-06 20:07 - 2014-02-06 20:07 - 00000000 ___RD () C:\Program Files\Skype
2014-02-06 20:07 - 2014-02-06 20:07 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-06 20:06 - 2014-02-06 20:09 - 00000000 ____D () C:\ProgramData\Skype

==================== One Month Modified Files and Folders =======

2014-02-28 22:10 - 2014-02-28 22:10 - 00023490 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-02-28 22:10 - 2014-02-28 22:09 - 00000000 ____D () C:\FRST
2014-02-28 22:07 - 2014-02-28 22:07 - 01143808 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-02-28 22:07 - 2006-11-02 06:45 - 00003616 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 22:07 - 2006-11-02 06:45 - 00003616 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 22:03 - 2014-02-28 22:01 - 00003252 _____ () C:\Users\Crystal\Desktop\Rkill.txt
2014-02-28 22:00 - 2014-02-28 22:00 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\rkill.exe
2014-02-28 21:37 - 2008-08-07 07:10 - 02002980 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 21:29 - 2011-01-24 21:24 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218617016-3022421040-3124855728-1001UA.job
2014-02-28 21:24 - 2012-05-26 05:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 21:15 - 2012-02-26 20:51 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 07:32 - 2014-02-27 13:19 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DropboxMaster
2014-02-28 07:32 - 2013-02-08 18:19 - 00000000 ___RD () C:\Users\Michael\Dropbox
2014-02-28 07:32 - 2013-02-08 06:51 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2014-02-28 07:31 - 2008-08-21 13:31 - 00000000 ____D () C:\MDT
2014-02-28 07:29 - 2012-02-26 20:51 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 03:43 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\rescache
2014-02-28 03:28 - 2008-08-22 16:18 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-28 03:28 - 2006-11-02 06:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 03:26 - 2006-11-02 06:58 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-28 00:29 - 2011-01-24 21:24 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218617016-3022421040-3124855728-1001Core.job
2014-02-27 22:34 - 2013-06-22 12:06 - 00027532 _____ () C:\Users\Michael\Documents\Churning.xlsx
2014-02-27 20:56 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\tracing
2014-02-27 13:27 - 2013-02-08 18:19 - 00000927 _____ () C:\Users\Michael\Desktop\Dropbox.lnk
2014-02-27 13:27 - 2013-02-08 10:09 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-27 13:24 - 2014-02-27 13:24 - 00314416 _____ (Dropbox, Inc.) C:\Users\Michael\Downloads\DropboxInstaller(1).exe
2014-02-27 13:19 - 2014-02-27 13:19 - 00000000 ____D () C:\Program Files\Dropbox
2014-02-27 13:16 - 2014-02-27 13:16 - 00314416 _____ (Dropbox, Inc.) C:\Users\Michael\Downloads\DropboxInstaller.exe
2014-02-27 12:17 - 2014-02-27 13:14 - 294967137 _____ () C:\Users\Michael\Desktop\Spanish Career Interview.mov
2014-02-27 07:36 - 2014-02-26 21:00 - 00000000 ____D () C:\Users\Michael\Desktop\Spanish Interview Questions_Andrea Quintanar
2014-02-27 03:21 - 2014-02-06 20:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-02-27 03:12 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-27 03:03 - 2006-11-02 04:33 - 00752894 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 17:30 - 2008-08-31 07:26 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Mozilla
2014-02-26 06:57 - 2014-02-26 06:57 - 00012756 _____ () C:\Users\Michael\Desktop\hijackthis.log
2014-02-26 03:35 - 2008-01-20 21:02 - 00135714 _____ () C:\Windows\PFRO.log
2014-02-25 22:12 - 2014-02-25 22:12 - 00625664 _____ () C:\Users\Michael\Desktop\dds.scr
2014-02-25 22:11 - 2014-02-25 22:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Michael\Desktop\HiJackThis.exe
2014-02-25 22:09 - 2014-02-25 22:09 - 00602112 _____ (OldTimer Tools) C:\Users\Michael\Desktop\OTL.exe
2014-02-23 14:55 - 2010-01-10 21:35 - 00000000 ____D () C:\Users\Michael\9216 N Timber Lane
2014-02-23 14:47 - 2014-02-23 14:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SketchUp
2014-02-23 14:43 - 2014-02-23 14:43 - 00003120 _____ () C:\Windows\system32\ALLFSAF13a.ocx
2014-02-23 14:39 - 2014-02-23 14:39 - 00002063 _____ () C:\Users\Public\Desktop\Style Builder 2013.lnk
2014-02-23 14:39 - 2014-02-23 14:39 - 00001977 _____ () C:\Users\Public\Desktop\LayOut 2013.lnk
2014-02-23 14:39 - 2014-02-23 14:39 - 00001896 _____ () C:\Users\Public\Desktop\SketchUp 2013.lnk
2014-02-23 14:37 - 2014-02-23 14:37 - 00000000 ____D () C:\ProgramData\SketchUp
2014-02-23 14:37 - 2014-02-23 14:37 - 00000000 ____D () C:\Program Files\SketchUp
2014-02-23 14:25 - 2014-02-23 14:22 - 75726696 _____ (Trimble Navigation Limited) C:\Users\Michael\Downloads\SketchUpWEN.exe
2014-02-22 13:12 - 2014-01-19 13:41 - 00011184 _____ () C:\Users\Michael\Documents\cell phone and WiFi speed test.xlsx
2014-02-22 09:24 - 2012-10-21 18:43 - 00056832 _____ () C:\Users\Michael\Desktop\Crystal's Running Distances.xls
2014-02-22 03:30 - 2013-10-16 00:52 - 00007464 _____ () C:\Windows\system32\spsys.log
2014-02-21 02:38 - 2014-02-20 21:08 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\Skype
2014-02-20 23:24 - 2012-05-26 05:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 23:24 - 2011-06-04 07:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 22:17 - 2014-02-20 22:17 - 00000000 ____D () C:\Users\Crystal\Downloads\TL-WDR4300_V1_130617
2014-02-20 22:11 - 2014-02-20 22:11 - 06028681 _____ () C:\Users\Crystal\Downloads\TL-WDR4300_V1_130617.zip
2014-02-20 21:09 - 2014-02-20 21:09 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Skype
2014-02-20 20:21 - 2013-07-30 05:59 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-16 03:19 - 2012-11-30 23:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 00:33 - 2014-02-15 00:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 03:14 - 2013-08-13 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 03:10 - 2006-11-02 04:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-09 15:12 - 2014-02-09 15:10 - 00008943 _____ () C:\Users\Michael\Documents\Pregnancy Costs 2014.xlsx
2014-02-06 20:09 - 2014-02-06 20:07 - 00002487 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-06 20:09 - 2014-02-06 20:06 - 00000000 ____D () C:\ProgramData\Skype
2014-02-06 20:08 - 2014-02-06 20:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Skype
2014-02-06 20:07 - 2014-02-06 20:07 - 00000000 ___RD () C:\Program Files\Skype
2014-02-06 20:07 - 2014-02-06 20:07 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-05 02:58 - 2014-02-14 03:03 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 02:56 - 2014-02-14 03:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 02:53 - 2014-02-14 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 02:51 - 2014-02-14 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 02:50 - 2014-02-14 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 02:49 - 2014-02-14 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 02:49 - 2014-02-14 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 02:48 - 2014-02-14 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 02:48 - 2014-02-14 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 02:48 - 2014-02-14 03:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 02:48 - 2014-02-14 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 02:48 - 2014-02-14 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 02:47 - 2014-02-14 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 02:47 - 2014-02-14 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 02:47 - 2014-02-14 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 02:46 - 2014-02-14 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

Some content of TEMP:
====================
C:\Users\Crystal\AppData\Local\temp\lowproc.exe
C:\Users\Crystal\AppData\Local\temp\stubhelper.dll
C:\Users\Michael\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizyh1u.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 15:35

==================== End Of Log ============================

 

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
Ran by Crystal at 2014-02-28 22:10:59
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.2 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.2 - Adobe Systems) Hidden
Adobe Acrobat 9.5.2 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_952) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations (HKLM\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
ASPCA Reminder by We-Care.com v5.0.7.1 (HKLM\...\{EE5AC0B6-A4CA-4829-8B1D-C1CBF1596B8D}) (Version: 5.0.7.1 - We-Care.com)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.3.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon Personal Printing Guide (HKLM\...\Personal Printing Guide) (Version: 1.1.1.3 - Canon Inc.)
Canon PowerShot SD4500 IS_IXUS 1000 HS Camera User Guide (HKLM\...\CameraUserGuide-PSSD4500IS_IXUS1000HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.3.0.6 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.1.0.4 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.)
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp)
CBLight 2009 (HKLM\...\CBLight 2009) (Version: 2009 - ChessBase GmbH)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02040 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.02040 - Cisco Systems, Inc.) Hidden
Comcast Desktop Software (v1.2.0.9) (HKLM\...\{CEF7211D-CE3A-44C4-B321-D84A2099AE94}) (Version: 23 - Comcast)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conference Preliminary Program 2010 (HKLM\...\d4c7b8d04ba029e25bdee5f4d1148e88.8A83BD0BE459142F50C111755484E359D8DBFFF2.1) (Version: 2010-01-28 16:28:28 - Nxtbook Media, LLC)
Conference Preliminary Program 2010 (Version: 255.01.28 - Nxtbook Media, LLC) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated) <==== ATTENTION
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
DiskCheckup v3.1 (HKLM\...\DiskCheckup_is1) (Version: 3.1.1001 - PassMark Software)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
EOS 20D WIA Driver (HKLM\...\EOS 20D WIA Driver) (Version: 6.0.0.4 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Foxit Reader 5.1 (HKLM\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{CCE68200-4ED0-3E0A-A7F2-504897E356AB}) (Version: 5.1.5.17733 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
iCloud (HKLM\...\{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}) (Version: 1.0.2.17 - Apple Inc.)
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden
iPhone Configuration Utility (HKLM\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.300 - Oracle)
Linksys WCG200 ver. 2 Wireless-G Cable Gateway (HKLM\...\Linksys WCG200 Uninstall) (Version:  - )
Logitech QuickCam (HKLM\...\{937B232D-9776-471E-92BD-D424E514EF14}) (Version: 11.90.1263 - Logitech Inc.)
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.90) (Version:  - )
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OverDrive Media Console (HKLM\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
RSA SecurID Software Token (HKLM\...\{4C3FFAF4-133E-46BF-8498-E67FF90E2823}) (Version: 3.0.6.0000 - RSA Security)
RuntimeLibsVC05 (HKLM\...\{83EE1D72-072F-4381-AF50-5F0133AE8715}) (Version: 1.2.0 - Microsoft)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.13 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SpywareBlaster 4.5 (HKLM\...\SpywareBlaster_is1) (Version: 4.5.0 - Javacool Software LLC)
Stamps.com (HKLM\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (Version: 10.1.1.2456 - Stamps.com, Inc.) Hidden
Symantec Endpoint Protection (HKLM\...\{8693E64C-16F3-4388-ACC0-9E8D586BEC17}) (Version: 12.1.3001.165 - Symantec Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WhoCrashed 3.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Driver Package - Logitech HIDClass  (10/16/2006 1.0) (HKLM\...\1EC636D2DBA2D9924E02E10DA797DEC16306C1A9) (Version: 10/16/2006 1.0 - Logitech)
WinZip 14.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}) (Version: 14.0.9029 - WinZip Computing, S.L. )

==================== Restore Points  =========================

21-02-2014 09:00:14 Windows Update
22-02-2014 09:00:14 Windows Update
23-02-2014 06:00:17 Scheduled Checkpoint
23-02-2014 09:00:13 Windows Update
23-02-2014 20:33:40 Installed SketchUp 2013
24-02-2014 09:00:16 Windows Update
25-02-2014 07:01:55 Scheduled Checkpoint
25-02-2014 09:00:15 Windows Update
26-02-2014 06:01:05 Scheduled Checkpoint
26-02-2014 09:00:13 Windows Update
27-02-2014 06:00:15 Scheduled Checkpoint
27-02-2014 09:00:13 Windows Update
28-02-2014 08:25:45 Scheduled Checkpoint
28-02-2014 09:00:13 Windows Update
01-03-2014 01:27:59 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 04:23 - 2012-01-07 09:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0775B3AB-EA54-4228-805F-B7EBDDB52C91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-26] (Google Inc.)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {5C318F7F-3AAF-4C3C-B09A-28C6E01964A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1218617016-3022421040-3124855728-1001UA => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16] (Google Inc.)
Task: {72A5DD84-69D3-4969-99A2-E6041F8646C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {89DF9B0F-C16D-40F5-AF9A-BF0DF66007DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {906E4D1D-9501-49D1-BC55-2DD9112D5453} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-26] (Google Inc.)
Task: {913F5BD0-AE89-4D96-9690-2E92C88C886C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Crystal => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {A265174F-E01A-40ED-9BCF-7CF0B419DC55} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {AF831E3D-7D1F-474B-A554-A504C7E2587C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1218617016-3022421040-3124855728-1001Core => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218617016-3022421040-3124855728-1001Core.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218617016-3022421040-3124855728-1001UA.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-08-07 12:22 - 2010-09-08 11:21 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2012-01-13 22:13 - 2009-02-27 14:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2012-01-13 22:13 - 2009-02-27 14:32 - 00020480 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2008-12-20 07:50 - 2008-12-20 07:50 - 02656528 _____ () C:\Program Files\Logitech\QuickCam\Quickcam.exe
2011-01-29 09:57 - 2011-01-29 09:57 - 00061496 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
2014-02-28 07:31 - 2014-02-28 07:31 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizyh1u.dll
2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll
2008-12-20 07:46 - 2008-12-20 07:46 - 00558864 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-02-15 00:32 - 2014-02-15 00:33 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-20 23:24 - 2014-02-20 23:24 - 16265096 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2014 07:02:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15615

Error: (02/28/2014 07:02:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15615

Error: (02/28/2014 07:02:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/28/2014 02:30:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13494

Error: (02/28/2014 02:30:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13494

Error: (02/28/2014 02:30:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/28/2014 02:30:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12496

Error: (02/28/2014 02:30:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12496

Error: (02/28/2014 02:30:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/28/2014 02:30:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11497


System errors:
=============
Error: (02/28/2014 03:32:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x8004402fUpdate for Windows Driver Framework version 1.11 for Windows Vista (KB2761494){8880B41A-0913-4771-A4A4-521771E8E754}201

Error: (02/28/2014 03:32:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x800f0826Security Update for Windows Vista (KB2884256){3CCC50A0-55A5-400B-9D88-0724EB4B6438}201

Error: (02/28/2014 03:32:27 AM) (Source: Microsoft-Windows-Servicing) (User: )
Description: Windows Servicing failed to complete the process of setting package Package_for_KB971286~31bf3856ad364e35~x86~~6.0.1.9 () into Staged(Staged) state

Error: (02/28/2014 03:32:27 AM) (Source: Microsoft-Windows-Servicing) (User: )
Description: Windows Servicing failed to complete the process of setting package Package_for_KB971286_client~31bf3856ad364e35~x86~~6.0.1.9 () into Staged(Staged) state

Error: (02/28/2014 03:32:27 AM) (Source: Microsoft-Windows-Servicing) (User: )
Description: Windows Servicing failed to complete the process of setting package Package_for_KB971286_client_2~31bf3856ad364e35~x86~~6.0.1.9 () into Staged(Staged) state

Error: (02/28/2014 03:32:27 AM) (Source: Microsoft-Windows-Servicing) (User: )
Description: Windows Servicing failed to complete the process of setting package Package_for_KB971286_client_1~31bf3856ad364e35~x86~~6.0.1.9 () into Staged(Staged) state

Error: (02/28/2014 03:32:27 AM) (Source: Microsoft-Windows-Servicing) (User: )
Description: Windows Servicing failed to complete the process of setting package Package_for_KB971286_client_0~31bf3856ad364e35~x86~~6.0.1.9 () into Staged(Staged) state

Error: (02/28/2014 03:32:27 AM) (Source: Microsoft-Windows-Servicing) (User: )
Description: Windows Servicing failed to complete the process of setting package Package_for_KB2884256~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

Error: (02/28/2014 03:32:27 AM) (Source: Microsoft-Windows-Servicing) (User: )
Description: Windows Servicing failed to complete the process of setting package Package_for_KB2884256_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state

Error: (02/28/2014 03:32:27 AM) (Source: Microsoft-Windows-Servicing) (User: )
Description: Windows Servicing failed to complete the process of setting package Package_for_KB2884256_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state


Microsoft Office Sessions:
=========================
Error: (11/08/2012 09:03:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 940 seconds with 300 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-02-28 22:10:35.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-28 22:10:35.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-28 22:10:34.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-28 22:10:34.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-28 22:10:26.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-28 22:10:26.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-28 22:10:25.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-28 22:10:25.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-28 11:40:37.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-28 11:40:37.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 2036.45 MB
Available physical RAM: 667.61 MB
Total Pagefile: 4314.18 MB
Available Pagefile: 2573.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.49 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:90.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.43 GB) NTFS
Drive e: (Spanish Interview Questions) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,095 posts
  • Interests:Boo!....
  • MVP

Posted 01 March 2014 - 05:18 AM

Please go to add/remove programs list and uninstall Coupon Printer for Windows

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
ShortcutTarget: Dropbox.lnk -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicyUsers\S-1-5-21-1218617016-3022421040-3124855728-1001\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
BHO: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: ASPCA App By We-Care.com - C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\s63sz2m5.default\Extensions\wecarereminder@bryan [2012-07-01]
C:\Users\Crystal\AppData\Local\temp\lowproc.exe
C:\Users\Crystal\AppData\Local\temp\stubhelper.dll
C:\Users\Michael\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizyh1u.dll
end


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


*******************

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


adwcleaner_download.png
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • ******************************


    Please post:
    Fixlog.txt
    C:\AdwCleaner[S1].txt
    JRT.txt

    Also give me an update as to how the computer is at the moment.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 radrodidodi

radrodidodi

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 03 March 2014 - 09:51 PM

Hi again and thank you for your help!

 

1) uninstall Coupon Printer for Windows --> partially completed.  After uninstalling the first instance, the second one said something like "this program cannot be found... it's possible that it's already been removed."  So I continued.  I think there was one instance for Firefox and one for IE.

 

2) FRST --> ran this program and it created a log.  However, its no longer on my desktop as some files have been moved around - see below

 

3) ADWcleaner --> ran this program and it created a log, too, but it was moved and cannot be found

 

4) ran JRT after shutting down Symantec--> log is posted below

 

5) after completing all of this, there are some funny things going on:

a) even though I'm logged onto "Michael," my start menu shows "Crystal"

B) most of the exe's and log files on my desktop have been removed or possibly hidden

c) I cannot open the control panel, my computer, or any folders  (double click --> spinning wheel 1 sec--> nothing happens)

d) I have a new shortcut/icon on my desktop for "CouponActivator" and a 7z922 icon

e) several of the icons in my taskbar are not showing (where the network, speakers, time, etc are shown)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by Crystal on Mon 03/03/2014 at 19:49:20.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Crystal\AppData\Roaming\mozilla\firefox\profiles\s63sz2m5.default\minidumps [39 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/03/2014 at 19:55:01.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 radrodidodi

radrodidodi

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 04 March 2014 - 07:52 AM

after restarting, all of the oddities mentioned in 5) above have all returned to normal.  While it looks good on the surface, it kind of worries me but I'm assuming the logs will tell you what you need to know.  Here are the logs that were not posted above

 

Fixlog.txt
C:\AdwCleaner[S1].txt  --> I didn't have an S1 file, but I had an S0 file, which is pasted below.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2014 03
Ran by Crystal at 2014-03-02 21:31:13 Run:1
Running from C:\Users\Michael\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\...\Winlogon: [Shell] Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
ShortcutTarget: Dropbox.lnk -> C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicyUsers\S-1-5-21-1218617016-3022421040-3124855728-1001\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
BHO: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: ASPCA App By We-Care.com - C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\s63sz2m5.default\Extensions\wecarereminder@bryan [2012-07-01]
C:\Users\Crystal\AppData\Local\temp\lowproc.exe
C:\Users\Crystal\AppData\Local\temp\stubhelper.dll
C:\Users\Michael\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizyh1u.dll
end
*****************

HKU\S-1-5-21-1218617016-3022421040-3124855728-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1218617016-3022421040-3124855728-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} => Key deleted successfully.
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} => Key deleted successfully.
C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\s63sz2m5.default\Extensions\wecarereminder@bryan => Moved successfully.
C:\Users\Crystal\AppData\Local\temp\lowproc.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\temp\stubhelper.dll => Moved successfully.
"C:\Users\Michael\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizyh1u.dll" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====

 

# AdwCleaner v3.020 - Report created 02/03/2014 at 21:46:25
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Crystal - CRYSTAL-PC
# Running from : C:\Users\Michael\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WeCareReminder

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\caphyon

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\s63sz2m5.default\prefs.js ]


[ File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7or173oq.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://mail.google.com/mail/#inbox");

*************************

AdwCleaner[R0].txt - [2270 octets] - [02/03/2014 21:42:41]
AdwCleaner[S0].txt - [2231 octets] - [02/03/2014 21:46:25]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2291 octets] ##########
 



#7 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,095 posts
  • Interests:Boo!....
  • MVP

Posted 04 March 2014 - 08:03 AM

OK, this looks better, was worried there for a few minutes.

How is the computer now?


Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

~~~~~~~~~~~~~~~~~

Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#8 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,095 posts
  • Interests:Boo!....
  • MVP

Posted 07 March 2014 - 04:04 PM

still need help?


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#9 radrodidodi

radrodidodi

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 08 March 2014 - 10:20 PM

Hi, sorry for the delays! I will post the EARTh results tomorrow, but the PC has been acting normally.

#10 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,095 posts
  • Interests:Boo!....
  • MVP

Posted 08 March 2014 - 10:25 PM

:thumbup:


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

    Advertisements

Register to Remove


#11 radrodidodi

radrodidodi

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 09 March 2014 - 01:25 PM

Hi again - I ran TFC, and then ESET, with the results below:

C:\iPhone Jailbreak\for iPhone 3gs\Setup.exe    a variant of Win32/Adware.iBryte.G application
C:\Users\Michael\Downloads\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe    a variant of Win32/CNETInstaller.A potentially unwanted application
C:\Users\Michael\Downloads\FoxitReader514.0104_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application



#12 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,095 posts
  • Interests:Boo!....
  • MVP

Posted 09 March 2014 - 04:14 PM

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
C:\iPhone Jailbreak\for iPhone 3gs\Setup.exe
C:\Users\Michael\Downloads\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe
C:\Users\Michael\Downloads\FoxitReader514.0104_enu_Setup.exe
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
~~~~~~~~~~~~~

Please post these 2 logs.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#13 radrodidodi

radrodidodi

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 10 March 2014 - 06:46 AM

Hello - here are the two logs.  We haven't noticed any redirects or odd mouse behavior.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-03-2014 01
Ran by Crystal at 2014-03-09 22:26:50 Run:2
Running from C:\Users\Michael\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\iPhone Jailbreak\for iPhone 3gs\Setup.exe
C:\Users\Michael\Downloads\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe
C:\Users\Michael\Downloads\FoxitReader514.0104_enu_Setup.exe
Reboot:
end
*****************

C:\iPhone Jailbreak\for iPhone 3gs\Setup.exe => Moved successfully.
C:\Users\Michael\Downloads\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe => Moved successfully.
C:\Users\Michael\Downloads\FoxitReader514.0104_enu_Setup.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

====================

 Results of screen317's Security Check version 0.99.80  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 4.5    
 Java™ 6 Update 30  
 Java version out of Date!
 Adobe Flash Player     12.0.0.70  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1)
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 



#14 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,095 posts
  • Interests:Boo!....
  • MVP

Posted 10 March 2014 - 07:07 AM

We haven't noticed any redirects or odd mouse behavior.

Music to my ears!


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

 

Programs to remove
Adobe Reader 10.1.9
Java 6 Update 30


~~~~~~~~~~~~~~~~~~~~~~~`

Update Adobe reader
Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.


You can download it from http://www.adobe.com.../readstep2.html
Be sure to uncheck McAfee security scan.

After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Install Java:
Please go here to install Java
click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Any questions?,
see any other malware issues on the computer?

If not I think we're ready to close this out and remove quarantine folders and I'll post a few preventive tips.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#15 radrodidodi

radrodidodi

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 10 March 2014 - 08:16 PM

Thanks again for the tips.  I went through your instructions without any problems, and we don't see any other malware issues at this time.  You guys are the best!  OldMan960 helped me a lot a couple of years ago, and this has been another positive experience!  Thank you!


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users