Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox redirecting random links (tried many solutions online, no luck)


  • Please log in to reply
17 replies to this topic

#1 beckyglass

beckyglass

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:05:26 AM

Posted 27 March 2013 - 08:24 PM

I recently have been getting random links to redirect. It chooses random links that I click and redirects me to multiple different sites. While watching the address bar load, it always begins with "purchasereviews.net/donate.php" then redirects immediately. I do run adblock plus addon, and it has been preventing the pages from loading (for the most part), and the links are now beginning to close the entire window immediately after a redirect. Can anyone please help me?

 

Mod Edit: Moved topic from Web Browsing to a more appropriate forum. ~bloopie


Edited by bloopie, 27 March 2013 - 08:39 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 AM

Posted 27 March 2013 - 08:35 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log

 



#3 beckyglass

beckyglass
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:05:26 AM

Posted 27 March 2013 - 09:43 PM

I will post in a few different replies due to it not posting

 

 

I have run 3 out of the 4 and bolded each new log. I will do the Eset as soon as possible. I also went into firefox plugins and extensions and removed "Conduit" items. I ran a few of these programs as I had seen them in other posts, but nothing came up. I will reply if the Conduit was causing the redirections. Thank you for your help.


I am running Windows on a Mac as well, Intel Core i5-2415M CPU @ 2.3 GHz, Installed Ram 4 GB, 64 Bit OS.

 

Rkill (Have Firewall off because of Xbox streaming issues)

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/27/2013 08:38:27 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\student\Desktop\rkill\rkill-03-27-2013-08-38-43.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/27/2013 08:38:51 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)



#4 beckyglass

beckyglass
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:05:26 AM

Posted 27 March 2013 - 09:47 PM

TDSS Killer

This post was too long to post in 1 message. Please let me know if you would like me to post it in multiple responses. Here is the end:

 


21:00:37.0843 3044  ============================================================
21:00:37.0858 3888  Detected object count: 0
21:00:37.0858 3888  Actual detected object count: 0



Junkware Removal

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.7.3 (03.23.2013:1)

OS: Windows 7 Enterprise x64

Ran by student on Wed 03/27/2013 at 21:04:20.90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3364274326-1166055961-3312878283-1000\software\microsoft\internet explorer\main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\softonic

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3220468

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

~~~ Files

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\student\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\student\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

~~~ FireFox

 

Successfully deleted: [File] C:\Users\student\AppData\Roaming\mozilla\firefox\profiles\s683ry0a.default\searchplugins\conduit.xml

Successfully deleted: [Folder] C:\Users\student\AppData\Roaming\mozilla\firefox\profiles\s683ry0a.default\smartbar

Successfully deleted the following from C:\Users\student\AppData\Roaming\mozilla\firefox\profiles\s683ry0a.default\prefs.js

 

user_pref("CT3220468.BT_Stats", "{\"last_log\":1349898947,\"uuid\":691702054863782,\"seq_id\":1,\"ssb\":1349898947}");

user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3220468.FirstTime", "true");

user_pref("CT3220468.FirstTimeFF3", "true");

user_pref("CT3220468.LoginRevertSettingsEnabled", true);

user_pref("CT3220468.RevertSettingsEnabled", false);

user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=");

user_pref("CT3220468.UserID", "UN66553642942809847");

user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

user_pref("CT3220468.autoDisableScopes", -1);

user_pref("CT3220468.browser.search.defaultthis.engineName", true);

user_pref("CT3220468.cbcountry_001", "US");

user_pref("CT3220468.cbfirsttime", "Wed Oct 10 2012 14:55:46 GMT-0500 (Central Daylight Time)");

user_pref("CT3220468.enableAlerts", "always");

user_pref("CT3220468.enableFix404ByUser", "FALSE");

user_pref("CT3220468.enableSearchFromAddressBar", "true");

user_pref("CT3220468.firstTimeDialogOpened", "true");

user_pref("CT3220468.fixPageNotFoundError", "true");

user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");

user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

user_pref("CT3220468.fixUrls", true);

user_pref("CT3220468.installId", "fft6ADC.tmp.exe");

user_pref("CT3220468.installType", "XPE");

user_pref("CT3220468.isCheckedStartAsHidden", true);

user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3220468.isFirstTimeToolbarLoading", "false");

user_pref("CT3220468.isNewTabEnabled", false);

user_pref("CT3220468.isPerformedSmartBarTransition", "true");

user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT3220468.keyword", true);

user_pref("CT3220468.lastVersion", "10.15.0.562");

user_pref("CT3220468.migrateAppsAndComponents", true);

user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"(1)%20Facebook\",\

user_pref("CT3220468.openThankYouPage", "true");

user_pref("CT3220468.openUninstallPage", "FALSE");

user_pref("CT3220468.search.searchAppId", "129813684258939747");

user_pref("CT3220468.search.searchCount", "0");

user_pref("CT3220468.searchInNewTabEnabled", "false");

user_pref("CT3220468.searchInNewTabEnabledByUser", "false");

user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");

user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");

user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");

user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");

user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349898944186");

user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1349898944165");

user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349898945291");

user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1364410493566");

user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353269986188");

user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358446489980");

user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364342495801");

user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359753856750");

user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360971485163");

user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363230727822");

user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1364427855345");

user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349898945076");

user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1349898943662");

user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1364410493297");

user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349898945162");

user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1364427854938");

user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1364410493415");

user_pref("CT3220468.settingsINI", true);

user_pref("CT3220468.shouldFirstTimeDialog", "false");

user_pref("CT3220468.showToolbarPermission", "false");

user_pref("CT3220468.smartbar.CTID", "CT3220468");

user_pref("CT3220468.smartbar.Uninstall", "0");

user_pref("CT3220468.smartbar.homepage", true);

user_pref("CT3220468.smartbar.isHidden", true);

user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

user_pref("CT3220468.startPage", "userChanged");

user_pref("CT3220468.toolbarBornServerTime", "10-10-2012");

user_pref("CT3220468.toolbarCurrentServerTime", "28-3-2013");

user_pref("CT3220468.toolbarDisabled", "true");

user_pref("CT3220468.toolbarLoginClientTime", "Thu Mar 14 2013 00:26:23 GMT-0500 (Central Daylight Time)");

user_pref("CT3220468.upgradeFromClearSBVersion", true);

user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364430515509,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}

user_pref("Smartbar.ConduitHomepagesList", "");

user_pref("Smartbar.ConduitSearchEngineList", "");

user_pref("Smartbar.ConduitSearchUrlList", "");

user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");

user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN66553642942809847&UM=&q=");

user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT

user_pref("smartbar.machineId", "VU4FUZLVJLJ+BW3RCYHSBDHW6LS3D+EXEIVXAU2QGOO0V+LCI5/P7XCZ+4U1DJM44C7MCRCDUKN1R+YGZV5K6Q");

user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=");

Emptied folder: C:\Users\student\AppData\Roaming\mozilla\firefox\profiles\s683ry0a.default\minidumps [915 files]

 

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 03/27/2013 at 21:10:57.67

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Rkill (Have Firewall off because of Xbox streaming issues)

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/27/2013 08:38:27 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\student\Desktop\rkill\rkill-03-27-2013-08-38-43.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/27/2013 08:38:51 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)



#5 beckyglass

beckyglass
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:05:26 AM

Posted 27 March 2013 - 09:50 PM

I am still being redirected, I ran Spybot Search and Destroy, and Hitman Pro.



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 AM

Posted 27 March 2013 - 09:58 PM

I will wait for ESET.Do not run any other scans unless instructed.If you want to run scans on your own let me know,i will stop my help here.



#7 beckyglass

beckyglass
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:05:26 AM

Posted 27 March 2013 - 10:57 PM

I was just trying to help, sorry. Running the scan now, will have posted by the morning. I appreciate your help.



#8 beckyglass

beckyglass
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:05:26 AM

Posted 28 March 2013 - 06:49 AM

Eset:

 

C:\$Recycle.Bin\S-1-5-21-3364274326-1166055961-3312878283-1000\$RL65N5D.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
 



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 AM

Posted 28 March 2013 - 06:53 AM

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware
  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log


 



#10 beckyglass

beckyglass
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:05:26 AM

Posted 28 March 2013 - 07:41 AM

Malwarebytes

 

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.03.28.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

student :: C-C82A1437430D [administrator]

 

3/28/2013 7:13:47 AM

mbam-log-2013-03-28 (07-13-47).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230144

Time elapsed: 3 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)



Farbar’s

 

MiniToolBox by Farbar  Version:05-03-2013

Ran by student (administrator) on 28-03-2013 at 07:22:42

Running from "C:\Users\student\Desktop"

Windows 7 Enterprise Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ==============================

 

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

 

 

========================= IP Configuration: ================================

 

Broadcom 802.11n Network Adapter = Wireless Network Connection 2 (Connected)

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Hardware not present)

Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Media disconnected)

Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

add address name="Local Area Connection" address=192.168.137.1 mask=255.255.255.0

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : C-C82A1437430D

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : uwstout.edu

 

Wireless LAN adapter Wireless Network Connection 2:

 

   Connection-specific DNS Suffix  . : uwstout.edu

   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter #2

   Physical Address. . . . . . . . . : E4-CE-8F-15-5E-E6

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::523:7c5c:aaad:f117%16(Preferred)

   IPv4 Address. . . . . . . . . . . : 144.13.61.57(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Thursday, March 28, 2013 7:00:40 AM

   Lease Expires . . . . . . . . . . : Thursday, March 28, 2013 7:30:40 AM

   Default Gateway . . . . . . . . . : 144.13.61.5

   DHCP Server . . . . . . . . . . . : 144.13.245.16

   DHCPv6 IAID . . . . . . . . . . . : 400871055

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-D1-8C-88-C8-2A-14-37-43-0D

   DNS Servers . . . . . . . . . . . : 144.13.1.7

                                       144.13.1.11

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Bluetooth Network Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

   Physical Address. . . . . . . . . : E4-CE-8F-15-5E-E7

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : drbl.name

   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

   Physical Address. . . . . . . . . : C8-2A-14-37-43-0D

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.uwstout.edu:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : uwstout.edu

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.{70BFF560-306D-4FAE-B31B-F7C5C58C0245}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter 6TO4 Adapter:

 

   Connection-specific DNS Suffix  . : uwstout.edu

   Description . . . . . . . . . . . : Microsoft 6to4 Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2002:900d:3d39::900d:3d39(Preferred)

   Default Gateway . . . . . . . . . :

   DNS Servers . . . . . . . . . . . : 144.13.1.7

                                       144.13.1.11

   NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  dns3.uwstout.edu

Address:  144.13.1.7

 

Name:    google.com

Addresses:  2607:f8b0:4009:800::1001

              74.125.225.33

              74.125.225.34

              74.125.225.35

              74.125.225.36

              74.125.225.37

              74.125.225.38

              74.125.225.39

              74.125.225.40

              74.125.225.41

              74.125.225.46

              74.125.225.32

 

 

Pinging google.com [74.125.225.34] with 32 bytes of data:

Reply from 74.125.225.34: bytes=32 time=24ms TTL=55

Reply from 74.125.225.34: bytes=32 time=62ms TTL=55

 

Ping statistics for 74.125.225.34:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 24ms, Maximum = 62ms, Average = 43ms

Server:  dns3.uwstout.edu

Address:  144.13.1.7

 

Name:    yahoo.com

Addresses:  98.139.183.24

              206.190.36.45

              98.138.253.109

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=568ms TTL=51

Reply from 206.190.36.45: bytes=32 time=581ms TTL=51

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 568ms, Maximum = 581ms, Average = 574ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 16...e4 ce 8f 15 5e e6 ......Broadcom 802.11n Network Adapter #2

 15...e4 ce 8f 15 5e e7 ......Bluetooth Device (Personal Area Network)

 12...c8 2a 14 37 43 0d ......Broadcom NetXtreme Gigabit Ethernet

  1...........................Software Loopback Interface 1

 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      144.13.61.5     144.13.61.57     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      144.13.61.0    255.255.255.0         On-link      144.13.61.57    281

     144.13.61.57  255.255.255.255         On-link      144.13.61.57    281

    144.13.61.255  255.255.255.255         On-link      144.13.61.57    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link      144.13.61.57    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link      144.13.61.57    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  1    306 ::1/128                  On-link

 11   1025 2002::/16                On-link

 11    281 2002:900d:3d39::900d:3d39/128

                                    On-link

 16    281 fe80::/64                On-link

 16    281 fe80::523:7c5c:aaad:f117/128

                                    On-link

  1    306 ff00::/8                 On-link

 16    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)

Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)

x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (03/28/2013 07:16:28 AM) (Source: Application Hang) (User: )

Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: b54

 

Start Time: 01ce2b58c06c0407

 

Termination Time: 0

 

Application Path: C:\Windows\explorer.exe

 

Report Id:

 

Error: (03/28/2013 07:14:55 AM) (Source: Application Error) (User: )

Description: Faulting application name: EXCEL.EXE, version: 14.0.6126.5003, time stamp: 0x505b0834

Faulting module name: EXCEL.EXE, version: 14.0.6126.5003, time stamp: 0x505b0834

Exception code: 0xc0000005

Fault offset: 0x00169b45

Faulting process id: 0x2f824

Faulting application start time: 0xEXCEL.EXE0

Faulting application path: EXCEL.EXE1

Faulting module path: EXCEL.EXE2

Report Id: EXCEL.EXE3

 

Error: (03/28/2013 07:06:48 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (03/28/2013 02:36:58 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (03/28/2013 02:36:52 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

 

Error: (03/28/2013 02:35:55 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (03/27/2013 11:00:36 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

 

System errors:

=============

Error: (03/27/2013 10:53:25 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

 

Microsoft Office Sessions:

=========================

Error: (03/28/2013 07:16:28 AM) (Source: Application Hang)(User: )

Description: explorer.exe6.1.7601.17567b5401ce2b58c06c04070C:\Windows\explorer.exe

 

Error: (03/28/2013 07:14:55 AM) (Source: Application Error)(User: )

Description: EXCEL.EXE14.0.6126.5003505b0834EXCEL.EXE14.0.6126.5003505b0834c000000500169b452f82401ce2badd6b530e8C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXEC:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE193eab78-97a1-11e2-acab-e4ce8f155ee7

 

Error: (03/28/2013 07:06:48 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\student\Desktop\Virus Removal\esetsmartinstaller_enu.exe

 

Error: (03/28/2013 02:36:58 AM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

 

Error: (03/28/2013 02:36:52 AM) (Source: SideBySide)(User: )

Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

 

Error: (03/28/2013 02:35:55 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

 

Error: (03/27/2013 11:00:36 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\student\Desktop\esetsmartinstaller_enu.exe

 

 

=========================== Installed Programs ============================

 

µTorrent (Version: 3.3.0.29342)

Adobe AIR (Version: 3.5.0.880)

Adobe Download Assistant (Version: 1.2.3)

Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)

Adobe Flash Player 11 Plugin (Version: 11.6.602.171)

Adobe FrameMaker 9 (Version: 9)

Adobe FrameMaker CSTI Driver (Version: 1.0)

Adobe FrameMaker Dependencies Driver (Version: 1.0)

Adobe Help Manager (Version: 4.0.244)

Adobe Illustrator CS6 (Version: 16.0)

Adobe Linguistics CS4 (Version: 4.0.0)

Adobe PDF Library Files CS4 (Version: 9.0)

Adobe Reader X (10.1.6) (Version: 10.1.6)

Adobe Setup (Version: 2.0)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

ArcGIS ArcInfo Workstation (Version: 10.0.2414)

ArcGIS Desktop 10 Tutorial Data (Version: 10.0.2414)

AutoCAD 2012 - English SP2 (Version: 1)

AutoCAD Civil 3D 2012 32 Bit Object Enabler on Autodesk® Storm and Sanitary Analysis 2012 - Language Neutral (Version: 1619.0)

Bonjour (Version: 3.0.0.10)

Boot Camp Services (Version: 4.0.4033)

CamStudio version 2.7 (Version: 2.7)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

ESET Online Scanner v3

Intel® Management Engine Components (Version: 8.0.0.1351)

Intel® OpenCL CPU Runtime

Intel® Processor Graphics (Version: 8.15.10.2598)

Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.0.199)

IrfanView (remove only) (Version: 4.35)

iTunes (Version: 11.0.2.26)

Java 7 Update 9 (Version: 7.0.90)

Java Auto Updater (Version: 2.1.9.0)

Java™ 7 Update 5 (64-bit) (Version: 7.0.50)

JavaFX 2.1.1 (Version: 2.1.1)

MAGIX Ringtone Maker 3 silver 3.1.0.3 (US) (Version: 3.1.0.3)

Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)

Microsoft Office Project MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Project Professional 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Project 2010 Service Pack 1 (SP1)

Microsoft Project Professional 2010 (Version: 14.0.6029.1000)

Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)

Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)

Microsoft Visual Basic Power Packs 3.0 (Version: 9.0.30214)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)

Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)

Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)

Mozilla Maintenance Service (Version: 19.0.2)

Mp3tag v2.54 (Version: v2.54)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

PDF Settings CS6 (Version: 11.0)

QuickTime (Version: 7.73.80.64)

RealDownloader (Version: 1.3.0)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)

RealPlayer (Version: 16.0.0)

Realtek High Definition Audio Driver (Version: 6.0.1.5936)

RealUpgrade 1.1 (Version: 1.1.0)

Respondus LockDown Browser (Version: 1.02.0001)

Skype™ 5.10 (Version: 5.10.116)

Spybot - Search & Destroy (Version: 1.6.2)

Sticky-Notes (Version: 1.121)

Suite Shared Configuration CS4 (Version: 1.1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VBA (2627.01) (Version: 6.03.00.9402)

Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (Version: 9.0.30729.177)

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (Version: 9.0.30729.177)

Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10) (Version: 02/01/2008 3.10.3.10)

Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (Version: 03/01/2010 3.0.0.5)

Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (Version: 06/27/2007 2.0.0.1)

Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/28/2011 4.0.3.0) (Version: 11/28/2011 4.0.3.0)

Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (Version: 10/25/2007 2.0.1.0)

Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (Version: 01/23/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (Version: 02/21/2008 2.0.4.0)

Windows Driver Package - Apple Inc. Apple Keyboard (11/04/2011 4.0.1.0) (Version: 11/04/2011 4.0.1.0)

Windows Driver Package - Apple Inc. Apple Multitouch (11/04/2011 4.0.1.0) (Version: 11/04/2011 4.0.1.0)

Windows Driver Package - Apple Inc. Apple Multitouch Mouse (11/04/2011 4.0.1.0) (Version: 11/04/2011 4.0.1.0)

Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (Version: 05/17/2010 3.1.0.0)

Windows Driver Package - Apple Inc. Apple System Device (10/07/2011 4.0.1.0) (Version: 10/07/2011 4.0.1.0)

Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (Version: 07/13/2009 3.0.0.1)

Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (Version: 07/13/2009 3.0.0.1)

Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (Version: 06/01/2011 4.0.0.1)

Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) (Version: 01/17/2011 3.2.0.0)

Windows Driver Package - Atheros Communications Inc. (athr) Net  (11/13/2010 9.2.0.113) (Version: 11/13/2010 9.2.0.113)

Windows Driver Package - Broadcom (b57nd60a) Net  (10/19/2011 15.0.0.21) (Version: 10/19/2011 15.0.0.21)

Windows Driver Package - Broadcom (B57ports) Net  (06/16/2009 1.0.0.1) (Version: 06/16/2009 1.0.0.1)

Windows Driver Package - Broadcom (BCM43XX) Net  (02/03/2012 5.106.198.4) (Version: 02/03/2012 5.106.198.4)

Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost  (11/29/2011 1.0.0.232) (Version: 11/29/2011 1.0.0.232)

Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (01/30/2012 6.6001.1.36) (Version: 01/30/2012 6.6001.1.36)

Windows Driver Package - Intel (e1express) Net  (03/26/2010 9.13.41.0) (Version: 03/26/2010 9.13.41.0)

Windows Driver Package - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0) (Version: 04/12/2010 11.6.92.0)

Windows Driver Package - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0) (Version: 12/04/2009 11.4.7.0)

Windows Driver Package - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0) (Version: 01/07/2010 11.4.16.0)

Windows Driver Package - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0) (Version: 04/07/2010 10.1.9.0)

Windows Driver Package - Intel System  (07/20/2007 1.2.76.0) (Version: 07/20/2007 1.2.76.0)

Windows Driver Package - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3) (Version: 12/06/2007 10.51.1.3)

Windows Mobile Device Updater Component (Version: 04.08.2345.00)

Xvid Video Codec (Version: 1.3.2)

Yawcam 0.3.8

Zune (Version: 04.08.2345.00)

Zune Language Pack (CHS) (Version: 04.08.2345.00)

Zune Language Pack (CHT) (Version: 04.08.2345.00)

Zune Language Pack (CSY) (Version: 04.08.2345.00)

Zune Language Pack (DAN) (Version: 04.08.2345.00)

Zune Language Pack (DEU) (Version: 04.08.2345.00)

Zune Language Pack (ELL) (Version: 04.08.2345.00)

Zune Language Pack (ESP) (Version: 04.08.2345.00)

Zune Language Pack (FIN) (Version: 04.08.2345.00)

Zune Language Pack (FRA) (Version: 04.08.2345.00)

Zune Language Pack (HUN) (Version: 04.08.2345.00)

Zune Language Pack (IND) (Version: 04.08.2345.00)

Zune Language Pack (ITA) (Version: 04.08.2345.00)

Zune Language Pack (JPN) (Version: 04.08.2345.00)

Zune Language Pack (KOR) (Version: 04.08.2345.00)

Zune Language Pack (MSL) (Version: 04.08.2345.00)

Zune Language Pack (NLD) (Version: 04.08.2345.00)

Zune Language Pack (NOR) (Version: 04.08.2345.00)

Zune Language Pack (PLK) (Version: 04.08.2345.00)

Zune Language Pack (PTB) (Version: 04.08.2345.00)

Zune Language Pack (PTG) (Version: 04.08.2345.00)

Zune Language Pack (RUS) (Version: 04.08.2345.00)

Zune Language Pack (SVE) (Version: 04.08.2345.00)

 

========================= Devices: ================================

 

Name: Microsoft Virtual WiFi Miniport Adapter

Description: Microsoft Virtual WiFi Miniport Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 49%

Total physical RAM: 4006.73 MB

Available physical RAM: 2009.52 MB

Total Pagefile: 8011.66 MB

Available Pagefile: 6059.86 MB

Total Virtual: 4095.88 MB

Available Virtual: 3973.73 MB

 

========================= Partitions: =====================================

 

1 Drive c: (Windows) (Fixed) (Total:74.31 GB) (Free:9.3 GB) NTFS

2 Drive d: (Macintosh HD) (Fixed) (Total:178.74 GB) (Free:132.21 GB) HFS

 

========================= Users: ========================================

 

User accounts for \\C-C82A1437430D

 

Administrator            Guest                    student                 

 

 

**** End of log ****



#11 beckyglass

beckyglass
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:05:26 AM

Posted 28 March 2013 - 07:46 AM

AdwCleaner

 

# AdwCleaner v2.115 - Logfile created 03/28/2013 at 07:29:16

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)

# User : student - C-C82A1437430D

# Boot Mode : Normal

# Running from : C:\Users\student\Desktop\AdwCleaner.exe

# Option [Search]

 

 

***** [Services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Users\student\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

 

***** [Registry] *****

 

Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16470

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v19.0.2 (en-US)

 

File : C:\Users\student\AppData\Roaming\Mozilla\Firefox\Profiles\s683ry0a.default\prefs.js

 

Found : user_pref("CT3220468.BT_Stats", "{\"last_log\":1349898947,\"uuid\":691702054863782,\"seq_id\":1,\"ss[...]

Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]

Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

 

-\\ Google Chrome v [Unable to get version]

 

File : C:\Users\student\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [2972 octets] - [28/03/2013 07:29:16]

 

########## EOF - C:\AdwCleaner[R1].txt - [3032 octets] ##########



Autoruns

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""         ""         ""         "9/22/2012 1:10 PM"

+ "AdobeAAMUpdater-1.0"  "Adobe Updater Startup Utility"        "Adobe Systems Incorporated"          "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "3/24/2012 5:49 PM"

+ "Apple_KbdMgr"    "Boot Camp Manager"            "Apple Inc."    "c:\program files\boot camp\bootcamp.exe"            "6/15/2011 2:45 PM"

+ "HotKeysCmds"      "hkcmd Module"         "Intel Corporation"     "c:\windows\system32\hkcmd.exe"            "12/15/2011 5:40 PM"

+ "IgfxTray"    "igfxTray Module"      "Intel Corporation"     "c:\windows\system32\igfxtray.exe"  "12/15/2011 5:41 PM"

+ "Persistence"            "persistence Module"  "Intel Corporation"     "c:\windows\system32\igfxpers.exe"            "12/15/2011 5:40 PM"

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" ""         ""         ""         "3/27/2013 8:42 PM"

+ "Adobe ARM"         "Adobe Reader and Acrobat Manager"          "Adobe Systems Incorporated"          "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"         "12/3/2012 2:34 AM"

+ "APSDaemon"         "Apple Push"   "Apple Inc."    "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"         "11/15/2012 9:18 PM"

+ "iTunesHelper"         "iTunesHelper"            "Apple Inc."    "c:\program files (x86)\itunes\ituneshelper.exe"            "2/20/2013 3:10 PM"

+ "USB3MON"          "Intel® USB 3.0 Monitor"   "Intel Corporation"     "c:\program files (x86)\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"         "12/5/2011 5:12 AM"

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce"    ""         ""         ""            "3/27/2013 8:42 PM"

+ "Malwarebytes Anti-Malware"        "Malwarebytes Anti-Malware"           "Malwarebytes Corporation"  "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe"           "12/14/2012 3:51 PM"

"C:\Users\student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"  ""         ""         ""            "10/10/2012 7:29 PM"

+ "toggleWireless.lnk"            "toggleWireless"          ""         "c:\program files (x86)\wireless\togglewireless.exe"            "12/29/2009 4:13 PM"

"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"       ""         ""         ""         "7/12/2012 3:52 AM"

+ "Microsoft Windows"          "Windows Mail"         "Microsoft Corporation"         "c:\program files\windows mail\winmail.exe"        "7/13/2009 6:58 PM"

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"     ""         ""         ""            "7/12/2012 3:52 AM"

+ "Microsoft Windows"          "Windows Mail"         "Microsoft Corporation"         "c:\program files (x86)\windows mail\winmail.exe"        "7/13/2009 6:42 PM"

"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"           ""         ""         ""         "3/8/2013 10:55 PM"

+ "Sticky-Notes"         "Sticky-Notes"            ""         "c:\program files (x86)\sticky-notes\stickynotes.exe" "3/9/2012 9:02 AM"

"HKLM\SOFTWARE\Classes\Protocols\Filter"        ""         ""         ""         "7/13/2009 11:53 PM"

+ "text/xml"     "Microsoft Office XML MIME Filter"          "Microsoft Corporation"         "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"          "2/28/2010 4:24 AM"

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"       ""         ""         ""            "2/11/2013 6:34 PM"

+ "Groove GFS Stub Execution Hook"          "Microsoft SharePoint Workspace Extensions"          "Microsoft Corporation"   "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"    ""         ""            ""         "3/28/2013 7:32 AM"

+ "Groove GFS Stub Execution Hook"          "Microsoft SharePoint Workspace Extensions"          "Microsoft Corporation"   "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"          ""         ""         ""         "7/13/2009 11:53 PM"

+ "Mp3tagShell"         "Shell Extension Mp3tag - the universal Tag editor"  "Florian Heidenreich" "c:\program files (x86)\mp3tag\mp3tagshell64.dll"        "2/27/2010 8:23 AM"

+ "XXX Groove GFS Context Menu Handler XXX"           "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"        ""         ""         ""         "7/13/2009 11:53 PM"

+ "Mp3tagShell"         "Shell Extension Mp3tag - the universal Tag editor"  "Florian Heidenreich" "c:\program files (x86)\mp3tag\mp3tagshell32.dll"        "2/27/2010 8:25 AM"

+ "XXX Groove GFS Context Menu Handler XXX"           "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" ""         ""         ""         "7/13/2009 11:53 PM"

+ "MBAMShlExt"      "Malwarebytes Anti-Malware"           "Malwarebytes Corporation"  "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"        "12/14/2012 3:52 PM"

+ "XXX Groove GFS Context Menu Handler XXX"           "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"           ""         ""            ""         "7/13/2009 11:53 PM"

+ "XXX Groove GFS Context Menu Handler XXX"           "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"         ""         ""         ""         "7/13/2009 11:53 PM"

+ "Mp3tagShell"         "Shell Extension Mp3tag - the universal Tag editor"  "Florian Heidenreich" "c:\program files (x86)\mp3tag\mp3tagshell64.dll"        "2/27/2010 8:23 AM"

+ "XXX Groove GFS Context Menu Handler XXX"           "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers"      ""         ""         ""            "7/13/2009 11:53 PM"

+ "Mp3tagShell"         "Shell Extension Mp3tag - the universal Tag editor"  "Florian Heidenreich" "c:\program files (x86)\mp3tag\mp3tagshell32.dll"        "2/27/2010 8:25 AM"

+ "XXX Groove GFS Context Menu Handler XXX"           "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"            ""         ""         ""            "7/13/2009 11:53 PM"

+ "Gadgets"    "Sidebar droptarget"   "Microsoft Corporation"         "c:\program files\windows sidebar\sbdrop.dll"            "7/13/2009 8:32 PM"

+ "igfxcui"       "igfxpph Module"       "Intel Corporation"     "c:\windows\system32\igfxpph.dll"    "12/15/2011 5:40 PM"

+ "XXX Groove GFS Context Menu Handler XXX"           "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"          ""         ""            ""         "7/13/2009 11:53 PM"

+ "Gadgets"    "Sidebar droptarget"   "Microsoft Corporation"         "c:\program files (x86)\windows sidebar\sbdrop.dll"      "7/13/2009 8:09 PM"

+ "XXX Groove GFS Context Menu Handler XXX"           "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"         ""         ""         ""         "7/13/2012 11:18 AM"

+ "PDF Shell Extension"        "PDF Shell Extension"            "Adobe Systems, Inc."            "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"        "12/18/2012 8:02 AM"

"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"  ""         ""         ""         "7/13/2012 11:18 AM"

+ "MBAMShlExt"      "Malwarebytes Anti-Malware"           "Malwarebytes Corporation"  "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"        "12/14/2012 3:52 PM"

+ "XXX Groove GFS Context Menu Handler XXX"           "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"           ""         ""         ""            "7/13/2012 11:18 AM"

+ "XXX Groove GFS Context Menu Handler XXX"           "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"      ""         ""         ""            "2/11/2013 6:34 PM"

+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"      "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

+ "Groove Explorer Icon Overlay 2 (GFS Stub)"       "Microsoft SharePoint Workspace Extensions"          "Microsoft Corporation"   "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"            "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

+ "Groove Explorer Icon Overlay 3 (GFS Folder)"    "Microsoft SharePoint Workspace Extensions"          "Microsoft Corporation"   "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"     "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"   ""            ""         ""         "3/28/2013 7:32 AM"

+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"      "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

+ "Groove Explorer Icon Overlay 2 (GFS Stub)"       "Microsoft SharePoint Workspace Extensions"          "Microsoft Corporation"   "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"            "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

+ "Groove Explorer Icon Overlay 3 (GFS Folder)"    "Microsoft SharePoint Workspace Extensions"          "Microsoft Corporation"   "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"     "Microsoft SharePoint Workspace Extensions"            "Microsoft Corporation"         "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"            ""         ""         ""            "2/11/2013 6:34 PM"

+ "Groove GFS Browser Helper"       "Microsoft SharePoint Workspace Extensions"          "Microsoft Corporation"            "c:\program files\microsoft office\office14\grooveex.dll"      "8/16/2012 12:46 AM"

+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"          "Oracle Corporation"  "c:\program files\java\jre7\bin\jp2ssv.dll"   "6/27/2012 3:50 AM"

+ "Java™ Plug-In SSV Helper"       "Java™ Platform SE binary"          "Oracle Corporation"  "c:\program files\java\jre7\bin\ssv.dll"        "6/27/2012 3:50 AM"

+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler"           "Microsoft Corporation"            "c:\program files\microsoft office\office14\urlredir.dll"         "12/20/2010 10:48 PM"

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"         ""            ""         ""         "3/28/2013 7:32 AM"

+ "Adobe PDF Link Helper"  "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"            "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"   "12/18/2012 7:32 AM"

+ "Groove GFS Browser Helper"       "Microsoft SharePoint Workspace Extensions"          "Microsoft Corporation"            "c:\program files (x86)\microsoft office\office14\grooveex.dll"         "8/16/2012 12:39 AM"

+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"          "Oracle Corporation"  "c:\program files (x86)\java\jre7\bin\jp2ssv.dll" "9/25/2012 1:04 AM"

+ "Java™ Plug-In SSV Helper"       "Java™ Platform SE binary"          "Oracle Corporation"  "c:\program files (x86)\java\jre7\bin\ssv.dll"      "9/25/2012 1:03 AM"

+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler"           "Microsoft Corporation"            "c:\program files (x86)\microsoft office\office14\urlredir.dll"            "12/20/2010 8:04 PM"

+ "RealNetworks Download and Record Plugin for Internet Explorer"        "RealPlayer Download and Record Plugin"            "RealDownloader"            "c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll"            "11/29/2012 11:33 PM"

"HKLM\Software\Microsoft\Internet Explorer\Extensions"  ""         ""         ""         "3/26/2013 1:53 PM"

+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in"        "Microsoft Corporation"            "c:\program files\microsoft office\office14\onbttnielinkednotes.dll" "12/21/2010 12:56 AM"

+ "Se&nd to OneNote"           "Microsoft OneNote Internet Explorer Add-in"        "Microsoft Corporation"            "c:\program files\microsoft office\office14\onbttnie.dll"        "1/18/2012 2:52 AM"

"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"           ""         ""         ""         "3/27/2013 9:19 PM"

+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in"        "Microsoft Corporation"            "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"    "12/20/2010 10:05 PM"

+ "Se&nd to OneNote"           "Microsoft OneNote Internet Explorer Add-in"        "Microsoft Corporation"            "c:\program files (x86)\microsoft office\office14\onbttnie.dll"          "1/18/2012 1:20 AM"

"Task Scheduler"         ""         ""         ""         ""

+ "\Adobe Flash Player Updater"       "Adobe® Flash® Player Update Service 11.6 r602"  "Adobe Systems Incorporated"  "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"       "2/15/2013 9:12 PM"

+ "\AdobeAAMUpdater-1.0-C-C82A1437430D-student"    "Adobe Updater Startup Utility"        "Adobe Systems Incorporated"  "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"      "3/24/2012 5:49 PM"

+ "\Apple\AppleSoftwareUpdate"      "Apple Software Update"       "Apple Inc."    "c:\program files (x86)\apple software update\softwareupdate.exe"            "6/1/2011 7:46 PM"

+ "\Microsoft\Windows Defender\MP Scheduled Scan"       "Microsoft Malware Protection Command Line Utility"            "Microsoft Corporation"         "c:\program files\windows defender\mpcmdrun.exe"            "7/13/2009 6:53 PM"

+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"        ""         ""            "c:\windows\system32\gathernetworkinfo.vbs"         "6/10/2009 3:36 PM"

+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"   "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"         "c:\program files\windows media player\wmpnscfg.exe" "7/13/2009 7:24 PM"

+ "\RealPlayerRealUpgradeLogonTaskS-1-5-21-3364274326-1166055961-3312878283-1000"     "RealUpgrade Launcher"        "RealNetworks, Inc."  "c:\program files (x86)\real\realupgrade\realupgrade.exe"      "11/30/2012 6:30 PM"

+ "\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3364274326-1166055961-3312878283-1000"            "RealUpgrade Launcher"        "RealNetworks, Inc."  "c:\program files (x86)\real\realupgrade\realupgrade.exe"            "11/30/2012 6:30 PM"

+ "\RealUpgradeLogonTaskS-1-5-21-3364274326-1166055961-3312878283-1000"           "RealUpgrade Launcher"            "RealNetworks, Inc."  "c:\program files (x86)\real\realupgrade\realupgrade.exe"      "11/30/2012 6:30 PM"

+ "\RealUpgradeScheduledTaskS-1-5-21-3364274326-1166055961-3312878283-1000"    "RealUpgrade Launcher"            "RealNetworks, Inc."  "c:\program files (x86)\real\realupgrade\realupgrade.exe"      "11/30/2012 6:30 PM"

+ "\RunAsStdUser Task"        ""         ""         "File not found: C:\Users\student\AppData\Local\gamesleapSA\bin\1.0.7.0\GamesLeapSA.exe"      ""

+ "\Swiki_Checker"    "SwikiChecker Setup                                          "      "                                                            "            "c:\windows\schecker\sc_li.exe"         "6/19/1992 5:22 PM"

"HKLM\System\CurrentControlSet\Services"           ""         ""         ""         "3/4/2013 7:39 PM"

+ "AdobeARMservice"           "Adobe Acrobat Updater keeps your Adobe software up to date."  "Adobe Systems Incorporated"  "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"      "12/3/2012 2:34 AM"

+ "Apple Mobile Device"        "Provides the interface to Apple mobile devices."     "Apple Inc."    "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"      "5/17/2012 10:06 PM"

+ "Bonjour Service"    "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."           "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"            "8/31/2011 12:52 AM"

+ "iPod Service"          "iPod hardware management services"           "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"            "2/20/2013 3:10 PM"

+ "Microsoft SharePoint Workspace Audit Service"  "Microsoft SharePoint Workspace"    "Microsoft Corporation"            "c:\program files (x86)\microsoft office\office14\groove.exe"           "9/20/2012 8:18 AM"

+ "MozillaMaintenance"         "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."        "Mozilla Foundation"  "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"  "3/7/2013 7:32 AM"

+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."      "Microsoft Corporation"         "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe" "1/9/2010 11:16 PM"

+ "osppsvc"     "Office Software Protection Platform Service (unlocalized description)"     "Microsoft Corporation"            "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"   "8/11/2009 9:00 PM"

+ "RealNetworks Downloader Resolver Service"      "Manage different Downloader versions in RealNetworks' products."        ""         "c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe"    "11/29/2012 11:31 PM"

+ "WinDefend"           "Protection against spyware and potentially unwanted software"     "Microsoft Corporation"            "c:\program files\windows defender\mpsvc.dll"         "7/13/2009 8:29 PM"

+ "WMPNetworkSvc"            "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"           "Microsoft Corporation"         "c:\program files\windows media player\wmpnetwk.exe"           "11/20/2010 6:18 AM"

+ "WMZuneComm"    "Zune Connectivity for Windows Mobile devices"    "Microsoft Corporation"         "c:\program files\zune\wmzunecomm.exe" "8/5/2011 2:32 PM"

+ "ZuneNetworkSvc" "Shares Zune media libraries to Zune devices using Universal Plug and Play"          "Microsoft Corporation"   "c:\program files\zune\zunenss.exe"    "8/5/2011 2:46 PM"

+ "ZuneWlanCfgSvc" "Configures Zune for wireless syncing"         "Microsoft Corporation"         "c:\program files\zune\zunewlancfgsvc.exe"          "8/5/2011 2:34 PM"

"HKLM\System\CurrentControlSet\Services"           ""         ""         ""         "3/4/2013 7:39 PM"

+ "aapltctp"     "Apple Trackpad Enabler"      "Apple Inc."    "c:\windows\system32\drivers\aapltctp.sys"   "3/23/2009 4:11 PM"

+ "aapltp"        "Apple Trackpad Driver"        "Apple Inc."    "c:\windows\system32\drivers\aapltp.sys"      "3/23/2009 4:11 PM"

+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"     "Adaptec, Inc."            "c:\windows\system32\drivers\adp94xx.sys"  "12/5/2008 6:54 PM"

+ "adpahci"     "Adaptec Windows SATA Storport Driver"  "Adaptec, Inc."            "c:\windows\system32\drivers\adpahci.sys"   "5/1/2007 12:30 PM"

+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"      "Adaptec, Inc."            "c:\windows\system32\drivers\adpu320.sys"  "2/27/2007 7:04 PM"

+ "aliide"         "ALi mini IDE Driver"           "Acer Laboratories Inc."         "c:\windows\system32\drivers\aliide.sys"            "7/13/2009 6:19 PM"

+ "amdsata"     "AHCI 1.2 Device Driver"     "Advanced Micro Devices"            "c:\windows\system32\drivers\amdsata.sys"  "3/18/2010 7:45 PM"

+ "amdsbs"      "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"            "AMD Technologies Inc."      "c:\windows\system32\drivers\amdsbs.sys"    "3/20/2009 1:36 PM"

+ "amdxata"    "Storage Filter Driver"            "Advanced Micro Devices"            "c:\windows\system32\drivers\amdxata.sys"  "3/19/2010 11:18 AM"

+ "applebmt"   "Apple Wireless Mouse"         "Apple Inc."    "c:\windows\system32\drivers\applebmt.sys" "5/25/2011 2:25 AM"

+ "AppleBtBc"            "Apple Broadcom Bluetooth" "Apple Inc."    "c:\windows\system32\drivers\applebtbc.sys"            "11/30/2011 3:34 PM"

+ "AppleDisplayFlt"   "Apple Display Driver"           "Apple Inc."    "c:\windows\system32\drivers\aaplmonf.sys"            "1/28/2009 7:27 PM"

+ "AppleHFS" "Apple HFS"   "Apple Inc."    "c:\windows\system32\drivers\applehfs.sys"  "6/13/2011 1:49 PM"

+ "AppleMNT"           "Apple Mount Manager"         "Apple Inc."    "c:\windows\system32\drivers\applemnt.sys"            "6/13/2011 1:49 PM"

+ "applemtm"  "Apple Multitouch Mouse Driver"      "Apple Inc."    "c:\windows\system32\drivers\applemtm.sys"            "12/22/2010 10:01 PM"

+ "applemtp"   "Apple Multitouch Trackpad Driver" "Apple Inc."    "c:\windows\system32\drivers\applemtp.sys"            "12/22/2010 10:01 PM"

+ "AppleODD"           "Apple Optical Disc Drive"    "Apple Inc."    "c:\windows\system32\drivers\appleodd.sys"            "5/24/2010 12:22 PM"

+ "applewtp"   "Apple Wireless Trackpad"     "Apple Inc."    "c:\windows\system32\drivers\applewtp.sys" "1/17/2011 1:38 PM"

+ "arc" "Adaptec RAID Storport Driver"       "Adaptec, Inc."           "c:\windows\system32\drivers\arc.sys"            "5/24/2007 4:27 PM"

+ "arcsas"        "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc."           "c:\windows\system32\drivers\arcsas.sys"            "1/14/2009 2:27 PM"

+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"          "Broadcom Corporation"            "c:\windows\system32\drivers\bxvbda.sys"    "2/13/2009 5:18 PM"

+ "b57nd60a"  "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."            "Broadcom Corporation"            "c:\windows\system32\drivers\b57nd60a.sys"            "10/19/2011 7:14 PM"

+ "BCM43XX"           "Broadcom 802.11 Network Adapter wireless driver"           "Broadcom Corporation"            "c:\windows\system32\drivers\bcmwl664.sys"           "2/3/2012 8:08 PM"

+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd."            "c:\windows\system32\drivers\brfiltlo.sys"     "8/6/2006 8:51 PM"

+ "BrFiltUp"   "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd."            "c:\windows\system32\drivers\brfiltup.sys"    "8/6/2006 8:51 PM"

+ "Brserid"      "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."            "c:\windows\system32\drivers\brserid.sys"     "8/6/2006 8:51 PM"

+ "BrSerWdm"            "Brother Serial driver (WDM version)"          "Brother Industries Ltd."            "c:\windows\system32\drivers\brserwdm.sys"            "8/6/2006 8:51 PM"

+ "BrUsbMdm"           "Brother USB MDM Driver " "Brother Industries Ltd."            "c:\windows\system32\drivers\brusbmdm.sys"           "8/6/2006 8:51 PM"

+ "BrUsbSer"  "Brother USB Serial Driver"   "Brother Industries Ltd."            "c:\windows\system32\drivers\brusbser.sys"  "8/9/2006 7:11 AM"

+ "bScsiSDa"  "Broadcom SD 3.0 Driver"     "Broadcom Corporation"            "c:\windows\system32\drivers\bscsisda.sys"  "11/29/2011 8:40 PM"

+ "BthKicker" "Apple Bluetooth Enabler"     "Apple Inc."    "c:\windows\system32\drivers\bthkicker.sys" "6/27/2007 6:08 PM"

+ "CirrusFilter"            "Hdaudio.sys Customization Filter  " "Cirrus Logic"            "c:\windows\system32\drivers\cs420x64.sys"            "11/11/2010 7:04 PM"

+ "cmdide"      "CMD PCI IDE Bus Driver"  "CMD Technology, Inc."            "c:\windows\system32\drivers\cmdide.sys"    "7/13/2009 6:19 PM"

+ "ebdrv"         "Broadcom NetXtreme II 10 GigE VBD"     "Broadcom Corporation"            "c:\windows\system32\drivers\evbda.sys"      "12/31/2008 11:29 AM"

+ "elxstor"       "Storport Miniport Driver for LightPulse HBAs"      "Emulex"            "c:\windows\system32\drivers\elxstor.sys"     "2/3/2009 5:52 PM"

+ "GEARAspiWDM" "CD DVD Filter"        "GEAR Software Inc."            "c:\windows\system32\drivers\gearaspiwdm.sys"      "5/3/2012 2:56 PM"

+ "hcw85cir"   "Hauppauge WinTV 885 Consumer IR Driver for eHome"   "Hauppauge Computer Works, Inc."            "c:\windows\system32\drivers\hcw85cir.sys" "5/11/2009 3:26 AM"

+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver"  "Hewlett-Packard Company"            "c:\windows\system32\drivers\hpsamd.sys"   "4/20/2010 1:32 PM"

+ "iaStorV"     "Intel Matrix Storage Manager driver - x64"  "Intel Corporation"            "c:\windows\system32\drivers\iastorv.sys"     "6/10/2010 7:46 PM"

+ "igfx"           "Intel Graphics Kernel Mode Driver" "Intel Corporation"            "c:\windows\system32\drivers\igdkmd64.sys"           "12/15/2011 8:01 PM"

+ "iirsp"           "Intel/ICP Raid Storport Driver"        "Intel Corp./ICP vortex GmbH"            "c:\windows\system32\drivers\iirsp.sys"         "12/13/2005 4:47 PM"

+ "IntcDAud" "Intel® Display Audio Driver"         "Intel® Corporation"            "c:\windows\system32\drivers\intcdaud.sys" "12/6/2011 6:23 AM"

+ "IRRemoteFlt"         "IR Receiver Driver"   "Apple Inc."    "c:\windows\system32\drivers\irfilter.sys"      "7/2/2008 2:53 PM"

+ "iusb3hcs"    "Intel® USB 3.0 Host Controller Switch Driver"    "Intel Corporation"            "c:\windows\system32\drivers\iusb3hcs.sys"  "12/5/2011 5:11 AM"

+ "iusb3hub"   "Intel® USB 3.0 Hub Driver"          "Intel Corporation"            "c:\windows\system32\drivers\iusb3hub.sys" "12/5/2011 5:09 AM"

+ "iusb3xhc"    "Intel® USB 3.0 eXtensible Host Controller Driver"          "Intel Corporation"            "c:\windows\system32\drivers\iusb3xhc.sys" "12/5/2011 5:09 AM"

+ "KeyAgent" "Apple KeyAgent Driver"      "Apple Inc."    "c:\windows\system32\drivers\keyagent.sys" "6/15/2011 2:45 PM"

+ "KeyMagic" "Apple Keyboard Driver"       "Apple Inc."    "c:\windows\system32\drivers\keymagic.sys"            "11/6/2011 12:23 AM"

+ "LSI_FC"     "LSI Fusion-MPT FC Driver (StorPort)"        "LSI Corporation"            "c:\windows\system32\drivers\lsi_fc.sys"       "12/9/2008 5:46 PM"

+ "LSI_SAS"  "LSI Fusion-MPT SAS Driver (StorPort)"     "LSI Corporation"            "c:\windows\system32\drivers\lsi_sas.sys"     "5/18/2009 7:20 PM"

+ "LSI_SAS2"            "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"            "c:\windows\system32\drivers\lsi_sas2.sys"   "5/18/2009 7:31 PM"

+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"            "c:\windows\system32\drivers\lsi_scsi.sys"    "4/16/2009 5:13 PM"

+ "MacHALDriver"    "Mac HAL Driver"     "Apple Inc."    "c:\windows\system32\drivers\machaldriver.sys"            "3/17/2011 3:31 AM"

+ "megasas"     "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"      "LSI Corporation"            "c:\windows\system32\drivers\megasas.sys"  "5/18/2009 8:09 PM"

+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."            "c:\windows\system32\drivers\megasr.sys"    "5/18/2009 8:25 PM"

+ "MEIx64"    "Intel® Management Engine Interface"       "Intel Corporation"            "c:\windows\system32\drivers\hecix64.sys"   "11/9/2011 7:52 PM"

+ "nfrd960"     "IBM ServeRAID Controller Driver" "IBM Corporation"            "c:\windows\system32\drivers\nfrd960.sys"   "6/6/2006 4:11 PM"

+ "nvraid"        "NVIDIA® nForce™ RAID Driver"        "NVIDIA Corporation"            "c:\windows\system32\drivers\nvraid.sys"     "3/19/2010 3:59 PM"

+ "nvstor"        "NVIDIA® nForce™ Sata Performance Driver"  "NVIDIA Corporation"            "c:\windows\system32\drivers\nvstor.sys"      "3/19/2010 3:45 PM"

+ "ql2300"       "QLogic Fibre Channel Stor Miniport Driver"           "QLogic Corporation"            "c:\windows\system32\drivers\ql2300.sys"     "1/22/2009 6:05 PM"

+ "ql40xx"       "QLogic iSCSI Storport Miniport Driver"      "QLogic Corporation"            "c:\windows\system32\drivers\ql40xx.sys"     "5/18/2009 8:18 PM"

+ "secdrv"       "Macrovision SECURITY Driver"     "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."     "c:\windows\system32\drivers\secdrv.sys"     "9/13/2006 8:18 AM"

+ "SiSRaid2"   "SiS RAID Stor Miniport Driver"      "Silicon Integrated Systems Corp."            "c:\windows\system32\drivers\sisraid2.sys"   "9/24/2008 1:28 PM"

+ "SiSRaid4"   "SiS AHCI Stor-Miniport Driver"      "Silicon Integrated Systems"            "c:\windows\system32\drivers\sisraid4.sys"   "10/1/2008 4:56 PM"

+ "stexstor"     "Promise  SuperTrak EX Series Driver for Windows "          "Promise Technology"            "c:\windows\system32\drivers\stexstor.sys"   "2/17/2009 6:03 PM"

+ "USBAAPL64"       "Apple Mobile Device USB Driver"   "Apple, Inc."            "c:\windows\system32\drivers\usbaapl64.sys"            "11/27/2012 6:38 PM"

+ "VGPU"       ""         ""         "File not found: System32\drivers\rdvgkmd.sys"       ""

+ "viaide"        "VIA Generic PCI IDE Bus Driver"  "VIA Technologies, Inc."            "c:\windows\system32\drivers\viaide.sys"      "7/13/2009 6:19 PM"

+ "vsmraid"     "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd"            "c:\windows\system32\drivers\vsmraid.sys"   "1/30/2009 8:18 PM"

+ "WDC_SAM"          "Manages WD external storage products."     "Western Digital Technologies"            "c:\windows\system32\drivers\wdcsam64.sys"          "4/16/2008 3:39 AM"

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"       ""         ""         ""         "2/13/2013 4:26 AM"

+ "msacm.l3acm"        "MPEG Layer-3 Audio Codec for MSACM"            "Fraunhofer Institut Integrierte Schaltungen IIS"         "c:\windows\system32\l3codeca.acm"            "7/13/2009 8:28 PM"

+ "vidc.XVID"           ""         ""         "c:\windows\system32\xvidvfw.dll"   "5/30/2011 8:42 AM"

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"     ""         ""         ""            "3/27/2013 8:42 PM"

+ "msacm.l3acm"        "MPEG Audio Layer-3 Codec for MSACM"            "Fraunhofer Institut Integrierte Schaltungen IIS"         "c:\windows\syswow64\l3codecp.acm"          "7/13/2009 8:06 PM"

+ "vidc.cvid"   "Cinepak® Codec"     "Radius Inc."   "c:\windows\syswow64\iccvid.dll"     "11/20/2010 6:59 AM"

+ "vidc.XVID"           ""         ""         "c:\windows\syswow64\xvidvfw.dll" "5/30/2011 8:42 AM"

"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""         ""         ""            "7/13/2009 11:53 PM"

+ "Microsoft Zune H.264 Video Decoder"    "Microsoft Zune H.264 Video Decoder"       "Microsoft Corporation"            "c:\program files\zune\zuneh264dec.dll"        "8/5/2011 2:31 PM"

+ "WMEnc Screen Capture Filter"     "ZuneSrcWrp Module"           "Microsoft Corporation"         "c:\program files\zune\zunesrcwrp.dll"       "8/5/2011 2:46 PM"

+ "Xvid MPEG-4 Video Decoder"    ""         ""         "c:\windows\system32\xvid.ax"          "5/23/2011 2:49 AM"

+ "Zune Enhanced Video Renderer"  "Enhanced Video Renderer DLL"     "Microsoft Corporation"         "c:\program files\zune\zuneevr.dll" "8/5/2011 2:31 PM"

"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"  ""            ""         ""         "7/13/2009 11:53 PM"

+ "HH Video Step Renderer" "Magix Video Step Renderer"            "Magix Development"            "c:\program files (x86)\magix\ringtone_maker_3_silver\regmodule\hhvrend2.ax"        "10/26/2000 6:27 AM"

+ "RealPlayer Audio Filter"    "Audio Filter Plugin"  "RealNetworks, Inc."  "c:\program files (x86)\real\realplayer\rdsf3260.dll"      "11/30/2012 6:23 PM"

+ "RealPlayer Mp3 Transform Filter" "Audio Filter Plugin"  "RealNetworks, Inc."  "c:\program files (x86)\real\realplayer\rdsf3260.dll"      "11/30/2012 6:23 PM"

+ "RealPlayer MPEG4 Transform Filter"       "Audio Filter Plugin"  "RealNetworks, Inc."  "c:\program files (x86)\real\realplayer\rdsf3260.dll"      "11/30/2012 6:23 PM"

+ "RealPlayer Transcode Filter"          "Audio Filter Plugin"  "RealNetworks, Inc."  "c:\program files (x86)\real\realplayer\rdsf3260.dll"      "11/30/2012 6:23 PM"

+ "RealPlayer Video Filter"    "Audio Filter Plugin"  "RealNetworks, Inc."  "c:\program files (x86)\real\realplayer\rdsf3260.dll"      "11/30/2012 6:23 PM"

+ "Video Source Filter"          "MAGIX Video Source Filter"           "MAGIX AG"            "c:\program files (x86)\magix\ringtone_maker_3_silver\regmodule\hhvideosource.ax"            "4/8/2005 10:33 AM"

+ "Wav Source Filter" "Custom Wav Source Filter"   "Magix Development"            "c:\program files (x86)\magix\ringtone_maker_3_silver\regmodule\hhwavsource.ax"  "6/3/2002 9:24 AM"

+ "Xvid MPEG-4 Video Decoder"    ""         ""         "c:\windows\syswow64\xvid.ax"        "5/23/2011 4:52 AM"

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" ""         ""         ""         "3/27/2013 8:43 PM"

+ "igfxcui"       "igfxdev Module"       "Intel Corporation"     "c:\windows\system32\igfxdev.dll"    "12/15/2011 5:39 PM"

"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"        ""            ""         ""         "3/4/2013 7:39 PM"

+ "mdnsNSP"  "Bonjour Namespace Provider"          "Apple Inc."    "c:\program files (x86)\bonjour\mdnsnsp.dll"            "8/31/2011 12:44 AM"

"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""            ""         ""         "3/4/2013 7:39 PM"

+ "mdnsNSP"  "Bonjour Namespace Provider"          "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"            "8/31/2011 12:53 AM"

"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"        ""         ""         ""         "3/27/2013 8:43 PM"

+ "LIDIL hpzlllhn"     "LanguageMonitor"    "Hewlett-Packard Company" "c:\windows\system32\hpzlllhn.dll"            "8/9/2006 10:27 PM"

+ "novaPDF   6 Monitor"        "novaPDF Port Monitor"        "Softland"       "c:\windows\system32\novamnk6.dll"            "9/24/2009 4:40 AM"

+ "PCL hpz3lw71"      "LanguageMonitor"    "Hewlett-Packard Corporation"            "c:\windows\system32\hpz3lw71.dll" "7/13/2009 8:28 PM"



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 AM

Posted 28 March 2013 - 10:43 AM

Launch Adware cleaner and click DELETE,post the new log

 

Restart the PC.Let me know if firefox works now



#13 beckyglass

beckyglass
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:05:26 AM

Posted 28 March 2013 - 05:35 PM

So far so good! I will let you know if it comes back again. Thank you so much for your time!



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 AM

Posted 28 March 2013 - 05:44 PM

That looks good

Remove temporary and junk files

Download Temp file cleaner from HERE.Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode
 

Create a new restore point

Follow this guide to turn off and turn on your restore points

Windows XP

Vista & windows 7

Windows 8

Turn off your system restore-It deletes old infected restore points.Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old versions of java and flash player from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/ & http://www.adobe.com/support/flashplayer/downloads.html

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

Best Practices for Safe Computing - Prevention of Malware Infection

Simple and easy ways to keep your computer safe and secure on the Internet


Safe surfing :)



#15 beckyglass

beckyglass
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Minnesota
  • Local time:05:26 AM

Posted 28 March 2013 - 09:45 PM

It happened again. It gave me this page instead of loading a page with purchasereviews.net/donate.php being the address bar

 

 

The page isn't redirecting properly

     
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
       
This problem can sometimes be caused by disabling or refusing to accept cookies.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users