All my bowsers (Chrome, Firefox, IE) go to Yahoo when the home button is pressed

[ssander0000]

This just started about an hour ago, and I haven't downloaded anything new.

 

When I click on the Home button it goes to:

 

• http://search.yahoo.com/?type=386496&fr=spigot-yhp-ie    (in IE)
• http://search.yahoo.com/?type=386496&fr=spigot-yhp-ch   (in chrome)
• http://search.yahoo.com/?type=386496&fr=spigot-yhp-ff     (in Firefox)

Note:  The yhp- designation in the URL indicates its knowledge of the browser.

 

All the URLs have "spigot" in them, and I have uninstalled a couple of items (using control panel) that had Spigot as the publisher, but that hasn't helped.

 

Nor has running the Flash Scan...which deletes the items, but hasn't solved the problem.

 

Thanks for any help.

 

SS

[Maniac]

Hello ssander0000 and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

[ssander0000]

DDS: TXT

============================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2

Run by Steve at 11:44:23 on 2013-08-25

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8149.5848 [GMT -4:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe

C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Steve\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\WinZip\WZQKPICK.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\splwow64.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

mWinlogon: Userinit = userinit.exe,

BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110816105120.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [AdobeBridge] <no file>

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: DisableCAD = dword:1

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{53C916F0-F2D0-44B7-90A1-2B595F86C844} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Authentication Packages =  msv1_0 wvauth

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110816105120.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\fzkp28j0.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-08-24 13:30; savingsslider@mybrowserbar.com; C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\fzkp28j0.default\extensions\savingsslider@mybrowserbar.com

.

---- FIREFOX POLICIES ----

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: general.useragent.extra.brc - 

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-8-16 607152]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-8-16 281544]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-10 55856]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2009-7-15 200720]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-10 203776]

R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-10 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-8-10 165032]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2012-5-21 212984]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 701512]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-8-16 190256]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-8-16 156248]

R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-7-5 45056]

R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-5-11 265744]

R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2010-5-11 42000]

R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2009-7-15 339984]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-16 2595832]

R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-4 25928]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-8-16 217696]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]

R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe [2009-7-15 595960]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-7-15 917768]

R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2013-4-16 219632]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-10 317440]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-8-16 97960]

S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2013-4-16 517096]

S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-17 1255736]

S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\PFE32.EXE="C:\Program Files\PFE\PFE32.EXE" "%1" [userChoice]

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-08-25 15:33:09 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B996F55D-7F48-4750-9610-F3329915400D}\mpengine.dll

2013-08-24 17:30:38 -------- d-----w- C:\Users\Steve\AppData\Roaming\Slick Savings

2013-08-24 17:30:38 -------- d-----w- C:\Users\Steve\AppData\Local\Slick Savings

2013-08-24 17:30:35 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2013-08-24 17:30:17 -------- d-----w- C:\ProgramData\FreeRIP MP3 Converter

2013-08-15 07:01:16 -------- d-----w- C:\Windows\System32\MRT

2013-08-14 22:16:30 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-08-14 22:16:29 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-08-14 22:16:29 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-08-14 22:16:29 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-08-14 22:16:27 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-08-14 22:16:27 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-08-14 22:16:26 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-08-14 22:16:26 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-08-14 22:16:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-08-14 22:16:01 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-08-07 16:26:45 -------- d-----w- C:\Users\Steve\AppData\Local\{E47ABCD1-4F99-4D40-9D49-90E33A2F02D8}

.

==================== Find3M  ====================

.

2013-08-15 08:59:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-15 08:59:26 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-25 21:17:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-25 21:17:45 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-06-25 21:17:44 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-24 09:36:13 1901 ----a-w- C:\Windows\panose.bin

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

.

============= FINISH: 11:46:05.19 ===============

[ssander0000]

Attach.txt

=======================================

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional 

Boot Device: \Device\HarddiskVolume2

Install Date: 8/16/2011 9:54:27 AM

System Uptime: 8/25/2013 11:24:58 AM (0 hours ago)

.

Motherboard: Dell Inc. |  | 0HY9JP

Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 220 GiB total, 112.056 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

F: is CDROM (CDFS)

G: is FIXED (NTFS) - 931 GiB total, 640.744 GiB free.

H: is CDROM (UDF)

I: is FIXED (NTFS) - 699 GiB total, 259.801 GiB free.

L: is FIXED (NTFS) - 931 GiB total, 278.848 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F13\5&37175C19&0

Manufacturer: Microsoft

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F13\5&37175C19&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP324: 8/15/2013 3:00:13 AM - Windows Update

RP325: 8/20/2013 2:19:36 AM - Windows Update

RP326: 8/25/2013 8:05:44 AM - Removed FreeRIP Toolbar v7.4.

RP327: 8/25/2013 11:32:29 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe Creative Suite 5.5 Design Premium

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe PageMaker 7.0

Adobe Photoshop 7.0

Adobe Reader X (10.1.7)

Adobe SVG Viewer 3.0

Adobe Widget Browser

Advanced Replacer 2.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auslogics Duplicate File Finder

BioAPI Framework

Book Collector

Bulk Rename Utility 2.7.1.1

Canon CanoScan LiDE 700F User Registration

Canon DIGITAL CAMERA Solution Disk Software Guide

CANON iMAGE GATEWAY MyCamera Download Plugin

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator EX 2.1

Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide

Canon Utilities CameraWindow DC 8

Canon Utilities CameraWindow Launcher

Canon Utilities Movie Uploader for YouTube

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CanoScan LiDE 700F Scanner Driver

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Collectorz.com Book Collector

Cool Edit Pro 2.0

Coupon Companion Plugin

Coupon Printer for Windows

Custom

CyberLink PowerDVD 9.5

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Backup and Recovery Manager

Dell Client System Update

Dell Data Protection | Access

Dell Edoc Viewer

DellAccess

DirectX 9 Runtime

Dropbox

DVDFab Multi Setup

EMBASSY Client Core

EMF Plug-In

Eye Candy 4000

FileZilla Client 3.7.3

Forté Agent

FreeOCR 3.0

FreeRIP 4.1.3

Gemalto

Google Chrome

Google Earth

Google Update Helper

H&R Block Pennsylvania 2012

H&R Block Premium + Efile + State 2012

Intel® Control Center

Intel® Identity Protection Technology 1.2.27.0

Intel® Management Engine Components

Intel® Network Connections 15.7.176.1

Intel® Processor Graphics

Intel® Rapid Storage Technology

Ipswitch WS_FTP Pro

IrfanView (remove only)

iTunes

Java 7 Update 25

Java Auto Updater

Java 6 Update 22

Java 6 Update 24 (64-bit)

Java 6 Update 33

Java 7 Update 5 (64-bit)

Junk Mail filter update

Karen's Directory Printer

KPT 6

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Agent

McAfee VirusScan Enterprise

Memory-Map OS Edition Version 5

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft AutoRoute 2007

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft IntelliPoint 8.2

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office FrontPage 2003

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Streets & Trips 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

MiniTool Power Data Recovery

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

MP3 Surgeon 2.1

Mp3tag v2.52

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Family Tree

Neat Image v7.0 Pro plug-in for Photoshop (64-bit)

NEC Electronics USB 3.0 Host Controller Driver (1.0.7.0Beta)

NTRU TCG Software Stack

OpenOffice.org 3.4.1

PC-CCID

PDF Settings CS5

PhotoShowExpress

Preboot Manager

PrimoPDF -- brought to you by Nitro PDF Software

Private Information Manager

Quicken WillMaker Plus 2009

QuickTime

RBVirtualFolder64Inst

Reader for PC

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Sansa Updater

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

SelectionLinks

SES Driver

Skins

Sonic CinePlayer Decoder Pack

SPBA 5.9

STDU Viewer version 1.6.66.0

Switch Sound File Converter

SyncBack

SyncBackFree

The Rosetta Stone

ThumbsPlus version 6.0

toolkit32for64bit

Trend Micro Client/Server Security Agent

Trusted Drive Manager

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wpaiper

TurboTax 2011 wrapper

UltimateISOMaker 2.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Upek Touchchip Fingerprint Reader

VirtualCloneDrive

VLC media player 2.0.7

Wave Crypto Runtime 2.0.7.0 x86

Wave Infrastructure Installer

Wave Support Software Installer

Winamp

Winamp Detector Plug-in

Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)

Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.00 (64-bit)

WinZip

WPF Toolkit February 2010 (Version 3.5.50211.1)

.

==== Event Viewer Messages From Past Week ========

.

8/25/2013 7:53:16 AM, Error: Service Control Manager [7023]  - The Windows Time service terminated with the following error:  A system shutdown is in progress.

8/25/2013 11:25:50 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.

8/25/2013 11:25:20 AM, Error: Service Control Manager [7001]  - The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.

8/25/2013 11:19:57 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/25/2013 11:19:15 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

8/25/2013 11:19:15 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/25/2013 11:19:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/25/2013 11:19:08 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/25/2013 11:19:08 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/25/2013 11:19:05 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/25/2013 11:18:56 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/25/2013 11:18:51 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}

8/25/2013 11:18:40 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache ElbyCDIO mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi Wanarpv6 WfpLwf

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The Trend Micro Client/Server Security Agent service depends on the Network Connections service which failed to start because of the following error:  The dependency service or group failed to start.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The Trend Micro Client/Server Security Agent Listener service depends on the Network Connections service which failed to start because of the following error:  The dependency service or group failed to start.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

8/25/2013 11:18:40 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

.

==== End Of File ===========================

[Maniac]

Step 1

Please uninstall the following applications:

Coupon Companion Plugin

Coupon Printer for Windows

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 4

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log

[ssander0000]

JRT RESULTS:

==============================

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.4 (08.22.2013:1)

OS: Windows 7 Professional x64

Ran by Steve on Sun 08/25/2013 at 14:17:33.50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.BHO

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.BHO.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.Sandbox

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.Sandbox.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182204}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185504}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440244184404}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222182204}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244184404}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0021804.BHO

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0021804.BHO.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0021804.Sandbox

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0021804.Sandbox.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255185504}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186604}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440244184404}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244184404}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"

Successfully deleted: [File] "C:\end"

[ssander0000]

AdwCleaner results:  (Note...it never listed any items in the checkbox list after I had it "scan", so I just pressed "clean")

 

# AdwCleaner v3.001 - Report created 25/08/2013 at 14:27:00

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Steve - STEVE-OPTIPLEX

# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Steve\AppData\Local\Temp\AirInstaller

Folder Deleted : C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP

File Deleted : C:\Users\Steve\AppData\Local\Temp\Uninstall.exe

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\wecarereminder

Key Deleted : HKLM\Software\InfoAtoms

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Mozilla Firefox v22.0 (en-US)

 

[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\fzkp28j0.default\prefs.js ]

 

Line Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\[...]

 

-\\ Google Chrome v

 

[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1501 octets] - [25/08/2013 14:26:03]

AdwCleaner[s0].txt - [1388 octets] - [25/08/2013 14:27:00]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1448 octets] ##########

[ssander0000]

There was also an AdwCleaner[R0].txt file in the AdwCleaner directory:

 

 

# AdwCleaner v3.001 - Report created 25/08/2013 at 14:26:03

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Steve - STEVE-OPTIPLEX

# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Steve\AppData\Local\Temp\Uninstall.exe

Folder Found C:\Users\Steve\AppData\Local\Temp\AirInstaller

Folder Found C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\wecarereminder

Key Found : [x64] HKCU\Software\wecarereminder

Key Found : HKLM\Software\InfoAtoms

Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Mozilla Firefox v22.0 (en-US)

 

[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\fzkp28j0.default\prefs.js ]

 

Line Found : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\[...]

 

-\\ Google Chrome v

 

[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1353 octets] - [25/08/2013 14:26:03]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1413 octets] ##########

[ssander0000]

Here is the MBAM log...but, even though there were 5 flagged files that I had the program delete, it did not bring a log up...just the Restart Button box -- which I did.  There doesn't seem to be anything of interest in this log file.

 

 

2013/08/25 07:54:17 -0400  STEVE-OPTIPLEX       (null)  MESSAGE         Starting protection

2013/08/25 07:54:17 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Protection started successfully

2013/08/25 07:54:17 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting IP protection

2013/08/25 07:54:18 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         IP Protection started successfully

2013/08/25 08:08:13 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting protection

2013/08/25 08:08:13 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Protection started successfully

2013/08/25 08:08:13 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting IP protection

2013/08/25 08:08:14 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         IP Protection started successfully

2013/08/25 11:05:19 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting protection

2013/08/25 11:05:19 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Protection started successfully

2013/08/25 11:05:19 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting IP protection

2013/08/25 11:05:20 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         IP Protection started successfully

2013/08/25 11:10:23 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting protection

2013/08/25 11:10:23 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Protection started successfully

2013/08/25 11:10:23 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting IP protection

2013/08/25 11:10:24 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         IP Protection started successfully

2013/08/25 11:14:04 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting protection

2013/08/25 11:14:04 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Protection started successfully

2013/08/25 11:14:04 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting IP protection

2013/08/25 11:14:05 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         IP Protection started successfully

2013/08/25 11:26:25 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         Starting protection

2013/08/25 11:26:25 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         Protection started successfully

2013/08/25 11:26:25 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         Starting IP protection

2013/08/25 11:26:26 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         IP Protection started successfully

2013/08/25 11:26:26 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         Starting database refresh

2013/08/25 11:26:26 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         Stopping IP protection

2013/08/25 11:26:26 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         IP Protection stopped successfully

2013/08/25 11:26:28 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         Database refreshed successfully

2013/08/25 11:26:28 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         Starting IP protection

2013/08/25 11:26:29 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         IP Protection started successfully

2013/08/25 11:28:17 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         Executing scheduled update:  Daily

2013/08/25 11:28:20 -0400 STEVE-OPTIPLEX       Steve  MESSAGE         Database already up-to-date

2013/08/25 14:28:16 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting protection

2013/08/25 14:28:17 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Protection started successfully

2013/08/25 14:28:17 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting IP protection

2013/08/25 14:28:18 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         IP Protection started successfully

2013/08/25 14:47:01 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting protection

2013/08/25 14:47:02 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Protection started successfully

2013/08/25 14:47:02 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         Starting IP protection

2013/08/25 14:47:03 -0400 STEVE-OPTIPLEX       (null)  MESSAGE         IP Protection started successfully


 

[ssander0000]

IMPORTANT NOTE:

 

I just realized that I had forgotten to do Step 1 - deleting the Coupon Companion Plugin and Coupon Printer for Windows.

 

I just did that...but i think they were already somehow deleted by those two apps I ran...they only needed to be removed from the program list.

 

Sorry about the carelessness...If necessary let me know if I should re-start the cleaning process again.

 

SS

[Maniac]

That was important. Basically, step 2 and 3 are taken care of, but it was important to start from step 1. Step 4 is not done as I need too. Please proceed carefully with my instructions and repeat step 4.

[ssander0000]

OK...I'm starting from the beginning again...Here is the JRT Log:

========================

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.4 (08.22.2013:1)

OS: Windows 7 Professional x64

Ran by Steve on Sun 08/25/2013 at 19:01:58.48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 08/25/2013 at 19:06:58.29

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ssander0000]

...and here is the log from AdwCleaner:

==============================================

 

# AdwCleaner v3.001 - Report created 25/08/2013 at 19:10:46

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Steve - STEVE-OPTIPLEX

# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Mozilla Firefox v22.0 (en-US)

 

[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\fzkp28j0.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1501 octets] - [25/08/2013 14:26:03]

AdwCleaner[R1].txt - [1009 octets] - [25/08/2013 19:10:19]

AdwCleaner[s0].txt - [1532 octets] - [25/08/2013 14:27:00]

AdwCleaner[s1].txt - [932 octets] - [25/08/2013 19:10:46]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [991 octets] ##########

[ssander0000]

...and the Malwarebytes Log:

====================================

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.25.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Steve :: STEVE-OPTIPLEX [administrator]

 

Protection: Enabled

 

8/25/2013 7:19:45 PM

mbam-log-2013-08-25 (19-19-45).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 248960

Time elapsed: 11 minute(s), 1 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

[Maniac]

How are things now?

[ssander0000]

Looks like all is well...(and it also fixed a different minor adware issue with IE) -- thanks so much for all your help.

 

SS

[Maniac]

You're welcome!

Step 1

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

• Double click on AdwCleaner.exe to run the tool.
• Click on Uninstall
• Confirm with Yes

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[LDTate]

Resolved