Redirect virus not found with malware or other programs

dearmschris · January 21, 2014

I've got some sort of virus so that when I click on something, some junk pages come up in front of the page I want to reach. I've run malwarebytes several times. Sometimes it finds things and other times, it comes up clear. I've also run TDSS rootkit removing tool, Hitman Pro, adwcleaner, and rkill and I've tried malwarebytes in safe with networking mode. I've probably run 7 or 8 clean ups in the last 5 days. Each time after a clean up, I'll reboot and open my browser and the problem persists. I use this computer to do my banking and I'm starting to freak out about my online vulnerability. Can anyone help?

MrCharlie · January 21, 2014

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

dearmschris · January 21, 2014

Thanks. Here's the two reports

.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
AOL Install
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics BoostSpeed
Auslogics Disk Defrag
Big Fish Games: Game Manager
Bing Bar
Bing Rewards Client Installer
Bonjour
Catalina Savings Printer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CouponPrinterPlugin
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Wireless WLAN Card
Driver Detective
EDocs
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GoToMeeting 4.8.0.723
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP FWUpdateEDO2
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
iTunes
Java 7 Update 25
Java Auto Updater
Juniper Networks Host Checker
Juniper Networks Setup Client
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.75.0.1300
MediaButtons 4.0.0.19
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
My Dell
OGA Notifier 2.0.0048.0
Open It!
QuickTime
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Shared C Run-time for x86
Skype Toolbars
Skype™ 5.10
Sony Player Plug-in for Windows Media Player
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmaiper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmaiper
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.25.2
Run by csjfriend at 19:03:42 on 2014-01-20
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\BingApp.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\BingBar.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\BingSurrogate.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\BingSurrogate.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\BingSurrogate.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\BingSurrogate.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\coupons.com couponbar\tbcore3.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\coupons.com couponbar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN268BT1Z605KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DellOSD] c:\windows\system32\MediaButtons.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:2
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5AC41792-56E1-41A3-AC19-0B47695C15F8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7A3948F9-9B57-4FAD-B89D-9C962E894F56} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\csjfriend\appdata\roaming\mozilla\firefox\profiles\i2km787c.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\users\csjfri~1\appdata\roaming\catali~1\npBcsKtTcHW.dll
FF - plugin: c:\users\csjfriend\appdata\roaming\hopster\couponprinterplugin\2.0.2.0\npCouponPrinterPlugin.dll
FF - plugin: c:\users\csjfriend\appdata\roaming\hopster\couponprinterplugin\2.0.2.0\npPrintUtil.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;BingBar Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? SASDIFSV;SASDIFSV
R? SASKUTIL;SASKUTIL
R? SkypeUpdate;Skype Updater
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AERTFilters;Andrea RT Filters Service
S? AVP;Kaspersky Anti-Virus Service
S? BBUpdate;BBUpdate
S? DLXPDisplayName;DLXPDisplayName
S? DockLoginService;Dock Login Service
S? FontCache;Windows Font Cache Service
S? IntuitUpdateServiceV4;Intuit Update Service v4
S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
S? klkbdflt;Kaspersky Lab KLKBDFLT
S? klmouflt;Kaspersky Lab KLMOUFLT
S? kltdi;kltdi
S? kneps;kneps
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? RtNdPt60;Realtek NDIS Protocol Driver
.
=============== Created Last 30 ================
.
2014-01-20 00:36:14 -------- d-----w- c:\users\csjfriend\appdata\local\CrashDumps
2014-01-19 23:53:36 -------- d-----w- c:\program files\OpenIt
2014-01-19 22:09:04 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f81799d2-9c85-48a3-95c6-b09285b08d31}\offreg.dll
2014-01-18 01:01:51 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f81799d2-9c85-48a3-95c6-b09285b08d31}\mpengine.dll
2014-01-14 00:16:52 -------- d-----w- c:\users\csjfriend\appdata\local\NPE
2014-01-13 00:42:34 -------- d-----w- C:\AdwCleaner
2014-01-13 00:29:38 -------- d-----w- c:\programdata\HitmanPro
2014-01-05 22:41:45 -------- d-----w- c:\users\csjfriend\appdata\local\Comodo
2014-01-05 22:41:45 -------- d-----w- c:\programdata\53cc6d9ea72d6efe
2014-01-05 22:40:15 -------- d-----w- c:\programdata\InstallMate
.
==================== Find3M ====================
.
2013-12-11 20:38:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 20:38:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 19:41:12 25696 ----a-w- c:\windows\system32\drivers\klim6.sys
2013-12-11 19:41:11 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-11-19 11:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12:54 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43:04 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43:06 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35:24 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-10-24 02:17:49 834048 ----a-w- c:\windows\system32\wininet.dll
2013-10-24 02:17:06 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
2013-10-24 02:16:58 19456 ----a-w- c:\windows\system32\corpol.dll
2013-10-24 00:55:43 389632 ----a-w- c:\windows\system32\html.iec
2013-10-24 00:44:32 1383424 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 19:04:36.90 ===============

dearmschris · January 21, 2014

This is the report from RogueKiller

RogueKiller V8.8.2 [Jan 17 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : csjfriend [Admin rights]

Mode : Scan -- Date : 01/20/2014 19:17:38

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

[inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x363FF766)

[inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x363FF766)

[inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x363FF766)

¤¤¤ External Hives: ¤¤¤

-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BEVT-75ZCT2 ATA Device +++++

--- User ---

[MBR] f55f0a82775433c39498f39741e902b9

[bSP] bdf99326810b3ea5b3c85f61013cb3ba : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 15360 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31569920 | Size: 223059 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_01202014_191738.txt >>

MrCharlie · January 21, 2014

What browsers are being re-directed???

------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

dearmschris · January 21, 2014

Google chrome, internet explorer. Haven't checked safari. WHen I click on a link in a page, a new page pops up in front of it and often starts out labelled as "redirect..." The page I requested does come up; I have to click out the redirected pages to be able to see my page. I'm running combofix now. Thanks so much for your help!

dearmschris · January 21, 2014

Here's the new report.

ComboFix 14-01-21.02 - csjfriend 01/21/2014 7:40.1.2 - x86

Running from: c:\users\csjfriend\Desktop\ComboFixa.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll

c:\programdata\PCDr\6422\AddOnDownloaded\1b8965d5-1ace-460f-9f9d-51d4c6c7c534.dll

c:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dll

c:\programdata\PCDr\6422\AddOnDownloaded\2b605d7d-d0d9-4054-adbf-4b49c7319932.dll

c:\programdata\PCDr\6422\AddOnDownloaded\2ff77179-a156-48e2-9210-92584330fa1e.dll

c:\programdata\PCDr\6422\AddOnDownloaded\433f450c-7cfc-4bb7-9084-d52289cd0b0f.dll

c:\programdata\PCDr\6422\AddOnDownloaded\46396106-fa11-4329-87bf-ed5a85069e89.dll

c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll

c:\programdata\PCDr\6422\AddOnDownloaded\58073f58-c256-45c9-a26d-2c9c44ad6b03.dll

c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll

c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll

c:\programdata\PCDr\6422\AddOnDownloaded\b0bf6cc9-ca1b-4293-aa54-f533d6b586c7.dll

c:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dll

c:\programdata\PCDr\6422\AddOnDownloaded\cce4ac4d-7353-4099-b347-95166f07f05e.dll

c:\programdata\PCDr\6422\AddOnDownloaded\ceb70e67-87f1-40c5-86a3-c576ea0c4e8f.dll

c:\programdata\SPL1258.tmp

c:\programdata\SPL4BD2.tmp

c:\programdata\SPL90AB.tmp

c:\programdata\SPLA479.tmp

c:\programdata\SPLFC96.tmp

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\background.html

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\content.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\f1bFcUJh69.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\manifest.json

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\background.html

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\content.js

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\f1bFcUJh69.js

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\lsdb.js

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\manifest.json

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcdjgkaccjgkjbomdnnfkeihkanbjlbn

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\000032.ldb

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\000038.ldb

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\000061.ldb

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\000068.log

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\CURRENT

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\LOCK

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\LOG

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\LOG.old

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\MANIFEST-000067

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcdjgkaccjgkjbomdnnfkeihkanbjlbn_0.localstorage-journal

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcdjgkaccjgkjbomdnnfkeihkanbjlbn_0.localstorage

c:\users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\csjfriend\Documents\7F2BB388.tmp

c:\users\csjfriend\g2mdlhlpx.exe

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\background.html

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\content.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\f1bFcUJh69.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjgkaccjgkjbomdnnfkeihkanbjlbn\2.7\manifest.json

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\wininit.ini

.

((((((((((((((((((((((((( Files Created from 2013-12-21 to 2014-01-21 )))))))))))))))))))))))))))))))

.

2014-01-20 00:36 . 2014-01-20 00:36 -------- d-----w- c:\users\csjfriend\AppData\Local\CrashDumps

2014-01-19 23:53 . 2014-01-19 23:53 -------- d-----w- c:\program files\OpenIt

2014-01-19 22:09 . 2014-01-19 22:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F81799D2-9C85-48A3-95C6-B09285B08D31}\offreg.dll

2014-01-18 01:01 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F81799D2-9C85-48A3-95C6-B09285B08D31}\mpengine.dll

2014-01-14 00:16 . 2014-01-14 00:38 -------- d-----w- c:\users\csjfriend\AppData\Local\NPE

2014-01-13 00:42 . 2014-01-13 00:53 -------- d-----w- C:\AdwCleaner

2014-01-13 00:29 . 2014-01-13 00:38 -------- d-----w- c:\programdata\HitmanPro

2014-01-05 22:41 . 2014-01-13 00:42 -------- d-----w- c:\programdata\53cc6d9ea72d6efe

2014-01-05 22:41 . 2014-01-05 22:41 -------- d-----w- c:\users\Guest

2014-01-05 22:41 . 2014-01-05 22:41 -------- d-----w- c:\users\csjfriend\AppData\Local\Comodo

2014-01-05 22:41 . 2014-01-05 22:41 -------- d-----w- c:\users\Administrator

2014-01-05 22:40 . 2014-01-05 22:43 -------- d-----w- c:\programdata\InstallMate

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-11 20:38 . 2012-04-02 15:29 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-12-11 20:38 . 2011-06-29 12:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-12-11 19:41 . 2012-08-02 23:09 25696 ----a-w- c:\windows\system32\drivers\klim6.sys

2013-12-11 19:41 . 2012-06-20 01:28 135776 ----a-w- c:\windows\system32\drivers\kl1.sys

2013-11-19 11:33 . 2009-10-12 01:02 230048 ------w- c:\windows\system32\MpSigStub.exe

2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll

2013-10-30 02:12 . 2013-12-11 19:32 335360 ----a-w- c:\windows\system32\SysFxUI.dll

2013-10-30 01:43 . 2013-12-11 19:32 130048 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-10-30 00:43 . 2013-12-11 19:32 167936 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-10-30 00:35 . 2013-12-11 19:32 2050560 ----a-w- c:\windows\system32\win32k.sys

2013-10-24 02:17 . 2013-12-11 19:32 834048 ----a-w- c:\windows\system32\wininet.dll

2013-10-24 02:17 . 2013-12-11 19:32 53760 ----a-w- c:\windows\apppatch\iebrshim.dll

2013-10-24 02:16 . 2013-12-11 19:32 19456 ----a-w- c:\windows\system32\corpol.dll

2013-10-24 00:55 . 2013-12-11 19:32 389632 ----a-w- c:\windows\system32\html.iec

2013-10-24 00:44 . 2013-12-11 19:32 1383424 ----a-w- c:\windows\system32\mshtml.tlb

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files\Coupons.com CouponBar\tbcore3.dll" [2012-10-12 2701752]

.

[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]

[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files\Coupons.com CouponBar\tbcore3.dll" [2012-10-12 2701752]

.

[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]

[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-12 39408]

"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-16 5296128]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-25 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]

"DellOSD"="c:\windows\System32\MediaButtons.exe" [2008-05-09 2166784]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2013-04-04 887432]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-11 356128]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-10-01 08:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-04-16 73728]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-18 01:27 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:38]

.

2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-12 19:11]

.

2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-12 19:11]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>;*.local

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\accounts

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\csjfriend\AppData\Roaming\Mozilla\Firefox\Profiles\i2km787c.default\

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Dell\DellDock\DockLogin.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\WLANExt.exe

c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft\BingBar\7.3.124.0\BBSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\windows\system32\msiexec.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\System32\WUDFHost.exe

c:\windows\RtHDVCpl.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\System32\DELLOSD.exe

c:\windows\System32\TestUnitReady.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2014-01-21 08:00:24 - machine was rebooted

ComboFix-quarantined-files.txt 2014-01-21 15:58

.

Pre-Run: 118,609,104,896 bytes free

Post-Run: 118,545,383,424 bytes free

.

- - End Of File - - 2FE1F86AE1AAB025A4332C188F385525

5C616939100B85E558DA92B899A0FC36

MrCharlie · January 21, 2014

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

New window that comes up.

MrC

dearmschris · January 22, 2014

Here's the first log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014

Ran by csjfriend (administrator) on CSJFRIEND-PC on 21-01-2014 16:10:51

Running from C:\Users\csjfriend\Downloads

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 7

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

() C:\Windows\System32\WLTRYSVC.EXE

(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Auslogics) C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Windows\System32\MediaButtons.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Dell Inc.) C:\Windows\System32\WLTRAY.EXE

(DELL COMPUTER INC.) C:\Windows\System32\DELLOSD.exe

(TODO: <Company name>) C:\Windows\System32\TestUnitReady.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe

(Microsoft Corporation) C:\3574da36d47ab1938b65d3de9794\MPSigStub.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [5296128 2008-04-16] (Realtek Semiconductor)

HKLM\...\Run: [DellOSD] - C:\Windows\System32\MediaButtons.exe [2166784 2008-05-08] ()

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)

HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)

HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-12] (Google Inc.)

HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)

AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-13] (Google)

Startup: C:\Users\csjfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120208105240.dll No File

BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\csjfriend\AppData\Roaming\Mozilla\Firefox\Profiles\i2km787c.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\CSJFRI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF Plugin HKCU: hopster.com/CouponPrinterPlugin - C:\Users\csjfriend\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)

FF Extension: Jump Flip - C:\Users\csjfriend\AppData\Roaming\Mozilla\Firefox\Profiles\i2km787c.default\Extensions\firefox@jumpflip.net.xpi [2014-01-15]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-02-06]

FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-02-06]

FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-02-06]

FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-02-06]

FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-02-06]

FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.9\coFFFw\

Chrome:

=======

CHR Extension: (Google Docs) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-21]

CHR Extension: (Google Drive) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-21]

CHR Extension: (YouTube) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-21]

CHR Extension: (Google Search) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-21]

CHR Extension: (Kaspersky URL Advisor) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-03-11]

CHR Extension: (Safe Money) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-03-11]

CHR Extension: (Content Blocker) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-03-11]

CHR Extension: (Virtual Keyboard) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-03-11]

CHR Extension: (Google Wallet) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-21]

CHR Extension: (Anti-Banner) - C:\Users\csjfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-03-11]

CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]

CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]

CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]

CHR HKLM\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [2012-10-25]

CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]

CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

========================== Services (Whitelisted) =================

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-04-16] (Andrea Electronics Corporation)

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.)

S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [x]

==================== Drivers (Whitelisted) ====================

R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14656 2007-05-17] ()

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-11] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [595552 2013-10-10] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-11] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-22] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-05-08] (Windows ® Codename Longhorn DDK provider)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]

S3 catchme; \??\C:\ComboFixa\catchme.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-04-24] (Kaspersky Lab ZAO)

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S1 SASDIFSV; \??\C:\Users\CSJFRI~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]

S1 SASKUTIL; \??\C:\Users\CSJFRI~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-21 16:10 - 2014-01-21 16:11 - 00019936 _____ C:\Users\csjfriend\Downloads\FRST.txt

2014-01-21 16:10 - 2014-01-21 16:10 - 01222144 _____ (Farbar) C:\Users\csjfriend\Downloads\FRST.exe

2014-01-21 16:10 - 2014-01-21 16:10 - 00000000 ____D C:\FRST

2014-01-21 16:10 - 2014-01-21 16:10 - 00000000 ____D C:\3574da36d47ab1938b65d3de9794

2014-01-21 16:06 - 2014-01-21 16:06 - 00000735 _____ C:\Users\csjfriend\Desktop\NTREGOPT.lnk

2014-01-21 16:06 - 2014-01-21 16:06 - 00000716 _____ C:\Users\csjfriend\Desktop\ERUNT.lnk

2014-01-21 16:06 - 2014-01-21 16:06 - 00000000 ____D C:\Program Files\ERUNT

2014-01-21 16:05 - 2014-01-21 16:05 - 00791393 _____ (Lars Hederer ) C:\Users\csjfriend\Downloads\erunt_setup.exe

2014-01-21 16:01 - 2014-01-21 16:01 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics

2014-01-21 08:00 - 2014-01-21 08:00 - 00015979 _____ C:\ComboFix.txt

2014-01-21 07:37 - 2014-01-21 08:00 - 00000000 ____D C:\Qoobox

2014-01-21 07:37 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe

2014-01-21 07:37 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe

2014-01-21 07:37 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-01-21 07:37 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-01-21 07:37 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-01-21 07:37 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe

2014-01-21 07:37 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe

2014-01-21 07:37 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe

2014-01-21 07:36 - 2014-01-21 16:06 - 00000000 ____D C:\Windows\erdnt

2014-01-21 07:35 - 2014-01-21 07:36 - 05172813 ____R (Swearware) C:\Users\csjfriend\Desktop\ComboFixa.exe

2014-01-20 19:17 - 2014-01-20 19:17 - 00002874 _____ C:\Users\csjfriend\Desktop\RKreport[0]_S_01202014_191738.txt

2014-01-20 19:09 - 2014-01-20 19:30 - 00000000 ____D C:\Users\csjfriend\Desktop\RK_Quarantine

2014-01-20 19:06 - 2014-01-20 19:06 - 00014043 _____ C:\Users\csjfriend\Desktop\Notepad.txt

2014-01-20 19:05 - 2014-01-20 19:05 - 00007908 _____ C:\Users\csjfriend\Documents\Attach.txt

2014-01-20 19:04 - 2014-01-20 19:04 - 00014043 _____ C:\Users\csjfriend\Desktop\dds.txt

2014-01-20 19:04 - 2014-01-20 19:04 - 00007908 _____ C:\Users\csjfriend\Desktop\attach.txt

2014-01-20 09:51 - 2014-01-20 09:51 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\csjfriend\Desktop\rkill.exe

2014-01-19 16:36 - 2014-01-19 16:36 - 00000000 ____D C:\Users\csjfriend\AppData\Local\CrashDumps

2014-01-19 16:28 - 2014-01-19 16:28 - 00000098 _____ C:\Windows\system32\Drivers\etc\hosts.hitmanpro

2014-01-19 15:53 - 2014-01-19 15:53 - 00000905 _____ C:\Users\Public\Desktop\Open It!.lnk

2014-01-19 15:53 - 2014-01-19 15:53 - 00000000 ____D C:\Program Files\OpenIt

2014-01-19 15:48 - 2014-01-19 15:53 - 00000929 _____ C:\Users\csjfriend\Desktop\Continue Zip Opener Installation.lnk

2014-01-19 15:48 - 2014-01-19 15:48 - 00680328 _____ ( ) C:\Users\csjfriend\Desktop\ZipOpenerSetup.exe

2014-01-13 16:16 - 2014-01-13 16:38 - 00000000 ____D C:\Users\csjfriend\AppData\Local\NPE

2014-01-13 16:16 - 2014-01-13 16:16 - 03053496 _____ (Symantec Corporation) C:\Users\csjfriend\Desktop\NPE.exe

2014-01-12 16:42 - 2014-01-12 16:53 - 00000000 ____D C:\AdwCleaner

2014-01-12 16:39 - 2014-01-12 16:39 - 01236282 _____ C:\Users\csjfriend\Desktop\adwcleaner.exe

2014-01-12 16:29 - 2014-01-12 16:38 - 00000000 ____D C:\ProgramData\HitmanPro

2014-01-12 16:28 - 2014-01-12 16:29 - 09452704 _____ (SurfRight B.V.) C:\Users\csjfriend\Desktop\HitmanPro.exe

2014-01-12 16:23 - 2014-01-20 09:53 - 00003122 _____ C:\Users\csjfriend\Desktop\Rkill.txt

2014-01-12 16:23 - 2014-01-12 16:23 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\csjfriend\Desktop\iExplore.exe

2014-01-05 17:16 - 2014-01-20 16:23 - 00000000 ____D C:\Users\csjfriend\Desktop\TIAA-CREF

2014-01-05 14:41 - 2014-01-12 16:42 - 00000000 ____D C:\ProgramData\53cc6d9ea72d6efe

2014-01-05 14:41 - 2014-01-05 14:41 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch

2014-01-05 14:41 - 2014-01-05 14:41 - 00000000 ____D C:\Users\Guest\AppData\Local\Google

2014-01-05 14:41 - 2014-01-05 14:41 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo

2014-01-05 14:41 - 2014-01-05 14:41 - 00000000 ____D C:\Users\Guest

2014-01-05 14:41 - 2014-01-05 14:41 - 00000000 ____D C:\Users\csjfriend\AppData\Local\Comodo

2014-01-05 14:41 - 2014-01-05 14:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch

2014-01-05 14:41 - 2014-01-05 14:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google

2014-01-05 14:41 - 2014-01-05 14:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo

2014-01-05 14:41 - 2014-01-05 14:41 - 00000000 ____D C:\Users\Administrator

2014-01-05 14:40 - 2014-01-05 14:43 - 00000000 ____D C:\ProgramData\InstallMate

==================== One Month Modified Files and Folders =======

2014-01-21 16:11 - 2014-01-21 16:10 - 00019936 _____ C:\Users\csjfriend\Downloads\FRST.txt

2014-01-21 16:10 - 2014-01-21 16:10 - 01222144 _____ (Farbar) C:\Users\csjfriend\Downloads\FRST.exe

2014-01-21 16:10 - 2014-01-21 16:10 - 00000000 ____D C:\FRST

2014-01-21 16:10 - 2014-01-21 16:10 - 00000000 ____D C:\3574da36d47ab1938b65d3de9794

2014-01-21 16:10 - 2008-09-30 18:32 - 01288574 _____ C:\Windows\WindowsUpdate.log

2014-01-21 16:06 - 2014-01-21 16:06 - 00000735 _____ C:\Users\csjfriend\Desktop\NTREGOPT.lnk

2014-01-21 16:06 - 2014-01-21 16:06 - 00000716 _____ C:\Users\csjfriend\Desktop\ERUNT.lnk

2014-01-21 16:06 - 2014-01-21 16:06 - 00000000 ____D C:\Program Files\ERUNT

2014-01-21 16:06 - 2014-01-21 07:36 - 00000000 ____D C:\Windows\erdnt

2014-01-21 16:05 - 2014-01-21 16:05 - 00791393 _____ (Lars Hederer ) C:\Users\csjfriend\Downloads\erunt_setup.exe

2014-01-21 16:03 - 2013-02-06 19:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2014-01-21 16:01 - 2014-01-21 16:01 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics

2014-01-21 16:00 - 2012-01-12 11:12 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-21 16:00 - 2010-05-14 08:59 - 00000000 ____D C:\Users\csjfriend\AppData\Local\Apps\2.0

2014-01-21 16:00 - 2006-11-02 05:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-21 16:00 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-21 16:00 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-21 11:48 - 2006-11-02 05:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-21 11:44 - 2012-01-12 11:12 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-21 11:43 - 2012-04-02 07:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-21 08:00 - 2014-01-21 08:00 - 00015979 _____ C:\ComboFix.txt

2014-01-21 08:00 - 2014-01-21 07:37 - 00000000 ____D C:\Qoobox

2014-01-21 08:00 - 2006-11-02 03:18 - 00000000 __RHD C:\Users\Default

2014-01-21 08:00 - 2006-11-02 03:18 - 00000000 ___RD C:\Users\Public

2014-01-21 07:52 - 2006-11-02 02:23 - 00000215 _____ C:\Windows\system.ini

2014-01-21 07:50 - 2008-01-20 18:47 - 00424050 _____ C:\Windows\PFRO.log

2014-01-21 07:48 - 2009-09-04 13:11 - 00000000 ____D C:\Users\csjfriend

2014-01-21 07:36 - 2014-01-21 07:35 - 05172813 ____R (Swearware) C:\Users\csjfriend\Desktop\ComboFixa.exe

2014-01-20 19:30 - 2014-01-20 19:09 - 00000000 ____D C:\Users\csjfriend\Desktop\RK_Quarantine

2014-01-20 19:17 - 2014-01-20 19:17 - 00002874 _____ C:\Users\csjfriend\Desktop\RKreport[0]_S_01202014_191738.txt

2014-01-20 19:06 - 2014-01-20 19:06 - 00014043 _____ C:\Users\csjfriend\Desktop\Notepad.txt

2014-01-20 19:05 - 2014-01-20 19:05 - 00007908 _____ C:\Users\csjfriend\Documents\Attach.txt

2014-01-20 19:04 - 2014-01-20 19:04 - 00014043 _____ C:\Users\csjfriend\Desktop\dds.txt

2014-01-20 19:04 - 2014-01-20 19:04 - 00007908 _____ C:\Users\csjfriend\Desktop\attach.txt

2014-01-20 16:23 - 2014-01-05 17:16 - 00000000 ____D C:\Users\csjfriend\Desktop\TIAA-CREF

2014-01-20 13:45 - 2013-01-24 18:04 - 00000000 ____D C:\Users\csjfriend\AppData\Roaming\.minecraft

2014-01-20 09:53 - 2014-01-12 16:23 - 00003122 _____ C:\Users\csjfriend\Desktop\Rkill.txt

2014-01-20 09:51 - 2014-01-20 09:51 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\csjfriend\Desktop\rkill.exe

2014-01-19 18:27 - 2009-09-04 13:11 - 00073288 _____ C:\Users\csjfriend\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-19 18:26 - 2006-11-02 04:47 - 00308744 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-19 18:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tapi

2014-01-19 16:36 - 2014-01-19 16:36 - 00000000 ____D C:\Users\csjfriend\AppData\Local\CrashDumps

2014-01-19 16:28 - 2014-01-19 16:28 - 00000098 _____ C:\Windows\system32\Drivers\etc\hosts.hitmanpro

2014-01-19 15:53 - 2014-01-19 15:53 - 00000905 _____ C:\Users\Public\Desktop\Open It!.lnk

2014-01-19 15:53 - 2014-01-19 15:53 - 00000000 ____D C:\Program Files\OpenIt

2014-01-19 15:53 - 2014-01-19 15:48 - 00000929 _____ C:\Users\csjfriend\Desktop\Continue Zip Opener Installation.lnk

2014-01-19 15:48 - 2014-01-19 15:48 - 00680328 _____ ( ) C:\Users\csjfriend\Desktop\ZipOpenerSetup.exe

2014-01-17 19:41 - 2012-04-30 19:39 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2014-01-17 16:59 - 2010-06-09 11:03 - 00000000 ____D C:\ProgramData\Microsoft Help

2014-01-17 16:58 - 2013-08-15 07:02 - 00000000 ____D C:\Windows\system32\MRT

2014-01-17 16:54 - 2006-11-02 02:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-01-14 07:23 - 2009-09-04 13:12 - 00000000 ____D C:\Users\csjfriend\AppData\Local\Google

2014-01-13 16:38 - 2014-01-13 16:16 - 00000000 ____D C:\Users\csjfriend\AppData\Local\NPE

2014-01-13 16:16 - 2014-01-13 16:16 - 03053496 _____ (Symantec Corporation) C:\Users\csjfriend\Desktop\NPE.exe

2014-01-13 16:16 - 2011-11-10 16:54 - 00000000 ____D C:\ProgramData\Norton

2014-01-12 20:11 - 2010-05-14 09:01 - 00000000 ____D C:\Users\csjfriend\Desktop\TSST TS-T633A_FW_D500

2014-01-12 16:53 - 2014-01-12 16:42 - 00000000 ____D C:\AdwCleaner

2014-01-12 16:42 - 2014-01-05 14:41 - 00000000 ____D C:\ProgramData\53cc6d9ea72d6efe

2014-01-12 16:39 - 2014-01-12 16:39 - 01236282 _____ C:\Users\csjfriend\Desktop\adwcleaner.exe

2014-01-12 16:38 - 2014-01-12 16:29 - 00000000 ____D C:\ProgramData\HitmanPro

2014-01-12 16:29 - 2014-01-12 16:28 - 09452704 _____ (SurfRight B.V.) C:\Users\csjfriend\Desktop\HitmanPro.exe

2014-01-12 16:23 - 2014-01-12 16:23 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\csjfriend\Desktop\iExplore.exe

2014-01-12 16:19 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\csjfriend\Desktop\iexlore.exe.exe

2014-01-07 21:01 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\PLA

2014-01-06 20:05 - 2013-01-21 17:41 - 00000000 ____D C:\Windows\Minidump

2014-01-06 16:28 - 2012-08-18 10:44 - 00457728 _____ C:\Users\csjfriend\Desktop\budget overview.xls

2014-01-05 14:43 - 2014-01-05 14:40 - 00000000 ____D C:\ProgramData\InstallMate