I would just like to be sure there isn't anything harmful remaining.
I Recently upgraded laptop from Vista to Win 7. The only protection was from Malwarebytes 500+ days outdated and Windows Defender. I installed MSE and a new Malwarebytes. I ran scans in both and removed malware in both. I also ran CCleaner. I had someone update to Win 7 for me. I have access to a Win 7 full DVD but I don't have a recovery disk for this laptop unless you would count the old original Vista disks which I have. Below are logs from DDS and gmer.
DDS (Ver_2012-11-05.02) - NTFS_x86
Internet Explorer: 9.0.8112.16450
Run by Owner at 20:30:59 on 2012-11-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1097 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\fxssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: {9565115d-c7d6-46d3-bd63-b67b481a4368} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
TB: HeadlineAlley: {8F61E414-EA79-4559-8BB6-61D956F70306} -
TB: HeadlineAlley: {8f61e414-ea79-4559-8bb6-61d956f70306} -
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}] "c:\program files\u.s. cellular broadband connect\avqautorun.exe" "c:\program files\u.s. cellular broadband connect\mphonetools.exe" /OnPlug=%s
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{70B1AAE7-1317-4192-B0BE-B8763D4BABA3} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{70B1AAE7-1317-4192-B0BE-B8763D4BABA3}\25F63756265727760235F63636562702143737F63696164796F6E6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{70B1AAE7-1317-4192-B0BE-B8763D4BABA3}\35026202D40284F6D656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{70B1AAE7-1317-4192-B0BE-B8763D4BABA3}\355726771697 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\k99iestj.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: !HIDDEN! 2011-08-10 19:23; 29ffxtbr@HeadlineAlley_29.com; c:\program files\headlinealley_29\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 EprDrv;EPR100 Service;c:\windows\system32\drivers\EprDrv.sys [2011-4-17 7168]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-7 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-11-07 03:04:43 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-07 03:02:42 -------- d-----w- c:\program files\iPod
2012-11-07 03:02:39 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-07 03:02:39 -------- d-----w- c:\program files\iTunes
2012-11-07 02:43:45 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-07 02:43:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-11-07 02:43:41 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-11-07 02:43:41 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-11-07 02:43:40 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-11-07 02:43:40 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-11-07 02:43:40 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-11-07 02:43:39 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-11-07 02:43:39 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-11-07 02:43:39 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-11-07 02:13:26 -------- d-----w- c:\program files\CCleaner
2012-11-06 18:02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-06 18:02:12 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-06 18:00:58 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-06 18:00:58 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-11-06 18:00:57 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-06 17:55:01 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-11-06 17:55:00 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-11-06 17:54:36 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-06 17:54:35 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-06 17:54:35 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-06 17:54:33 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-06 17:54:33 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-06 17:53:30 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-06 17:53:28 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-11-06 17:49:57 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ea7068f2-dbf8-4c47-843a-53923623cf2b}\mpengine.dll
2012-11-06 17:46:47 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{32786aab-8628-48e3-a075-1a424bb393d4}\gapaengine.dll
2012-11-06 17:46:38 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-06 17:35:31 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-06 17:33:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-06 17:33:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-06 17:23:38 -------- d-----w- c:\users\owner\appdata\local\Macromedia
2012-11-06 06:07:14 -------- d-----w- c:\windows\system32\SPReview
2012-11-06 06:05:19 -------- d-----w- c:\windows\system32\EventProviders
2012-11-06 06:02:41 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b6bd4841-a020-4f6f-93cc-3a4bb3d6082c}\mpengine.dll
2012-10-09 23:45:12 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2012-11-07 00:46:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 00:46:33 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-06 06:17:17 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-08-31 06:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 06:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 21:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:31:44.12 ===============
I Recently upgraded laptop from Vista to Win 7. The only protection was from Malwarebytes 500+ days outdated and Windows Defender. I installed MSE and a new Malwarebytes. I ran scans in both and removed malware in both. I also ran CCleaner. I had someone update to Win 7 for me. I have access to a Win 7 full DVD but I don't have a recovery disk for this laptop unless you would count the old original Vista disks which I have. Below are logs from DDS and gmer.
DDS (Ver_2012-11-05.02) - NTFS_x86
Internet Explorer: 9.0.8112.16450
Run by Owner at 20:30:59 on 2012-11-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1097 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\fxssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: {9565115d-c7d6-46d3-bd63-b67b481a4368} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
TB: HeadlineAlley: {8F61E414-EA79-4559-8BB6-61D956F70306} -
TB: HeadlineAlley: {8f61e414-ea79-4559-8bb6-61d956f70306} -
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}] "c:\program files\u.s. cellular broadband connect\avqautorun.exe" "c:\program files\u.s. cellular broadband connect\mphonetools.exe" /OnPlug=%s
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{70B1AAE7-1317-4192-B0BE-B8763D4BABA3} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{70B1AAE7-1317-4192-B0BE-B8763D4BABA3}\25F63756265727760235F63636562702143737F63696164796F6E6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{70B1AAE7-1317-4192-B0BE-B8763D4BABA3}\35026202D40284F6D656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{70B1AAE7-1317-4192-B0BE-B8763D4BABA3}\355726771697 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\k99iestj.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: !HIDDEN! 2011-08-10 19:23; 29ffxtbr@HeadlineAlley_29.com; c:\program files\headlinealley_29\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 EprDrv;EPR100 Service;c:\windows\system32\drivers\EprDrv.sys [2011-4-17 7168]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-7 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-11-07 03:04:43 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-07 03:02:42 -------- d-----w- c:\program files\iPod
2012-11-07 03:02:39 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-07 03:02:39 -------- d-----w- c:\program files\iTunes
2012-11-07 02:43:45 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-07 02:43:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-11-07 02:43:41 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-11-07 02:43:41 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-11-07 02:43:40 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-11-07 02:43:40 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-11-07 02:43:40 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-11-07 02:43:39 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-11-07 02:43:39 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-11-07 02:43:39 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-11-07 02:13:26 -------- d-----w- c:\program files\CCleaner
2012-11-06 18:02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-06 18:02:12 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-06 18:00:58 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-06 18:00:58 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-11-06 18:00:57 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-06 17:55:01 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-11-06 17:55:00 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-11-06 17:54:36 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-06 17:54:35 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-06 17:54:35 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-06 17:54:33 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-06 17:54:33 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-06 17:53:30 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-06 17:53:28 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-11-06 17:49:57 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ea7068f2-dbf8-4c47-843a-53923623cf2b}\mpengine.dll
2012-11-06 17:46:47 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{32786aab-8628-48e3-a075-1a424bb393d4}\gapaengine.dll
2012-11-06 17:46:38 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-06 17:35:31 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-06 17:33:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-06 17:33:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-06 17:23:38 -------- d-----w- c:\users\owner\appdata\local\Macromedia
2012-11-06 06:07:14 -------- d-----w- c:\windows\system32\SPReview
2012-11-06 06:05:19 -------- d-----w- c:\windows\system32\EventProviders
2012-11-06 06:02:41 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b6bd4841-a020-4f6f-93cc-3a4bb3d6082c}\mpengine.dll
2012-10-09 23:45:12 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2012-11-07 00:46:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 00:46:33 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-06 06:17:17 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-08-31 06:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 06:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 21:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:31:44.12 ===============