Jump to content

FBI Moneypak Virus HELP! My HijackThis log!


Recommended Posts

Iv got the FBI moneypak virus and I need help! Ive run Chameleon but malwarebytes is running it just wont let me inable protection.Ive run the Anti-Rootkit tool and it finds trojans and removes them but when I try to boot up normaly I get the white screen then the FBI moneypak lock screen.
I do have access to safe mode w internet connection so here I am.
Help!
1sennafan

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:50 AM, on 8/10/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\JGsoft\EditPadPro\EditPadPro.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gene\AppData\Local\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\???\???\???\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\GoogleUpdate.exe" >
O4 - HKCU\..\Run: [KB9391109] "C:\Users\Gene\AppData\Local\KB9391109\KB9391109.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital  - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital  - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9997 bytes

Link to post
Share on other sites

  • Staff

Hello 1sennafan

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

after sitting for several days computer booted in normal mode

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013
Ran by Gene (administrator) on 14-08-2013 04:09:56
Running from C:\Users\Gene\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(JGsoft - Just Great Software) C:\Program Files (x86)\JGsoft\EditPadPro\EditPadPro.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [NtrigApplet] - C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe [2508800 2008-10-04] (N-trig LLC)
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [706776 2013-03-21] (Adobe Systems Incorporated)
MountPoints2: {0d9b72df-a925-11e1-a6cc-002186d6a6a0} - G:\unlock.exe autoplay=true
MountPoints2: {71556884-fc88-11e1-83aa-002186d6a6a0} - F:\unlock.exe autoplay=true
MountPoints2: {8fe46cfb-fe0c-11e1-ac7b-002186d6a6a0} - G:\unlock.exe autoplay=true
MountPoints2: {be04cdfe-8e71-11e1-9567-806e6f6e6963} - F:\unlock.exe autoplay=true
HKLM-x32\...\Run: [DpAgent] - C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [ACPW05EN] - C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe [822384 2011-12-06] (ACD Systems)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM - {1AEF30EF-CBF6-4C2F-9FCC-E4E0F3789BC5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {49466937-7E88-41B7-A3AD-9F266304076B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 - {1AEF30EF-CBF6-4C2F-9FCC-E4E0F3789BC5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {49466937-7E88-41B7-A3AD-9F266304076B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtAzz0BtAyB0BtCtC0B0CyD0C0CtN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1776788399
SearchScopes: HKCU - Backup.Old.DefaultScope {A4A5C522-B89D-4014-9CBF-0C4722782227}
SearchScopes: HKCU - {1AEF30EF-CBF6-4C2F-9FCC-E4E0F3789BC5} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: ipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======


CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Gene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Gene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Gene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Gene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Gene\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Gene\AppData\Local\funmoods-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [217216 2008-05-30] (AuthenTec, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60160 2011-01-07] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 NtrigDigitizerUSBLowerFilter; C:\Windows\System32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [6656 2008-07-27] (Windows ® Codename Longhorn DDK provider)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Motorola Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-14 04:07 - 2013-08-14 04:07 - 00000000 ____D C:\FRST
2013-08-14 03:53 - 2013-08-14 03:53 - 00004361 _____ C:\Users\Gene\Desktop\instructions.txt
2013-08-10 07:08 - 2013-08-10 07:08 - 00010381 _____ C:\Users\Gene\Desktop\fbi.txt
2013-08-09 14:07 - 2013-08-09 16:57 - 00000000 ____D C:\Users\Gene\Desktop\mbar
2013-08-09 13:58 - 2013-08-09 13:58 - 00000000 ____D C:\Users\Gene\Desktop\mbam-chameleon-1.62.1.1000
2013-08-09 13:57 - 2013-08-09 13:57 - 01440846 _____ C:\Users\Gene\Desktop\mbam-chameleon-1.62.1.1000.zip
2013-08-09 12:48 - 2013-08-09 12:50 - 00004654 _____ C:\Users\Gene\Desktop\Rkill.txt
2013-08-09 12:48 - 2013-08-09 12:48 - 00000000 ____D C:\Users\Gene\Desktop\rkill
2013-08-09 07:27 - 2013-08-09 09:31 - 04910760 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-09 07:19 - 2013-08-14 04:08 - 00000000 ____D C:\Users\Gene\AppData\Local\KB9391109
2013-08-08 04:37 - 2013-08-08 04:37 - 00085088 _____ C:\Users\Gene\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-08 00:02 - 2013-08-08 00:02 - 00000165 _____ C:\ProgramData\awgxthjnaguefymbcmn.reg
2013-08-07 23:57 - 2013-08-07 23:57 - 00000165 _____ C:\ProgramData\nxgtrcqcvdejbqayxaj.reg
2013-08-07 20:32 - 2013-08-07 20:40 - 771949354 _____ C:\Users\Gene\Desktop\Ice2_0001.mov
2013-08-05 07:04 - 2013-08-05 07:04 - 96205586 _____ C:\Users\Gene\Desktop\IMG_0950.mov
2013-08-04 22:40 - 2013-08-04 22:40 - 236730310 _____ C:\Users\Gene\Desktop\Clouds.mov
2013-08-04 22:25 - 2013-08-05 08:51 - 00003071 _____ C:\Users\Gene\Desktop\ost officwe.txt
2013-08-04 06:40 - 2013-08-04 06:41 - 00000000 ___HD C:\Users\Gene\Desktop\[Originals]
2013-08-03 17:40 - 2013-08-04 12:52 - 597217015 _____ C:\Users\Gene\Desktop\Test_0002.mov
2013-08-03 02:59 - 2013-08-03 03:41 - 194240926 _____ C:\Users\Gene\Desktop\BridgeFire.mov
2013-08-02 18:46 - 2013-08-02 22:08 - 00000032 _____ C:\Users\Gene\Desktop\Test_0001.mov
2013-07-29 21:26 - 2013-07-29 21:26 - 00765564 _____ C:\Users\Gene\Desktop\ixus130_sd1400-100a-1.1.0-2976-full_BETA.zip
2013-07-27 06:57 - 2013-07-27 06:57 - 00000000 ____D C:\Users\Gene\Documents\Adobe
2013-07-27 06:46 - 2013-07-27 06:46 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-27 06:28 - 2013-07-27 06:28 - 00000000 ____D C:\Users\Gene\Desktop\Adobe
2013-07-26 06:03 - 2013-07-26 06:03 - 00258183 _____ C:\Users\Gene\Desktop\content_guide_5_20_2013.mov
2013-07-26 03:43 - 2013-07-26 03:43 - 00006340 _____ C:\Users\Gene\Desktop\rant.txt
2013-07-25 03:17 - 2013-07-25 03:17 - 00004136 _____ C:\Users\Gene\Documents\PhotoRules.txt
2013-07-23 11:53 - 2013-07-23 11:53 - 00519699 _____ C:\Users\Gene\Desktop\Ice_0001.mov
2013-07-23 09:58 - 2013-07-25 03:16 - 00002607 _____ C:\Users\Gene\Documents\Bohemian Rhapsody.txt
2013-07-20 02:48 - 2013-07-20 15:26 - 00000004 _____ C:\Users\Gene\AppData\Roaming\cache.ini
2013-07-19 02:28 - 2013-07-20 18:38 - 00000000 ____D C:\Users\Gene\AppData\Local\MainConcept (Muvee Consumer)
2013-07-18 00:33 - 2013-07-18 00:36 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-08-14 04:09 - 2013-08-14 04:09 - 01575544 _____ (Farbar) C:\Users\Gene\Desktop\FRST64.exe
2013-08-14 04:08 - 2013-08-09 07:19 - 00000000 ____D C:\Users\Gene\AppData\Local\KB9391109
2013-08-14 04:07 - 2013-08-14 04:07 - 00000000 ____D C:\FRST
2013-08-14 03:53 - 2013-08-14 03:53 - 00004361 _____ C:\Users\Gene\Desktop\instructions.txt
2013-08-14 03:53 - 2012-09-08 07:04 - 02074810 _____ C:\Windows\WindowsUpdate.log
2013-08-14 03:48 - 2013-05-21 13:50 - 02614272 ___SH C:\Users\Gene\Desktop\Thumbs.db
2013-08-14 03:41 - 2012-09-08 05:42 - 00009728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 03:41 - 2012-09-08 05:42 - 00009728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 03:31 - 2012-07-20 04:31 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-14 03:30 - 2013-05-29 16:25 - 00089304 _____ C:\Windows\setupact.log
2013-08-14 03:30 - 2012-08-30 15:19 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 03:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-10 07:08 - 2013-08-10 07:08 - 00010381 _____ C:\Users\Gene\Desktop\fbi.txt
2013-08-09 16:57 - 2013-08-09 14:07 - 00000000 ____D C:\Users\Gene\Desktop\mbar
2013-08-09 16:36 - 2013-07-10 10:47 - 00002140 _____ C:\Windows\PFRO.log
2013-08-09 13:58 - 2013-08-09 13:58 - 00000000 ____D C:\Users\Gene\Desktop\mbam-chameleon-1.62.1.1000
2013-08-09 13:57 - 2013-08-09 13:57 - 01440846 _____ C:\Users\Gene\Desktop\mbam-chameleon-1.62.1.1000.zip
2013-08-09 12:50 - 2013-08-09 12:48 - 00004654 _____ C:\Users\Gene\Desktop\Rkill.txt
2013-08-09 12:48 - 2013-08-09 12:48 - 00000000 ____D C:\Users\Gene\Desktop\rkill
2013-08-09 11:10 - 2012-09-08 20:25 - 00000000 ____D C:\Users\Gene\Photo
2013-08-09 09:31 - 2013-08-09 07:27 - 04910760 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-09 07:42 - 2012-03-10 02:54 - 00000000 ___RD C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-08 04:37 - 2013-08-08 04:37 - 00085088 _____ C:\Users\Gene\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-08 00:02 - 2013-08-08 00:02 - 00000165 _____ C:\ProgramData\awgxthjnaguefymbcmn.reg
2013-08-07 23:57 - 2013-08-07 23:57 - 00000165 _____ C:\ProgramData\nxgtrcqcvdejbqayxaj.reg
2013-08-07 20:40 - 2013-08-07 20:32 - 771949354 _____ C:\Users\Gene\Desktop\Ice2_0001.mov
2013-08-05 19:49 - 2013-06-20 09:26 - 00003178 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGene
2013-08-05 19:49 - 2013-06-20 09:26 - 00000330 _____ C:\Windows\Tasks\HPCeeScheduleForGene.job
2013-08-05 08:51 - 2013-08-04 22:25 - 00003071 _____ C:\Users\Gene\Desktop\ost officwe.txt
2013-08-05 07:04 - 2013-08-05 07:04 - 96205586 _____ C:\Users\Gene\Desktop\IMG_0950.mov
2013-08-04 22:40 - 2013-08-04 22:40 - 236730310 _____ C:\Users\Gene\Desktop\Clouds.mov
2013-08-04 12:52 - 2013-08-03 17:40 - 597217015 _____ C:\Users\Gene\Desktop\Test_0002.mov
2013-08-04 06:41 - 2013-08-04 06:40 - 00000000 ___HD C:\Users\Gene\Desktop\[Originals]
2013-08-03 03:41 - 2013-08-03 02:59 - 194240926 _____ C:\Users\Gene\Desktop\BridgeFire.mov
2013-08-02 22:08 - 2013-08-02 18:46 - 00000032 _____ C:\Users\Gene\Desktop\Test_0001.mov
2013-08-02 19:41 - 2012-03-10 09:26 - 00000000 ____D C:\Program Files\Adobe
2013-08-02 08:18 - 2012-08-30 15:19 - 00000000 ____D C:\Users\Gene\AppData\Local\Google
2013-07-29 21:26 - 2013-07-29 21:26 - 00765564 _____ C:\Users\Gene\Desktop\ixus130_sd1400-100a-1.1.0-2976-full_BETA.zip
2013-07-28 04:56 - 2013-02-27 20:37 - 00020083 _____ C:\Users\Gene\Documents\questions.txt
2013-07-27 07:48 - 2012-03-10 03:07 - 00000000 ____D C:\Users\Gene\AppData\Roaming\Adobe
2013-07-27 06:57 - 2013-07-27 06:57 - 00000000 ____D C:\Users\Gene\Documents\Adobe
2013-07-27 06:57 - 2012-03-10 08:51 - 00000000 ____D C:\Users\Gene\AppData\Local\Adobe
2013-07-27 06:46 - 2013-07-27 06:46 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-27 06:46 - 2008-10-31 13:08 - 00000000 ____D C:\ProgramData\Adobe
2013-07-27 06:28 - 2013-07-27 06:28 - 00000000 ____D C:\Users\Gene\Desktop\Adobe
2013-07-26 06:03 - 2013-07-26 06:03 - 00258183 _____ C:\Users\Gene\Desktop\content_guide_5_20_2013.mov
2013-07-26 03:43 - 2013-07-26 03:43 - 00006340 _____ C:\Users\Gene\Desktop\rant.txt
2013-07-25 07:14 - 2013-07-01 21:31 - 00010350 _____ C:\Users\Gene\Desktop\Camera Serial Numbers.xlsx
2013-07-25 03:17 - 2013-07-25 03:17 - 00004136 _____ C:\Users\Gene\Documents\PhotoRules.txt
2013-07-25 03:16 - 2013-07-23 09:58 - 00002607 _____ C:\Users\Gene\Documents\Bohemian Rhapsody.txt
2013-07-23 11:53 - 2013-07-23 11:53 - 00519699 _____ C:\Users\Gene\Desktop\Ice_0001.mov
2013-07-23 06:15 - 2012-09-08 13:37 - 00000228 _____ C:\Users\Gene\AppData\Roaming\wklnhst.dat
2013-07-22 17:45 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-20 18:38 - 2013-07-19 02:28 - 00000000 ____D C:\Users\Gene\AppData\Local\MainConcept (Muvee Consumer)
2013-07-20 15:26 - 2013-07-20 02:48 - 00000004 _____ C:\Users\Gene\AppData\Roaming\cache.ini
2013-07-19 02:04 - 2012-04-16 16:44 - 00000000 ____D C:\Users\Gene\Documents\DisplayPaymentReportNTTA_files
2013-07-18 00:43 - 2012-08-30 15:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 00:36 - 2013-07-18 00:33 - 00000000 ____D C:\Windows\system32\MRT

Files to move or delete:
====================
C:\ProgramData\awgxthjnaguefymbcmn.reg
C:\ProgramData\nxgtrcqcvdejbqayxaj.reg
C:\Users\Gene\AppData\Roaming\cache.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-02 03:18

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013
Ran by Gene at 2013-08-14 04:09:16
Running from C:\Users\Gene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IT70VTV9
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32)
ACDSee Pro 5 (x32 Version: 5.1.137)
ACDSee Pro 6 (Version: 6.2.212)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Download Assistant (x32 Version: 1.0.6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.180)
Adobe Photoshop 6.0 (x32 Version: 6.0)
Adobe Reader 9.5.5 (x32 Version: 9.5.5)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Fuel (Version: 2012.0806.1213.19931)
AMD USB Audio Driver Filter (x32 Version: 1.0.7.0031)
AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
AuthenTec Fingerprint Sensor Minimum Install (x32 Version: 7.10.0.1129)
BlackFrame NR (x32)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.48.35)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931)
Catalyst Control Center InstallProxy (x32 Version: 2008.0929.1508.25258)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931)
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931)
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931)
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931)
CCC Help Czech (x32 Version: 2012.0806.1212.19931)
CCC Help Danish (x32 Version: 2012.0806.1212.19931)
CCC Help Dutch (x32 Version: 2012.0806.1212.19931)
CCC Help English (x32 Version: 2012.0806.1212.19931)
CCC Help Finnish (x32 Version: 2012.0806.1212.19931)
CCC Help French (x32 Version: 2012.0806.1212.19931)
CCC Help German (x32 Version: 2012.0806.1212.19931)
CCC Help Greek (x32 Version: 2012.0806.1212.19931)
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931)
CCC Help Italian (x32 Version: 2012.0806.1212.19931)
CCC Help Japanese (x32 Version: 2012.0806.1212.19931)
CCC Help Korean (x32 Version: 2012.0806.1212.19931)
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931)
CCC Help Polish (x32 Version: 2012.0806.1212.19931)
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931)
CCC Help Russian (x32 Version: 2012.0806.1212.19931)
CCC Help Spanish (x32 Version: 2012.0806.1212.19931)
CCC Help Swedish (x32 Version: 2012.0806.1212.19931)
CCC Help Thai (x32 Version: 2012.0806.1212.19931)
CCC Help Turkish (x32 Version: 2012.0806.1212.19931)
ccc-utility64 (Version: 2012.0806.1213.19931)
CCleaner (Version: 4.03)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink DVD Suite (x32 Version: 6.0.2203)
DeepSkyStacker (x32 Version: 3.2.0)
DigitalPersona Personal 4.11 (Version: 4.11.3826)
DivX Setup (x32 Version: 2.6.1.8)
dows Driver Package - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
DriveImage XML (Private Edition) (x32 Version: 2.30)
ESU for Microsoft Vista (x32 Version: 1.0.0)
EXIF Date Changer v2.7 (x32)
Exifer (x32)
EXIFutils for Windows (Version: 3.14)
Google Chrome (x32 Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
GoPro CineForm Studio 1.3.1 (x32 Version: 1.3.1)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
HijackThis 2.0.2 (x32 Version: 2.0.2)
HotPixels Eliminator for Digital Cameras 1.0 (x32)
HP Active Support Library (x32 Version: 3.1.9.1)
HP Customer Experience Enhancements (x32 Version: 5.7.0.2664)
HP Doc Viewer (x32 Version: 1.03.0001)
HP Help and Support (x32 Version: 2.1.3.0)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 (Version: 6.0.1.6204)
HP MediaSmart DVD (x32 Version: 2.0.2126)
HP MediaSmart Live TV (x32 Version: 3.1.2206)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2229)
HP MediaSmart SmartMenu (Version: 2.0.11)
HP MediaSmart Webcam (x32 Version: 2.0.0926)
HP Product Detection (x32 Version: 11.14.0001)
HP Quick Launch Buttons (x32 Version: 6.50.13.1)
HP Total Care Advisor (x32 Version: 2.4.4941.2798)
HP Total Care Setup (x32 Version: 1.1.1983.2818)
HP Update (x32 Version: 5.005.000.002)
HP User Guides 0123 (x32 Version: 1.01.0000)
HP Wireless Assistant (x32 Version: 3.00 K2)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.7)
iCloud (Version: 2.1.0.39)
IrfanView (remove only) (x32 Version: 4.35)
iTunes (Version: 11.0.1.12)
Java 6 Update 31 (x32 Version: 6.0.310)
Java 6 Update 7 (x32 Version: 1.6.0.70)
JGsoft EditPad Pro 4.5.5 (x32)
JNLP (HKCU)
LabelPrint (x32 Version: 2.5.0926)
LightScribe System Software  1.14.17.1 (x32 Version: 1.14.17.1)
Luminance HDR 2.3.1
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Player Codec Pack 4.1.9 (x32 Version: 4.1.9)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Motorola SM56 Data Fax Modem (Version: 6.12.25.06)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
muvee Reveal (x32 Version: 7.0.43.12698)
My HP Games (x32 Version: 1.0.0.62)
N-trig Software Bundle (x32 Version: 1.89.126)
PhotoMove 2.0 version 2.0 (x32 Version: 2.0)
Picturenaut 3.2 (Version: 3.2.0.1698)
Power2Go (x32 Version: 6.0.2202)
PowerDirector (x32 Version: 7.0.2209)
QLBCASL (x32 Version: 6.40.17.2)
QuickTime (x32 Version: 7.73.80.64)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000)
Realtek USB 2.0 Card Reader (x32 Version: 3.0.1.3)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30098)
RegiStax 6 (HKCU)
RegiStax 6.1.0.8 update (HKCU)
SES Driver (Version: 1.0.0)
SlingPlayer (x32 Version: 1.04.0206)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
WD Drive Utilities (x32 Version: 1.0.3.3)
WD SmartWare (Version: 1.6.4.7)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (Version: 03/07/2012 )
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (Version: 09/09/2009 1.0.0.0)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (Version: 03/06/2009 1.0.0008.0)

==================== Restore Points  =========================

02-08-2013 13:19:06 Microsoft Antimalware Checkpoint
03-08-2013 00:31:05 Removed Adobe Photoshop Lightroom 5 64-bit.
03-08-2013 00:35:26 Removed Adobe Photoshop Lightroom 5 64-bit.
04-08-2013 05:45:57 Windows Update
07-08-2013 13:06:05 Windows Update
08-08-2013 04:59:49 Microsoft Antimalware Checkpoint
09-08-2013 12:31:04 Microsoft Antimalware Checkpoint
14-08-2013 08:33:13 Microsoft Antimalware Checkpoint
14-08-2013 08:49:29 Windows Update

==================== Hosts content: ==========================

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {02A13DA6-3691-4794-9C5F-6D84187F5201} - System32\Tasks\{9B0D8938-F849-4112-8399-7159777084B6} => C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6.exe [2013-03-01] (ACD Systems)
Task: {0834B7B3-1112-4DD5-8D3B-61073337E08D} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {0AB909D3-333A-463B-BBD8-1D94E113F53D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {132DEAF5-786A-490D-ACAC-8363BC47EAC4} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-06] (CyberLink Corp.)
Task: {24BB1227-95DC-4A99-846B-D5C4F7C2AF46} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {43376253-10F6-4F0C-939C-BA0D53490F2E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {46C92EFB-B812-4B79-ACE1-775A04F4506F} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2009-07-13] (Microsoft Corp.)
Task: {4EAB0D42-86D2-493E-B841-D4D20B0AF972} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {5B616B43-95ED-4F9E-9EAD-172821CAE07B} - System32\Tasks\User_Feed_Synchronization-{D7C075EE-A73E-4766-918B-9D16264F51B0} => C:\Windows\system32\msfeedssync.exe [2013-03-22] (Microsoft Corporation)
Task: {5DE37F1A-94AC-4566-9D75-F7E14D2F617A} - System32\Tasks\{81B681E1-2F33-44B2-AA9C-D7DB3599DA76} => C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6.exe [2013-03-01] (ACD Systems)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File
Task: {8F38B437-18D2-48D5-94CC-5A0AAFFB3349} - System32\Tasks\HPCeeScheduleForGene => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {8F3E9650-169F-46BB-9BCD-61BBA363FB20} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe No File
Task: {958011A5-6691-4574-9AA3-E9A059E9FE24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe No File
Task: {B60C99FA-8ECB-4337-B556-E6BB9BB87998} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {D3FEDA2E-C7F5-444D-A967-D0D76DFE6A8C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {D63D1FB0-F8FF-499A-9291-363363B2FEFB} - System32\Tasks\bProtector => C:\Windows\system32\sc.exe [2009-07-13] (Microsoft Corporation)
Task: {E32C4887-A929-4585-ADD9-F4CB58E1A2A5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2010-11-20] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGene.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2013 03:33:12 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {cfe2e807-067e-499b-b395-768471c683f2}

Error: (08/14/2013 03:31:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 01:25:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 01:19:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 04:39:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 04:35:30 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Users\Gene\Desktop\mbar\mbar.exe; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

Error: (08/09/2013 04:07:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 04:03:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 03:28:56 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Users\Gene\Desktop\mbar\mbar.exe; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).

Error: (08/09/2013 11:41:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/14/2013 03:51:21 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (08/14/2013 03:31:02 AM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.1.3, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Error: (08/14/2013 03:31:02 AM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (08/14/2013 03:30:16 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (08/14/2013 03:30:16 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (08/14/2013 03:30:16 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (08/14/2013 03:28:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/14/2013 03:28:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/14/2013 03:28:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/14/2013 03:27:50 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Microsoft Office Sessions:
=========================
Error: (12/07/2012 04:39:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 199 seconds with 60 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2012-09-08 03:37:02.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 03:37:01.872
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 03:37:01.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 03:37:01.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-08 03:37:01.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-07 22:19:50.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-07 22:19:50.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-07 22:19:50.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-07 22:19:49.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-09-07 22:19:49.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Link to post
Share on other sites

  • Staff

Hello 1sennafan

I need you to download this script I have made for you --> fixlist.txt

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.

When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Gringo

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-08-2013
Ran by Gene at 2013-08-14 19:09:59 Run:1
Running from C:\Users\Gene\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
C:\ProgramData\awgxthjnaguefymbcmn.reg => Moved successfully.
C:\ProgramData\nxgtrcqcvdejbqayxaj.reg => Moved successfully.
C:\Users\Gene\AppData\Roaming\cache.ini => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

Hello 1sennafan

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/14/2013 at 22:22:29
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Gene - GENETABLETPC
# Boot Mode : Normal
# Running from : C:\Users\Gene\Desktop\AdwCleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Users\Gene\AppData\Local\Zoom_Downloader

***** [Registry] *****

Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\73114773221019235852456571343895254621514098520
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Gene\AppData\Local\Google\Chrome\User Data\Default\Preferences

*************************

AdwCleaner[R2].txt - [3254 octets] - [21/03/2013 15:17:53]
AdwCleaner[R3].txt - [2208 octets] - [14/08/2013 22:22:29]
AdwCleaner[s1].txt - [7040 octets] - [20/03/2013 18:42:35]

########## EOF - C:\AdwCleaner[R3].txt - [2328 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gene on Wed 08/14/2013 at 22:07:40.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A4A5C522-B89D-4014-9CBF-0C4722782227}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1AEF30EF-CBF6-4C2F-9FCC-E4E0F3789BC5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{49466937-7E88-41B7-A3AD-9F266304076B}

 

~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\bprotector"
Successfully deleted: [Folder] "C:\Users\Gene\appdata\local\babylon"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/14/2013 at 22:15:53.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

  • Staff

Hello 1sennafan

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

  • Staff

For over a year it has been compatible

Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.