Jump to content

Wayfair_Furniture_Malware_Infection


zraj07
 Share

Recommended Posts

Visited a website called wayfair furniture.

At some point during navigation, Internet Explorer began to respond very slowly. Then it would not close. Google Chrome seemed to be unaffected. Internet via cable, running McAfee AV, all the latest defintions in place. No threats noted.

My system is Win 7 with the latest updates.

 

Thought maybe the poor weather was causing cable connectivity issues resulting in poor IE performance.

But noticed it was not possible to do a system restart. System just "hangs". Had to power off. Upon restart, everything seemed to be fine. IE worked...But within  a minute or so, IE failed to respond. Then, trying to open Chrome, that failed to respond as well.

However, all folder navigation seemed to function fine.

Beliveing a malware infection, tried running MalwareBytes. It would start a Quick Scan, but then fail to respond. It scanned a few folders.

Unable to terminate MalwareBytes. Power off shutdown and tried again, but tried the McAfee route and chose their scan tool. This also faikled to complete a scan. Just hangs the system.

 

Tried this a few times, noticed that MalwareBytes would cease scanning, but not at the same files, so there was no pattern to what was kmaking it hang.

Running Windows from Safe Mode allows the MalwareBytes tool to run to completion. It tells me no issues found. I also had TDSS Killer, and a run of that in Safe Mode said no issues existed.

But once you restart Windows, it seems that after some specified number of minutes IE will fail to function. Onvce it fails, then Chrome seems to follow along.

However, if you open Chrome first, and don't load IE, then the system seems to work fine (until you try to scan with Malware Bytes).

(I was able to download the latest version of IE from Chrome and install it successfully).

 

I don't know if I am dealing with a McAfee update that is just preventing MalwareBytes from running.

McAfee doesn't identify MalwareBytes as a threat (if it sees it as one). McAfee says my system is a-ok, no threats..

 

I have had experience with MalwareBytes in the past. I know it works. Usually, it runs and scans with no issues from my McAfee. I don't go to sites where I'd expect to pick up malware, but I would tell people to avoid the Arizona Shuttle Bus Service website, as I believe it infected me with an exploit trojan last year, although I can tell you their service is genuine, but just too bad that someone managed to load something bad onto their website..

 

I guess, before I pester people at MalwareBytes with logfiles, etc, , is there someting I can do to eliminate my McAfee as a suspect in terms of why my Malware Bytes scan will not run (but recall, it runs fine in Safe Mode). I hesitate to turn it of, because I am concerned that the malware may be waiting for me to do just that..

 

 

Link to post
Share on other sites

Hello zraj07 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/4/2010 9:34:27 PM
System Uptime: 11/13/2013 5:28:55 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | E66
Processor: Intel® Core i7 CPU       Q 720  @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 651.093 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.686 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfehidk
Device ID: ROOT\LEGACY_MFEHIDK\0000
Manufacturer:
Name: McAfee Inc. mfehidk
PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
Service: mfehidk
.
==== System Restore Points ===================
.
RP303: 10/9/2013 4:38:59 AM - Windows Update
RP304: 10/17/2013 12:00:04 AM - Scheduled Checkpoint
RP305: 10/25/2013 12:00:01 AM - Scheduled Checkpoint
RP306: 11/1/2013 12:00:01 AM - Scheduled Checkpoint
RP307: 11/8/2013 12:00:01 AM - Scheduled Checkpoint
RP308: 11/11/2013 8:01:26 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
AIS Data Handler
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BIAS SoundSoap SE 2.2
Bing Bar
Bing Maps 3D
Bluetooth by hp
Bonjour
Brother's Keeper 6.4
Bulk Rename Utility 2.7.1.2
Buttons & OSDs control application gen3
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
Content Manager
Corel Paint it! touch - IPM
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignPro 5
DirectX for Managed Code Update (Summer 2004)
DVD Menu Pack for HP TouchSmart Video
Epson Connect
Epson Connect Printer Setup
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
EPSON NX430 Series Printer Uninstall
EPSON Scan
EpsonNet Print
Facebook Video Calling 1.2.0.287
Fitbit Connect
GIS Tutorial 1 - Student Resources
Google Chrome
Google Earth
Google Update Helper
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Ambient Light
HP Customer Experience Enhancements
HP Games
HP MAINSTREAM KEYBOARD
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP TouchSmart
HP TouchSmart Browser
HP TouchSmart Calendar
HP TouchSmart Canvas
HP TouchSmart Clock
HP TouchSmart Link
HP TouchSmart Music/Photo/Video
HP TouchSmart Notes
HP TouchSmart Paint it! by Corel
HP TouchSmart Paint it! by Corel - Content
HP TouchSmart Paint it! by Corel - Core
HP TouchSmart Paint it! by Corel - ICA
HP TouchSmart Paint it! by Corel - Langauge
HP TouchSmart RecipeBox
HP TouchSmart RSS
HP TouchSmart Tutorials
HP TouchSmart Twitter
HP TouchSmart Weather
HP TouchSmart Webcam
HP Update
HPDiagnosticAlert
Hulu Desktop
Image Resizer Powertoy Clone for Windows (64 bit)
Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32
iTunes
Java Auto Updater
Java 6 Update 26
Juniper Networks Cache Cleaner 6.3.0
Juniper Networks Host Checker
Juniper Networks Network Connect 6.3.0
Juniper Networks Setup Client
Junk Mail filter update
LG USB Modem driver
LTCM Client
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee AntiVirus Plus
McAfee Security Scan Plus
McAfee Virtual Technician
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Native Client
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.0
MobileMe Control Panel
Movie Maker 6.0 for Windows 7 (64-bit)
Movie Theme Pack for HP TouchSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 296.19
NVIDIA Display Control Panel
NVIDIA Graphics Driver 296.19
NVIDIA Install Application
NVIDIA Update 1.7.12
NVIDIA Update Components
Picasa 3
PlayReady PC Runtime amd64
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
SketchUp 8
SmartSound Quicktracks Plugin
SmartSound Sonicfire Pro 5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
11/13/2013 5:31:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
11/13/2013 5:30:35 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
11/13/2013 5:30:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/13/2013 5:30:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/13/2013 5:30:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/13/2013 5:30:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/13/2013 5:30:33 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2013 5:30:27 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/13/2013 5:29:17 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:  The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/13/2013 4:40:01 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
11/12/2013 7:02:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/12/2013 7:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
11/12/2013 6:30:20 AM, Error: mbamchameleon [61440]  -
11/12/2013 10:36:22 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
11/11/2013 7:47:15 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
 

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16720
Run by Bob_Barb at 5:31:21 on 2013-11-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6103.4862 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.






mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130316032629.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [CmTray] "C:\Program Files (x86)\Content Manager\launchCM.exe"
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus NX430" /EF "HKCU"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Bob_Barb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com








TCP: Interfaces\{3B0235CC-F961-4355-A83C-61AD65A5558B} : DHCPNameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{C711AD4E-7C81-4B92-8F37-D6CB8255A279} : DHCPNameServer = 192.168.1.1 64.233.207.8 64.233.207.9
TCP: Interfaces\{C711AD4E-7C81-4B92-8F37-D6CB8255A279}\6594A594F4 : DHCPNameServer = 192.168.1.1 64.233.207.8 64.233.207.9
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130316032629.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-1-24 340216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-14 55280]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2010-5-31 17992]
R3 FintekCIR;Fintek eHome Transceiver;C:\Windows\System32\drivers\FintekCIR.sys [2010-12-22 30824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-31 56344]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\System32\drivers\hidkmdf.sys [2010-5-31 14328]
R3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\System32\drivers\NW1950.sys [2010-5-31 25080]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-1-24 771536]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/05/31 12:58:44];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-5-31 146928]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-31 98208]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-9-10 22072]
S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-1-15 127984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-1-8 151648]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
S2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-14 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-14 201304]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-14 201304]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-1-24 241456]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-1-24 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-24 182752]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-31 35104]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-1-24 70112]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-14 196440]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-1-24 309840]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-1-24 515968]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-1-24 106552]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-13 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-31 239616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-13 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2013-2-2 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-5 1255736]
.
=============== Created Last 30 ================
.
2013-11-13 10:42:52 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{49B24C89-3553-425E-A2A5-0F5C0649E4ED}
2013-11-13 10:31:24 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{CCE938C4-D103-4942-AE0F-E8C98CE9978B}
2013-11-13 00:37:40 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{5B01677C-476A-49F4-81EE-56FF1CE196EB}
2013-11-12 13:00:22 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{D87869D2-4873-4CA9-8D82-7B6A25D62261}
2013-11-12 12:55:07 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{004140B3-E95B-48DE-8D21-974DA9B3C133}
2013-11-12 12:44:07 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{FFC432AC-B75F-4FD6-920E-0B644E25ECBA}
2013-11-12 12:15:00 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-12 00:38:43 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{7006D9A0-B550-404F-9D3F-3916A34D9D1C}
2013-11-12 00:28:32 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{E76D3EFD-A1B6-47E7-A569-753A1E4C4E13}
2013-11-09 01:44:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 01:44:51 -------- d-----w- C:\Program Files\iTunes
2013-11-09 01:44:51 -------- d-----w- C:\Program Files\iPod
2013-11-09 01:44:51 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2013-10-09 13:45:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 13:45:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH:  5:32:44.21 ===============

Link to post
Share on other sites

Step 1

Please uninstall this application: Coupon Printer for Windows

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • Step 4
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    Step 5

    • Download on the desktop RogueKiller
    • Quit all programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished ...
    • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
    Note: Don't fix anything without my instructions

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
    • RogueKiller log
Link to post
Share on other sites

# AdwCleaner v3.012 - Report created 13/11/2013 at 21:38:32
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bob_Barb - BOBBARBDESKTOP
# Running from : C:\Users\Bob_Barb\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [998 octets] - [13/11/2013 21:37:19]
AdwCleaner[s0].txt - [926 octets] - [13/11/2013 21:38:32]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [985 octets] ##########

 

alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.13.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16721
Bob_Barb :: BOBBARBDESKTOP [administrator]

11/13/2013 9:57:31 PM
mbam-log-2013-11-13 (21-57-31).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 538952
Time elapsed: 1 hour(s), 14 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Bob_Barb\Documents\Storage\H_Drive_Data\accesspv.exe (PUP.Password.Viewer) -> Quarantined and deleted successfully.
C:\Users\Bob_Barb\Documents\Storage\H_Drive_Data\GIS_Stuff\accesspv.zip (PUP.Password.Viewer) -> Quarantined and deleted successfully.
C:\Users\Bob_Barb\Documents\Storage\MyDocs_25Jul12\My Documents\accesspv.exe (PUP.Password.Viewer) -> Quarantined and deleted successfully.
C:\Users\Bob_Barb\Documents\Storage\MyDocs_25Jul12\My Documents\GIS_Stuff\accesspv.zip (PUP.Password.Viewer) -> Quarantined and deleted successfully.

(end)

 

 

RogueKiller V8.7.7 _x64_ [Nov 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Bob_Barb [Admin rights]
Mode : Scan -- Date : 11/13/2013 23:20:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] AdwCleaner.exe -- C:\Users\Bob_Barb\Desktop\AdwCleaner.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA332 +++++
--- User ---
[MBR] 9aaf2cd6d507eec1493f599578054c9d
[bSP] 5b897ff099118a0f08861acd82c095a9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941637 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1928679424 | Size: 12130 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE3 @ USB) Generic Flash Disk USB Device +++++
--- User ---
[MBR] 8a1f412dcb8a6f79453545b745f2c3c7
[bSP] d043f3abe1d852a91224723c5930d39b : Legit.A MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2048 | Size: 941 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11132013_232040.txt >>

 

 

JRT_output.txt

 

Link to post
Share on other sites

Unable to run any of the previously listed programs in anything except Safe Mode.

Unable to delete Coupon Printer, although this was one of the first programs I had on my computer when I purchased it from HP, and was one of the first programs I tried to uninstall back then with no success.

I was aware that I had a program callled accesspv, found by MalwareBytes after doing a complete scan. I used this tool to unlock excel worksheets. Was not aware it was malware, although I knew that it performed a specific function. It is now deleted.

Rougekiller reported items, but as you indicated, I did not do anything (no fixes/repairs) and exited the program after saving the report.

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

best I could do. Had to run in Safe Mode. It ran, but on reboot, it never did produce the report you see below. hours passed. Restarted and found this file myself in the location you specified. The only dialog  box said JANOSD2 kernel could not be loaded. Had to close that to proceed.

 

 

ComboFix 13-11-12.01 - Bob_Barb 11/14/2013  18:51:13.1.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6103.5286 [GMT -6:00]
Running from: C:\Users\Bob_Barb\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\install.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Users\Bob_Barb\Documents\ZDS22236.TMP
C:\Users\Bob_Barb\Documents\ZDS23225.TMP
C:\Users\Bob_Barb\Documents\ZDS23392.TMP
C:\Users\Bob_Barb\Documents\ZDS23692.TMP
C:\Users\Bob_Barb\Documents\ZDS24737.TMP
C:\Users\Bob_Barb\Documents\ZDS25116.TMP
C:\Windows\COUPon~1.ocx
C:\Windows\inf\win32
C:\Windows\inf\win32\0x0404.ini
C:\Windows\inf\win32\0x0405.ini
C:\Windows\inf\win32\0x0406.ini
C:\Windows\inf\win32\0x0407.ini
C:\Windows\inf\win32\0x0408.ini
C:\Windows\inf\win32\0x0409.ini
C:\Windows\inf\win32\0x040a.ini
C:\Windows\inf\win32\0x040b.ini
C:\Windows\inf\win32\0x040c.ini
C:\Windows\inf\win32\0x040e.ini
C:\Windows\inf\win32\0x0410.ini
C:\Windows\inf\win32\0x0411.ini
C:\Windows\inf\win32\0x0412.ini
C:\Windows\inf\win32\0x0413.ini
C:\Windows\inf\win32\0x0414.ini
C:\Windows\inf\win32\0x0415.ini
C:\Windows\inf\win32\0x0416.ini
C:\Windows\inf\win32\0x0418.ini
C:\Windows\inf\win32\0x0419.ini
C:\Windows\inf\win32\0x041a.ini
C:\Windows\inf\win32\0x041d.ini
C:\Windows\inf\win32\0x041f.ini
C:\Windows\inf\win32\0x0804.ini
C:\Windows\inf\win32\0x0816.ini
C:\Windows\inf\win32\1028.mst
C:\Windows\inf\win32\1029.mst
C:\Windows\inf\win32\1030.mst
C:\Windows\inf\win32\1031.mst
C:\Windows\inf\win32\1032.mst
C:\Windows\inf\win32\1033.mst
C:\Windows\inf\win32\1034.mst
C:\Windows\inf\win32\1035.mst
C:\Windows\inf\win32\1036.mst
C:\Windows\inf\win32\1038.mst
C:\Windows\inf\win32\1040.mst
C:\Windows\inf\win32\1041.mst
C:\Windows\inf\win32\1042.mst
C:\Windows\inf\win32\1043.mst
C:\Windows\inf\win32\1044.mst
C:\Windows\inf\win32\1045.mst
C:\Windows\inf\win32\1046.mst
C:\Windows\inf\win32\1048.mst
C:\Windows\inf\win32\1049.mst
C:\Windows\inf\win32\1050.mst
C:\Windows\inf\win32\1053.mst
C:\Windows\inf\win32\1055.mst
C:\Windows\inf\win32\2052.mst
C:\Windows\inf\win32\2070.mst
C:\Windows\inf\win32\BBalloon.dll
C:\Windows\inf\win32\brcmVista\bcbthid32.cat
C:\Windows\inf\win32\brcmVista\bcbthid32.inf
C:\Windows\inf\win32\brcmVista\bcbtums-win7x86-brcm.cat
C:\Windows\inf\win32\brcmVista\Bcbtums-Win7x86-brcm.inf
C:\Windows\inf\win32\brcmVista\btusbflt.sys
C:\Windows\inf\win32\brcmVista\DPInst.exe
C:\Windows\inf\win32\brcmWin7\bcbthid32.cat
C:\Windows\inf\win32\brcmWin7\bcbthid32.inf
C:\Windows\inf\win32\brcmWin7\bcbtums-win7x86-brcm.cat
C:\Windows\inf\win32\brcmWin7\Bcbtums-Win7x86-brcm.inf
C:\Windows\inf\win32\brcmWin7\btusbflt.sys
C:\Windows\inf\win32\brcmWin7\DPInst.exe
C:\Windows\inf\win32\BtSetup.dll
C:\Windows\inf\win32\BTW.msi
C:\Windows\inf\win32\btw_ci.dll
C:\Windows\inf\win32\btwaudio.cat
C:\Windows\inf\win32\btwaudio.inf
C:\Windows\inf\win32\btwaudio.sys
C:\Windows\inf\win32\btwavdt.cat
C:\Windows\inf\win32\btwavdt.inf
C:\Windows\inf\win32\btwavdt.sys
C:\Windows\inf\win32\btwl2cap.cat
C:\Windows\inf\win32\btwl2cap.inf
C:\Windows\inf\win32\BTWL2CAP.sys
C:\Windows\inf\win32\BtwMM.exe
C:\Windows\inf\win32\btwprofpack.dll
C:\Windows\inf\win32\btwrchid.cat
C:\Windows\inf\win32\btwrchid.inf
C:\Windows\inf\win32\btwrchid.sys
C:\Windows\inf\win32\BtwRSupport.dll
C:\Windows\inf\win32\Data1.cab
C:\Windows\inf\win32\Inst.exe
C:\Windows\inf\win32\instmsia.exe
C:\Windows\inf\win32\instmsiw.exe
C:\Windows\inf\win32\Setup.exe
C:\Windows\inf\win32\Setup.ini
C:\Windows\inf\win32\svcpack\SvcPack.ini

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ACPIService

(((((((((((((((((((((((((   Files Created from 2013-10-15 to 2013-11-15  )))))))))))))))))))))))))))))))

2013-11-14 03:37:03 . 2013-11-14 03:49:25 -------- d-----w- C:\AdwCleaner
2013-11-13 23:23:27 . 2013-11-13 23:23:27 -------- d-----w- C:\Windows\ERUNT
2013-11-12 12:15:00 . 2013-11-12 12:30:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-09 01:44:51 . 2013-11-13 06:07:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 01:44:51 . 2013-11-13 06:07:06 -------- d-----w- C:\Program Files\iTunes
2013-11-09 01:44:51 . 2013-11-13 06:07:04 -------- d-----w- C:\Program Files\iPod
2013-11-09 01:44:51 . 2013-11-13 06:06:43 -------- d-----w- C:\Program Files (x86)\iTunes
.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-10-09 13:45:15 . 2012-06-07 20:30:01 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-09 13:45:15 . 2011-05-18 11:07:16 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 09:43:28 . 2010-06-08 11:05:42 80541720 ----a-w- C:\Windows\system32\MRT.exe
2013-09-22 23:28:06 . 2013-10-09 09:52:02 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 . 2013-10-09 09:52:05 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 . 2013-10-09 09:52:09 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 . 2013-10-09 09:52:09 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:16 . 2013-10-09 09:52:09 51712 ----a-w- C:\Windows\system32\ie4uinit.exe
2013-09-22 22:55:10 . 2013-10-09 09:52:02 2241024 ----a-w- C:\Windows\system32\wininet.dll
2013-09-22 22:55:07 . 2013-10-09 09:52:04 1365504 ----a-w- C:\Windows\system32\urlmon.dll
2013-09-22 22:54:55 . 2013-10-09 09:52:07 603136 ----a-w- C:\Windows\system32\msfeeds.dll
2013-09-22 22:54:55 . 2013-10-09 09:51:58 19252224 ----a-w- C:\Windows\system32\mshtml.dll
2013-09-22 22:54:51 . 2013-10-09 09:52:06 855552 ----a-w- C:\Windows\system32\jscript.dll
2013-09-22 22:54:51 . 2013-10-09 09:52:06 3959296 ----a-w- C:\Windows\system32\jscript9.dll
2013-09-22 22:54:51 . 2013-10-09 09:52:03 53248 ----a-w- C:\Windows\system32\jsproxy.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:10 526336 ----a-w- C:\Windows\system32\ieui.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:09 67072 ----a-w- C:\Windows\system32\iesetup.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:09 39936 ----a-w- C:\Windows\system32\iernonce.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:09 136704 ----a-w- C:\Windows\system32\iesysprep.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:08 2647552 ----a-w- C:\Windows\system32\iertutil.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:00 15404544 ----a-w- C:\Windows\system32\ieframe.dll
2013-09-21 03:38:39 . 2013-10-09 09:52:11 2706432 ----a-w- C:\Windows\system32\mshtml.tlb
2013-09-21 03:30:24 . 2013-10-09 09:52:10 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 . 2013-10-09 09:52:09 89600 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 . 2013-10-09 09:52:09 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 . 2013-10-09 09:38:12 497152 ----a-w- C:\Windows\system32\drivers\afd.sys
2013-09-08 02:30:37 . 2013-10-09 09:38:13 1903552 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-09-08 02:27:14 . 2013-10-09 09:38:13 327168 ----a-w- C:\Windows\system32\mswsock.dll
2013-09-08 02:03:58 . 2013-10-09 09:38:12 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 . 2013-10-09 09:34:33 343040 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2013-09-04 12:11:51 . 2013-10-09 09:34:33 325120 ----a-w- C:\Windows\system32\drivers\usbport.sys
2013-09-04 12:11:49 . 2013-10-09 09:34:33 99840 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
2013-09-04 12:11:43 . 2013-10-09 09:34:33 52736 ----a-w- C:\Windows\system32\drivers\usbehci.sys
2013-09-04 12:11:43 . 2013-10-09 09:34:33 30720 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
2013-09-04 12:11:42 . 2013-10-09 09:34:32 25600 ----a-w- C:\Windows\system32\drivers\usbohci.sys
2013-09-04 12:11:40 . 2013-10-09 09:34:33 7808 ----a-w- C:\Windows\system32\drivers\usbd.sys
2013-08-29 02:17:48 . 2013-10-09 09:38:23 5549504 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-08-29 02:16:35 . 2013-10-09 09:38:22 1732032 ----a-w- C:\Windows\system32\ntdll.dll
2013-08-29 02:16:28 . 2013-10-09 09:38:21 243712 ----a-w- C:\Windows\system32\wow64.dll
2013-08-29 02:16:14 . 2013-10-09 09:38:21 859648 ----a-w- C:\Windows\system32\tdh.dll
2013-08-29 02:13:28 . 2013-10-09 09:38:22 878080 ----a-w- C:\Windows\system32\advapi32.dll
2013-08-29 01:51:45 . 2013-10-09 09:38:22 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 . 2013-10-09 09:38:22 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 . 2013-10-09 09:38:20 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 . 2013-10-09 09:38:21 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 . 2013-10-09 09:38:21 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 . 2013-10-09 09:38:21 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 . 2013-10-09 09:38:20 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 . 2013-10-09 09:38:20 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 . 2013-10-09 09:38:20 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 . 2013-10-09 09:38:20 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 . 2013-10-09 09:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 . 2013-10-09 09:38:02 3155968 ----a-w- C:\Windows\system32\win32k.sys
2013-08-28 01:12:33 . 2013-10-09 09:37:54 461312 ----a-w- C:\Windows\system32\scavengeui.dll

 

Link to post
Share on other sites

I had to run ComboFix from Windows Safe Mode.

After it ran (and it seemed to run successfully from what I saw) , it rebooted the system.

Once the system rebooted, it was in Normal mode.

Combo fix said it was finishing up and going to produce a log file, but once the computer got going in Normal mode, ComboFix sat there for a couple of hours and the system became unresponsive.

 

I have tried to run ComboFix from the system in normal mode as well. The program only gets to a point where it tries to create a Sytem Restore Point.

 

It does not proceed from there.

Link to post
Share on other sites

I am running Combofix again from Safe Mode.

It tells me McAfee is active, but I checked and everything I could turn off was in Off mode

It says it completed 50 stages.

Preparing log report. do not run any programs until Combofix has finished.

Says "combofix log shall be located at C:\combofix.txt

alsmot done. this windoow will close in a short while.

 

 

OK..So now the report is completed.

 

This iwas a different set of behaviors this morning than yesterday evening, as yesterday evening after running Combofix it wanted to reboot into Normal mode and after that, the "incomplete log file" generated.

 

 

here is the new "complete file after running from Safe Mode:

 

ComboFix 13-11-12.01 - Bob_Barb 11/15/2013   5:18.2.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6103.4804 [GMT -6:00]
Running from: c:\users\Bob_Barb\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe
c:\users\Bob_Barb\Documents\ZDS22236.TMP
c:\users\Bob_Barb\Documents\ZDS23225.TMP
c:\users\Bob_Barb\Documents\ZDS23392.TMP
c:\users\Bob_Barb\Documents\ZDS23692.TMP
c:\users\Bob_Barb\Documents\ZDS24737.TMP
c:\users\Bob_Barb\Documents\ZDS25116.TMP
c:\windows\COUPon~1.ocx
c:\windows\inf\win32\0x0404.ini
c:\windows\inf\win32\0x0405.ini
c:\windows\inf\win32\0x0406.ini
c:\windows\inf\win32\0x0407.ini
c:\windows\inf\win32\0x0408.ini
c:\windows\inf\win32\0x0409.ini
c:\windows\inf\win32\0x040a.ini
c:\windows\inf\win32\0x040b.ini
c:\windows\inf\win32\0x040c.ini
c:\windows\inf\win32\0x040e.ini
c:\windows\inf\win32\0x0410.ini
c:\windows\inf\win32\0x0411.ini
c:\windows\inf\win32\0x0412.ini
c:\windows\inf\win32\0x0413.ini
c:\windows\inf\win32\0x0414.ini
c:\windows\inf\win32\0x0415.ini
c:\windows\inf\win32\0x0416.ini
c:\windows\inf\win32\0x0418.ini
c:\windows\inf\win32\0x0419.ini
c:\windows\inf\win32\0x041a.ini
c:\windows\inf\win32\0x041d.ini
c:\windows\inf\win32\0x041f.ini
c:\windows\inf\win32\0x0804.ini
c:\windows\inf\win32\0x0816.ini
c:\windows\inf\win32\1028.mst
c:\windows\inf\win32\1029.mst
c:\windows\inf\win32\1030.mst
c:\windows\inf\win32\1031.mst
c:\windows\inf\win32\1032.mst
c:\windows\inf\win32\1033.mst
c:\windows\inf\win32\1034.mst
c:\windows\inf\win32\1035.mst
c:\windows\inf\win32\1036.mst
c:\windows\inf\win32\1038.mst
c:\windows\inf\win32\1040.mst
c:\windows\inf\win32\1041.mst
c:\windows\inf\win32\1042.mst
c:\windows\inf\win32\1043.mst
c:\windows\inf\win32\1044.mst
c:\windows\inf\win32\1045.mst
c:\windows\inf\win32\1046.mst
c:\windows\inf\win32\1048.mst
c:\windows\inf\win32\1049.mst
c:\windows\inf\win32\1050.mst
c:\windows\inf\win32\1053.mst
c:\windows\inf\win32\1055.mst
c:\windows\inf\win32\2052.mst
c:\windows\inf\win32\2070.mst
c:\windows\inf\win32\BBalloon.dll
c:\windows\inf\win32\brcmVista\bcbthid32.cat
c:\windows\inf\win32\brcmVista\bcbthid32.inf
c:\windows\inf\win32\brcmVista\bcbtums-win7x86-brcm.cat
c:\windows\inf\win32\brcmVista\Bcbtums-Win7x86-brcm.inf
c:\windows\inf\win32\brcmVista\btusbflt.sys
c:\windows\inf\win32\brcmVista\DPInst.exe
c:\windows\inf\win32\brcmWin7\bcbthid32.cat
c:\windows\inf\win32\brcmWin7\bcbthid32.inf
c:\windows\inf\win32\brcmWin7\bcbtums-win7x86-brcm.cat
c:\windows\inf\win32\brcmWin7\Bcbtums-Win7x86-brcm.inf
c:\windows\inf\win32\brcmWin7\btusbflt.sys
c:\windows\inf\win32\brcmWin7\DPInst.exe
c:\windows\inf\win32\BtSetup.dll
c:\windows\inf\win32\BTW.msi
c:\windows\inf\win32\btw_ci.dll
c:\windows\inf\win32\btwaudio.cat
c:\windows\inf\win32\btwaudio.inf
c:\windows\inf\win32\btwaudio.sys
c:\windows\inf\win32\btwavdt.cat
c:\windows\inf\win32\btwavdt.inf
c:\windows\inf\win32\btwavdt.sys
c:\windows\inf\win32\btwl2cap.cat
c:\windows\inf\win32\btwl2cap.inf
c:\windows\inf\win32\BTWL2CAP.sys
c:\windows\inf\win32\BtwMM.exe
c:\windows\inf\win32\btwprofpack.dll
c:\windows\inf\win32\btwrchid.cat
c:\windows\inf\win32\btwrchid.inf
c:\windows\inf\win32\btwrchid.sys
c:\windows\inf\win32\BtwRSupport.dll
c:\windows\inf\win32\Data1.cab
c:\windows\inf\win32\Inst.exe
c:\windows\inf\win32\instmsia.exe
c:\windows\inf\win32\instmsiw.exe
c:\windows\inf\win32\Setup.exe
c:\windows\inf\win32\Setup.ini
c:\windows\inf\win32\svcpack\SvcPack.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACPIService
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-15 to 2013-11-15  )))))))))))))))))))))))))))))))
.
.
2013-11-15 11:26 . 2013-11-15 11:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-15 11:26 . 2013-11-15 11:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-14 03:37 . 2013-11-14 03:49 -------- d-----w- C:\AdwCleaner
2013-11-13 23:23 . 2013-11-13 23:23 -------- d-----w- c:\windows\ERUNT
2013-11-12 12:15 . 2013-11-12 12:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-09 01:44 . 2013-11-13 06:07 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 01:44 . 2013-11-13 06:07 -------- d-----w- c:\program files\iTunes
2013-11-09 01:44 . 2013-11-13 06:07 -------- d-----w- c:\program files\iPod
2013-11-09 01:44 . 2013-11-13 06:06 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 13:45 . 2012-06-07 20:30 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 13:45 . 2011-05-18 11:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 09:43 . 2010-06-08 11:05 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-22 23:28 . 2013-10-09 09:52 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-09 09:52 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-09 09:52 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-09 09:52 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-09 09:52 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-09 09:52 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-09 09:52 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-09 09:52 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-09 09:51 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-09 09:52 855552 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-09 09:52 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-09 09:52 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-09 09:52 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-09 09:52 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-09 09:52 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-09 09:52 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-09 09:52 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-09 09:52 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-09 09:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-09 09:52 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-09 09:52 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-09 09:52 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-09 09:38 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-09 09:38 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 09:38 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 09:38 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 09:34 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 09:34 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 09:34 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 09:34 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 09:34 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 09:34 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 09:34 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-09 09:38 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 09:38 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 09:38 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 09:38 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 09:38 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 09:38 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 09:38 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 09:38 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 09:38 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 09:38 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 09:38 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 09:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 09:38 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 09:38 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 09:38 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 09:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 09:38 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 09:37 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Facebook Update"="c:\users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-26 138096]
"CmTray"="c:\program files (x86)\Content Manager\launchCM.exe" [2011-12-28 94208]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE" [2012-02-29 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2011-04-07 2756864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/05/31 12:58];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl;c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
R2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
R3 mfehidk01;McAfee Inc.;Device\mfehidk01.sys;Device\mfehidk01.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys;c:\windows\SYSNATIVE\DRIVERS\lgx64gps.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S3 FintekCIR;Fintek eHome Transceiver;c:\windows\system32\DRIVERS\FintekCIR.sys;c:\windows\SYSNATIVE\DRIVERS\FintekCIR.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys;c:\windows\SYSNATIVE\DRIVERS\NW1950.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 07:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 13:45]
.
2013-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001Core.job
- c:\users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-26 15:04]
.
2013-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001UA.job
- c:\users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-26 15:04]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 12:50]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 12:50]
.
2013-11-11 c:\windows\Tasks\HPCeeScheduleForBob_Barb.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2013-10-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local


IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com

.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Fitbit Connect - c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Fitbit Connect - c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-15  05:29:15
ComboFix-quarantined-files.txt  2013-11-15 11:29
.
Pre-Run: 700,121,792,512 bytes free
Post-Run: 699,610,976,256 bytes free
.
- - End Of File - - EAD783A428D15D558469A4A4631E1E6A
8592081FD66D4D425D9A1A5A55A7AA57
 

Link to post
Share on other sites

ComboFix quarantinedfiles

2013-11-15 11:27:42 . 2013-11-15 11:27:42              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-11-15 11:27:29 . 2013-11-15 11:27:30              185 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-Fitbit Connect.reg.dat
2013-11-15 11:27:27 . 2013-11-15 11:27:27              172 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Fitbit Connect.reg.dat
2013-11-15 00:56:07 . 2013-11-15 00:56:07            1,328 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_ACPIService.reg.dat
2013-11-15 00:55:56 . 2013-11-15 11:24:10           11,914 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-11-15 00:49:04 . 2013-11-15 11:17:07              153 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-02-25 15:58:30 . 2013-02-25 15:58:30        3,093,024 ----a-w-  C:\Qoobox\Quarantine\C\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe.vir
2011-01-30 22:37:00 . 2011-01-30 22:37:00               51 ----a-w-  C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS25116.TMP.vir
2011-01-15 03:30:31 . 2011-01-15 03:30:31               67 ----a-w-  C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS24737.TMP.vir
2011-01-15 03:25:11 . 2011-01-15 03:25:11               66 ----a-w-  C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS23692.TMP.vir
2011-01-15 03:23:39 . 2011-01-15 03:23:39               67 ----a-w-  C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS23392.TMP.vir
2011-01-15 03:22:48 . 2011-01-15 03:22:48               66 ----a-w-  C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS23225.TMP.vir
2011-01-15 03:17:45 . 2011-01-15 03:17:45               66 ----a-w-  C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS22236.TMP.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:24           10,100 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\bcbtums-win7x86-brcm.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:28           13,048 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\Bcbtums-Win7x86-brcm.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:20           43,944 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\btusbflt.sys.vir
2010-05-31 19:45:49 . 2006-05-02 11:15:04          521,128 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\DPInst.exe.vir
2010-05-31 19:45:49 . 2009-04-10 13:53:32            2,927 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\svcpack\SvcPack.ini.vir
2010-05-31 19:45:49 . 2009-07-01 18:03:10          869,664 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\Setup.exe.vir
2010-05-31 19:45:49 . 2009-07-02 08:44:06            2,113 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\Setup.ini.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:28            8,086 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\bcbthid32.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:26            1,661 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\bcbthid32.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:24           10,100 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\bcbtums-win7x86-brcm.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:28           13,048 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\Bcbtums-Win7x86-brcm.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:20           43,944 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\btusbflt.sys.vir
2010-05-31 19:45:49 . 2006-05-02 11:15:04          521,128 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\DPInst.exe.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:28            8,086 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\bcbthid32.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:26            1,661 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\bcbthid32.inf.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:14          260,648 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\Inst.exe.vir
2010-05-31 19:45:49 . 2002-03-11 09:45:04        1,708,856 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\instmsia.exe.vir
2010-05-31 19:45:49 . 2002-03-11 10:06:30        1,822,520 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\instmsiw.exe.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:10            3,510 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwl2cap.inf.vir
2010-05-31 19:45:49 . 2009-04-07 15:32:50           29,472 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\BTWL2CAP.sys.vir
2010-05-31 19:45:49 . 2007-02-05 00:16:48        6,115,168 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\BtwMM.exe.vir
2010-05-31 19:45:49 . 2009-07-01 18:03:26          628,000 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwprofpack.dll.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:08            8,050 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwrchid.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:08           23,342 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwrchid.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:04           18,344 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwrchid.sys.vir
2010-05-31 19:45:49 . 2009-07-01 18:03:26          234,784 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\BtwRSupport.dll.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:20          113,256 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btw_ci.dll.vir
2010-05-31 19:45:49 . 2009-07-02 08:41:40       13,468,412 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\Data1.cab.vir
2010-05-31 19:45:49 . 2009-07-01 18:03:20          107,808 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\BBalloon.dll.vir
2010-05-31 19:45:49 . 2009-07-01 18:03:24          374,048 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\BtSetup.dll.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:08        3,608,724 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\BTW.msi.vir
2010-05-31 19:45:49 . 2009-07-02 07:59:28            9,643 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwaudio.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:18           35,938 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwaudio.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:14           86,056 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwaudio.sys.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:14           12,414 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwavdt.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:12           14,078 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwavdt.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:12          108,072 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwavdt.sys.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:10            7,484 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwl2cap.cat.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          244,736 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1040.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          295,424 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1041.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          394,752 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1042.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          244,736 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1043.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          238,592 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1044.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          238,592 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1045.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          241,664 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1046.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:08          276,480 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1048.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          258,048 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1049.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          272,896 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1050.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          238,592 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1053.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:08          273,920 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1055.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:00          273,920 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\2052.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          274,944 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\2070.mst.vir
2010-05-31 19:45:49 . 2004-04-08 17:31:48            6,076 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0816.ini.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:00          241,152 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1028.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          273,408 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1029.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:00          239,104 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1030.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          245,760 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1031.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          302,080 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1032.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:08            3,584 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1033.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          242,176 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1034.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          240,128 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1035.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          245,760 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1036.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          276,480 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\1038.mst.vir
2010-05-31 19:45:49 . 2004-04-15 11:16:50            5,586 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x040b.ini.vir
2010-05-31 19:45:49 . 2004-04-07 14:04:46            6,394 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x040c.ini.vir
2010-05-31 19:45:49 . 2004-04-07 14:17:08            5,760 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x040e.ini.vir
2010-05-31 19:45:49 . 2004-04-07 14:30:20            6,160 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0410.ini.vir
2010-05-31 19:45:49 . 2004-04-15 16:37:32            5,887 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0411.ini.vir
2010-05-31 19:45:49 . 2004-04-09 15:19:28            5,045 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0412.ini.vir
2010-05-31 19:45:49 . 2004-04-07 15:24:54            6,087 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0413.ini.vir
2010-05-31 19:45:49 . 2004-04-14 14:11:40            5,695 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0414.ini.vir
2010-05-31 19:45:49 . 2004-04-07 15:50:12            5,863 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0415.ini.vir
2010-05-31 19:45:49 . 2004-04-07 16:09:12            5,900 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0416.ini.vir
2010-05-31 19:45:49 . 2004-04-07 16:19:26            5,708 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0418.ini.vir
2010-05-31 19:45:49 . 2004-04-07 16:29:22            5,780 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0419.ini.vir
2010-05-31 19:45:49 . 2004-04-08 10:45:42            5,677 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x041a.ini.vir
2010-05-31 19:45:49 . 2004-04-14 14:00:30            5,485 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x041d.ini.vir
2010-05-31 19:45:49 . 2004-04-08 11:13:20            5,656 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x041f.ini.vir
2010-05-31 19:45:49 . 2004-04-08 15:10:00            3,841 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0804.ini.vir
2010-05-31 19:45:49 . 2004-04-14 10:36:42            3,771 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0404.ini.vir
2010-05-31 19:45:49 . 2004-04-06 17:43:56            5,770 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0405.ini.vir
2010-05-31 19:45:49 . 2004-04-07 09:20:02            5,722 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0406.ini.vir
2010-05-31 19:45:49 . 2004-04-15 15:24:44            6,265 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0407.ini.vir
2010-05-31 19:45:49 . 2004-04-14 13:49:30            6,601 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0408.ini.vir
2010-05-31 19:45:49 . 2009-02-10 17:02:04            5,491 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0409.ini.vir
2010-05-31 19:45:49 . 2004-04-07 11:24:56            6,265 ----a-w-  C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x040a.ini.vir
2009-11-10 03:21:03 . 2009-11-19 21:16:27           68,824 ----a-w-  C:\Qoobox\Quarantine\C\Windows\COUPon~1.ocx.vir
2007-11-07 13:03:18 . 2007-11-07 13:03:18          562,688 ----a-w-  C:\Qoobox\Quarantine\C\install.exe.vir
 

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Could not run this tool from Normal mode.

Sytem first indicated JAN2OSD can't open because ACPI Kernel Mode Driver would not open.

Could not get Internet Explorer to function.

Was able to disable McAfee as ESET indicated it could detect it was running

Downloaded and ran ESET online scan tool using Google Chrome

The program ESET online and the computer becaame unresponsive at 20% completion. Had to reboot into Safe Mode

Ran ESET online from Internet Explorer, but ESET indicated it was not running against Internet Explorer and I had to run their tool for alternate browsers.

ESET online launched and scanned.

It completed and their dialog box indicated no threats were found. There was no option anywhere in which to produce a txt file or access any kind of report, so I have nothing to provide unless it wrote a report to the system somewhere.

Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

I ran the tool from Safe Mode. it took all day. At completion, said no threats found. I extracted the report regardless and attached it here.

I restarted and tried to run the program from normal mode.

 

The tool loaded and started to run. It gets to 1% completion and then stops. Every AV program so far has only been able to run for about 1 min 30 secs total, then the system seems to be aware an AV program is trying to do something, and it sets the system into an endless loop.

 

The only tool you have had me try that actually seemed to find anything was Rouge Killer, and that tool willl not run from Normal mode either (it only ran in safe Mode).

 

I kind of appreciate what someone has done here, as they have successfully hid their work from nearly every program you have suggested so far, remaining invisible in Safe Mode, only to wakeup and prevent itsef from being found or seen or termnated.

 

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

All run from Safe Mode. 64 bit

I only chose SCAN

I kept the defaults (everything on Whitelist selected, and in Optional scan, I left BCD and Drivers unchecked, and by default had only the Addition.txt checked.

 

(I will also try to run this tool from "normal" mode if you tell me I should do that.

 

I did NOT run "search files" and did NOT run "fix". Please advise if I should do that or not.

 

Thanks very much for all of your help borislav (maniac) . I greatly appreciate this!

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Bob_Barb (administrator) on BOBBARBDESKTOP on 18-11-2013 17:32:19
Running from C:\Users\Bob_Barb\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-25] (Realtek Semiconductor)
HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM-x32\...\Runonce: [GrpConv] - grpconv -o [x]
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKCU\...\Run: [Facebook Update] - C:\Users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-26] (Facebook Inc.)
HKCU\...\Run: [CmTray] - C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [buttons & OSDs control application gen3] - C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe [212992 2009-11-17] (Hewlett-Packard)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] - C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\UpdatusUser\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_02051031.lnk
ShortcutTarget: _uninst_02051031.lnk -> C:\Users\Bob_Barb\AppData\Local\Temp\_uninst_02051031.bat ()
Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_69933140.lnk
ShortcutTarget: _uninst_69933140.lnk -> C:\Users\Bob_Barb\AppData\Local\Temp\_uninst_69933140.bat ()
Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_97672578.lnk
ShortcutTarget: _uninst_97672578.lnk -> C:\Users\Bob_Barb\AppData\Local\Temp\_uninst_97672578.bat ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0D5FBA60-44CF-404D-9299-72C4A446511F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0D5FBA60-44CF-404D-9299-72C4A446511F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {0D5FBA60-44CF-404D-9299-72C4A446511F} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {E8CC5F5E-3C53-4ADE-AB59-1F4B9AEDA949} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131117165819.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131117165854.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {8FD07749-EFFA-48C6-947C-45A8D7BF422F} http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.consorta.com/dana-cached/sc/JuniperSetupClient.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.233.207.8 64.233.207.9
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Bob_Barb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (Google Drive) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
==================== Services (Whitelisted) =================
 
S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R0 02051031; C:\Windows\System32\DRIVERS\02051031.sys [460888 2013-11-18] (Kaspersky Lab ZAO)
R0 69933140; C:\Windows\System32\DRIVERS\69933140.sys [460888 2013-11-17] (Kaspersky Lab ZAO)
R0 97672578; C:\Windows\System32\DRIVERS\97672578.sys [460888 2013-11-17] (Kaspersky Lab ZAO)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdX64.sys [29184 2009-03-26] (Juniper Networks)
R3 FintekCIR; C:\Windows\System32\DRIVERS\FintekCIR.sys [30824 2010-12-22] (Fintek)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [25080 2009-09-17] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S1 47134829; system32\DRIVERS\47134829.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 mfehidk01; \Device\mfehidk01.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-18 17:32 - 2013-11-18 17:32 - 00016237 _____ C:\Users\Bob_Barb\Downloads\FRST.txt
2013-11-18 17:32 - 2013-11-18 17:32 - 00000000 ____D C:\FRST
2013-11-18 17:30 - 2013-11-18 17:30 - 01957964 _____ (Farbar) C:\Users\Bob_Barb\Downloads\FRST64.exe
2013-11-17 18:21 - 2013-11-17 18:21 - 00003206 _____ C:\Windows\System32\Tasks\{D5373953-E929-4A14-8FAC-D7984D315DBD}
2013-11-17 18:14 - 2013-11-18 01:33 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\02051031.sys
2013-11-17 18:13 - 2013-11-17 18:14 - 24149642 _____ C:\Users\Bob_Barb\Desktop\Scan2.zip
2013-11-17 18:12 - 2013-11-17 18:13 - 153641288 _____ C:\Users\Bob_Barb\Desktop\setup_11.0.1.1245.x01_2013_11_18_01_33.exe
2013-11-17 17:12 - 2013-11-17 17:32 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\69933140.sys
2013-11-17 16:56 - 2013-11-17 17:32 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\97672578.sys
2013-11-17 16:45 - 2013-11-17 16:45 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\CrashDumps
2013-11-17 16:32 - 2013-11-17 16:44 - 527145800 _____ C:\Users\Bob_Barb\Desktop\Scan2.txt
2013-11-17 08:41 - 2013-11-17 08:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-15 19:12 - 2013-11-15 19:12 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Desktop\esetsmartinstaller_enu.exe
2013-11-15 18:24 - 2013-11-15 18:24 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Downloads\esetsmartinstaller_enu.exe
2013-11-15 18:24 - 2013-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-15 05:29 - 2013-11-15 05:29 - 00028206 _____ C:\ComboFix.txt
2013-11-14 18:49 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-14 18:49 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-14 18:49 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-14 18:49 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-14 18:49 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-14 18:49 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-14 18:49 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-14 18:49 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-14 18:44 - 2013-11-15 05:29 - 00000000 ____D C:\Qoobox
2013-11-14 18:44 - 2013-11-15 05:27 - 00000000 ____D C:\Windows\erdnt
2013-11-14 18:44 - 2013-11-14 18:41 - 05147957 ____R (Swearware) C:\Users\Bob_Barb\Desktop\ComboFix.exe
2013-11-14 18:19 - 2013-11-14 18:19 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{0E661164-44D0-4FC5-81AA-3D834F88CC63}
2013-11-13 23:40 - 2013-11-13 23:40 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{B40B4C38-F482-403F-B410-F9CB9E0331E2}
2013-11-13 23:20 - 2013-11-13 23:20 - 00002689 _____ C:\Users\Bob_Barb\Desktop\RKreport[0]_S_11132013_232040.txt
2013-11-13 23:18 - 2013-11-13 23:22 - 00000000 ____D C:\Users\Bob_Barb\Desktop\RK_Quarantine
2013-11-13 21:43 - 2013-11-13 21:43 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{1C6310D7-C532-4A1F-BC6F-18DC95FC5ACA}
2013-11-13 21:37 - 2013-11-13 21:49 - 00000000 ____D C:\AdwCleaner
2013-11-13 21:35 - 2013-11-13 21:35 - 00124613 _____ C:\Users\Bob_Barb\Desktop\JRT.txt
2013-11-13 17:25 - 2013-11-13 17:20 - 04118528 _____ C:\Users\Bob_Barb\Desktop\RogueKillerX64.exe
2013-11-13 17:24 - 2013-11-13 17:20 - 03643392 _____ C:\Users\Bob_Barb\Desktop\RogueKiller.exe
2013-11-13 17:24 - 2013-11-13 17:14 - 01085542 _____ C:\Users\Bob_Barb\Desktop\AdwCleaner.exe
2013-11-13 17:23 - 2013-11-13 17:23 - 00000000 ____D C:\Windows\ERUNT
2013-11-13 17:23 - 2013-11-13 17:12 - 01034531 _____ (Thisisu) C:\Users\Bob_Barb\Desktop\JRT.exe
2013-11-13 05:31 - 2013-11-13 05:29 - 00688992 ____R (Swearware) C:\Users\Bob_Barb\Desktop\dds.scr
2013-11-13 04:36 - 2013-11-12 06:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bob_Barb\Desktop\mbam-setup-downloaded.exe
2013-11-12 06:15 - 2013-11-12 06:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-12 06:14 - 2013-11-12 19:28 - 00000000 ____D C:\Users\Bob_Barb\Downloads\mbar
2013-11-12 05:27 - 2013-11-12 05:27 - 04101100 _____ C:\Users\Bob_Barb\Downloads\tdsskiller.zip
2013-11-11 20:00 - 2013-11-11 20:00 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1 (1).exe
2013-11-11 19:55 - 2013-11-13 04:53 - 00000462 _____ C:\rkill.log
2013-11-11 19:51 - 2011-12-24 17:21 - 01578288 _____ (Kaspersky Lab ZAO) C:\Users\Bob_Barb\Desktop\tdsskiller.exe
2013-11-11 19:18 - 2013-11-11 20:01 - 00009274 _____ C:\Windows\IE11_main.log
2013-11-11 19:18 - 2013-11-11 19:18 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1.exe
2013-11-08 19:45 - 2013-11-08 19:45 - 00001745 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-08 19:44 - 2013-11-13 00:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-08 19:44 - 2013-11-13 00:07 - 00000000 ____D C:\Program Files\iTunes
2013-11-08 19:44 - 2013-11-13 00:07 - 00000000 ____D C:\Program Files\iPod
2013-11-08 19:44 - 2013-11-13 00:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-29 17:11 - 2013-10-29 17:11 - 05572008 _____ (Fitbit Inc.) C:\Users\Bob_Barb\Downloads\FitbitConnect_Win_20131007_1.0.0.4065.exe
2013-10-22 17:09 - 2013-10-22 17:09 - 00070232 _____ C:\Users\Bob_Barb\Downloads\ScotlandsPeople.3385C93F-A0E2-4454-9ADC-C7D71CC0C558-D1922_495_00_0016Z.TIF
2013-10-19 16:24 - 2013-10-19 16:24 - 05064423 _____ C:\Users\Bob_Barb\Downloads\20131019_111935.mp4
 
==================== One Month Modified Files and Folders =======
 
2013-11-18 17:32 - 2013-11-18 17:32 - 00016237 _____ C:\Users\Bob_Barb\Downloads\FRST.txt
2013-11-18 17:32 - 2013-11-18 17:32 - 00000000 ____D C:\FRST
2013-11-18 17:32 - 2009-07-13 23:13 - 00005356 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-18 17:30 - 2013-11-18 17:30 - 01957964 _____ (Farbar) C:\Users\Bob_Barb\Downloads\FRST64.exe
2013-11-18 01:33 - 2013-11-17 18:14 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\02051031.sys
2013-11-17 18:23 - 2010-10-14 06:51 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-17 18:21 - 2013-11-17 18:21 - 00003206 _____ C:\Windows\System32\Tasks\{D5373953-E929-4A14-8FAC-D7984D315DBD}
2013-11-17 18:16 - 2010-06-04 20:40 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-17 18:14 - 2013-11-17 18:13 - 24149642 _____ C:\Users\Bob_Barb\Desktop\Scan2.zip
2013-11-17 18:13 - 2013-11-17 18:12 - 153641288 _____ C:\Users\Bob_Barb\Desktop\setup_11.0.1.1245.x01_2013_11_18_01_33.exe
2013-11-17 18:09 - 2013-01-26 09:04 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001UA.job
2013-11-17 18:08 - 2010-05-31 13:40 - 01235174 _____ C:\Windows\WindowsUpdate.log
2013-11-17 18:02 - 2009-07-13 22:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-17 18:02 - 2009-07-13 22:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-17 17:50 - 2010-10-14 06:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 17:49 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-17 17:49 - 2009-07-13 22:51 - 00136063 _____ C:\Windows\setupact.log
2013-11-17 17:32 - 2013-11-17 17:12 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\69933140.sys
2013-11-17 17:32 - 2013-11-17 16:56 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\97672578.sys
2013-11-17 16:56 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-17 16:45 - 2013-11-17 16:45 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\CrashDumps
2013-11-17 16:44 - 2013-11-17 16:32 - 527145800 _____ C:\Users\Bob_Barb\Desktop\Scan2.txt
2013-11-17 13:09 - 2013-08-15 20:38 - 00000000 ____D C:\Users\Bob_Barb\Documents\Outlook Files
2013-11-17 08:41 - 2013-11-17 08:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-15 19:12 - 2013-11-15 19:12 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Desktop\esetsmartinstaller_enu.exe
2013-11-15 18:45 - 2012-09-11 05:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 18:24 - 2013-11-15 18:24 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Downloads\esetsmartinstaller_enu.exe
2013-11-15 18:24 - 2013-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-15 18:13 - 2010-05-31 13:37 - 00297026 _____ C:\Windows\PFRO.log
2013-11-15 05:29 - 2013-11-15 05:29 - 00028206 _____ C:\ComboFix.txt
2013-11-15 05:29 - 2013-11-14 18:44 - 00000000 ____D C:\Qoobox
2013-11-15 05:29 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2013-11-15 05:27 - 2013-11-14 18:44 - 00000000 ____D C:\Windows\erdnt
2013-11-15 05:26 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2013-11-14 18:59 - 2009-07-13 20:34 - 23330816 _____ C:\Windows\system32\config\system.bak
2013-11-14 18:59 - 2009-07-13 20:34 - 118489088 _____ C:\Windows\system32\config\software.bak
2013-11-14 18:59 - 2009-07-13 20:34 - 00786432 _____ C:\Windows\system32\config\default.bak
2013-11-14 18:59 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-11-14 18:59 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-11-14 18:58 - 2013-04-15 16:01 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-11-14 18:41 - 2013-11-14 18:44 - 05147957 ____R (Swearware) C:\Users\Bob_Barb\Desktop\ComboFix.exe
2013-11-14 18:19 - 2013-11-14 18:19 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{0E661164-44D0-4FC5-81AA-3D834F88CC63}
2013-11-14 18:19 - 2010-06-08 08:44 - 00000000 ____D C:\Users\Bob_Barb\Tracing
2013-11-13 23:40 - 2013-11-13 23:40 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{B40B4C38-F482-403F-B410-F9CB9E0331E2}
2013-11-13 23:22 - 2013-11-13 23:18 - 00000000 ____D C:\Users\Bob_Barb\Desktop\RK_Quarantine
2013-11-13 23:20 - 2013-11-13 23:20 - 00002689 _____ C:\Users\Bob_Barb\Desktop\RKreport[0]_S_11132013_232040.txt
2013-11-13 21:49 - 2013-11-13 21:37 - 00000000 ____D C:\AdwCleaner
2013-11-13 21:43 - 2013-11-13 21:43 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{1C6310D7-C532-4A1F-BC6F-18DC95FC5ACA}
2013-11-13 21:35 - 2013-11-13 21:35 - 00124613 _____ C:\Users\Bob_Barb\Desktop\JRT.txt
2013-11-13 17:23 - 2013-11-13 17:23 - 00000000 ____D C:\Windows\ERUNT
2013-11-13 17:20 - 2013-11-13 17:25 - 04118528 _____ C:\Users\Bob_Barb\Desktop\RogueKillerX64.exe
2013-11-13 17:20 - 2013-11-13 17:24 - 03643392 _____ C:\Users\Bob_Barb\Desktop\RogueKiller.exe
2013-11-13 17:14 - 2013-11-13 17:24 - 01085542 _____ C:\Users\Bob_Barb\Desktop\AdwCleaner.exe
2013-11-13 17:12 - 2013-11-13 17:23 - 01034531 _____ (Thisisu) C:\Users\Bob_Barb\Desktop\JRT.exe
2013-11-13 05:29 - 2013-11-13 05:31 - 00688992 ____R (Swearware) C:\Users\Bob_Barb\Desktop\dds.scr
2013-11-13 04:53 - 2013-11-11 19:55 - 00000462 _____ C:\rkill.log
2013-11-13 04:39 - 2012-12-24 09:55 - 00000000 ____D C:\Users\Bob_Barb\Documents\cats
2013-11-13 04:37 - 2012-08-24 04:51 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 04:37 - 2011-12-24 17:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 04:30 - 2010-06-04 20:34 - 00000000 ____D C:\Users\Bob_Barb
2013-11-13 00:08 - 2009-07-14 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 __RSD C:\Windows\Media
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\IME
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Cursors
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-11-13 00:07 - 2013-11-08 19:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-13 00:07 - 2013-11-08 19:44 - 00000000 ____D C:\Program Files\iTunes
2013-11-13 00:07 - 2013-11-08 19:44 - 00000000 ____D C:\Program Files\iPod
2013-11-13 00:07 - 2013-03-13 05:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-13 00:07 - 2012-12-25 07:37 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Epson
2013-11-13 00:07 - 2012-12-21 15:19 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2013-11-13 00:07 - 2012-12-21 15:04 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2013-11-13 00:07 - 2012-12-21 14:59 - 00000000 ____D C:\Program Files\Common Files\EPSON
2013-11-13 00:07 - 2012-11-14 12:44 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-11-13 00:07 - 2012-05-28 08:51 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-13 00:07 - 2012-02-04 10:28 - 00000000 ____D C:\Program Files\Movie Maker
2013-11-13 00:07 - 2012-01-20 16:20 - 00000000 ____D C:\Program Files\Bonjour
2013-11-13 00:07 - 2011-07-25 08:07 - 00000000 ____D C:\Program Files\Bulk Rename Utility
2013-11-13 00:07 - 2011-07-19 05:09 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-11-13 00:07 - 2011-06-28 06:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-13 00:07 - 2011-03-08 16:04 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-13 00:07 - 2011-01-04 17:16 - 00000000 ____D C:\ProgramData\HP
2013-11-13 00:07 - 2010-08-02 17:33 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2013-11-13 00:07 - 2010-08-02 17:33 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Juniper Networks
2013-11-13 00:07 - 2010-07-31 07:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 00:07 - 2010-06-14 11:10 - 00000000 ____D C:\ProgramData\eSellerate
2013-11-13 00:07 - 2010-06-05 06:42 - 00000000 ____D C:\ProgramData\McAfee
2013-11-13 00:07 - 2010-06-04 20:40 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-13 00:07 - 2010-06-04 20:34 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-13 00:07 - 2010-06-04 20:34 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-13 00:07 - 2010-06-04 20:34 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\Hewlett-Packard
2013-11-13 00:07 - 2010-05-31 14:26 - 00000000 ____D C:\ProgramData\Norton
2013-11-13 00:07 - 2010-05-31 14:16 - 00000000 ____D C:\ProgramData\WildTangent
2013-11-13 00:07 - 2010-05-31 14:02 - 00000000 ____D C:\Program Files\PC-Doctor for Windows
2013-11-13 00:07 - 2010-05-31 13:56 - 00000000 ____D C:\ProgramData\Uninstall
2013-11-13 00:07 - 2010-05-31 13:56 - 00000000 ____D C:\ProgramData\CinemaNow
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\zh-CHT
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\zh-CHS
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\tr
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\sv
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\sk
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ru
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ro
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\pt
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\pl
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\no
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\nl
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ko
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ja
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\it
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\hu
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\fr
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\fi
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\es
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\el
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\de
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\da
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\cs
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\bg
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\ProgramData\Applications
2013-11-13 00:07 - 2010-05-31 13:49 - 00000000 ____D C:\Program Files\PlayReady
2013-11-13 00:07 - 2010-05-31 13:46 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-11-13 00:07 - 2010-05-31 13:44 - 00000000 __HDC C:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}
2013-11-13 00:07 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\restore
2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\spp
2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\Speech
2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Branding
2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-13 00:06 - 2013-11-08 19:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-13 00:06 - 2013-06-27 05:25 - 00000000 ____D C:\Program Files (x86)\Content Manager
2013-11-13 00:06 - 2013-06-21 18:56 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-13 00:06 - 2013-03-13 05:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-13 00:06 - 2012-12-21 15:13 - 00000000 ____D C:\Program Files (x86)\LTCM Client
2013-11-13 00:06 - 2012-01-20 16:20 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-11-13 00:06 - 2011-07-19 05:09 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-11-13 00:06 - 2011-03-08 16:04 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-11-13 00:06 - 2010-12-04 08:53 - 00000000 ____D C:\Program Files (x86)\Brother's Keeper 6
2013-11-13 00:06 - 2010-06-17 17:29 - 00000000 ____D C:\Program Files (x86)\Image Resizer
2013-11-13 00:06 - 2010-06-14 11:23 - 00000000 ____D C:\Program Files (x86)\BIAS
2013-11-13 00:06 - 2010-06-14 11:23 - 00000000 ____D C:\Binaries
2013-11-13 00:06 - 2010-06-05 06:45 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-11-13 00:06 - 2010-05-31 14:20 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-11-13 00:06 - 2010-05-31 14:16 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-11-13 00:06 - 2010-05-31 14:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-11-13 00:06 - 2010-05-31 13:50 - 00000000 ____D C:\Program Files (x86)\Virtual Earth 3D
2013-11-13 00:06 - 2010-05-31 13:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Touch Pack for Windows 7
2013-11-13 00:06 - 2010-05-31 13:41 - 00000000 ____D C:\Program Files (x86)\hp
2013-11-13 00:06 - 2010-05-31 13:40 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-11-13 00:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-11-12 23:52 - 2010-07-31 07:32 - 00000000 ___RD C:\MSOCache
2013-11-12 19:28 - 2013-11-12 06:14 - 00000000 ____D C:\Users\Bob_Barb\Downloads\mbar
2013-11-12 19:28 - 2009-07-14 01:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-12 06:30 - 2013-11-12 06:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-12 06:10 - 2013-11-13 04:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bob_Barb\Desktop\mbam-setup-downloaded.exe
2013-11-12 05:27 - 2013-11-12 05:27 - 04101100 _____ C:\Users\Bob_Barb\Downloads\tdsskiller.zip
2013-11-11 20:01 - 2013-11-11 19:18 - 00009274 _____ C:\Windows\IE11_main.log
2013-11-11 20:00 - 2013-11-11 20:00 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1 (1).exe
2013-11-11 19:18 - 2013-11-11 19:18 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1.exe
2013-11-11 16:23 - 2012-04-18 14:26 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBob_Barb
2013-11-11 16:23 - 2012-04-18 14:26 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForBob_Barb.job
2013-11-11 09:09 - 2013-01-26 09:04 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001Core.job
2013-11-10 08:49 - 2011-12-11 18:03 - 11403264 _____ C:\Users\Bob_Barb\Documents\KernewekCattery.accdb
2013-11-08 19:45 - 2013-11-08 19:45 - 00001745 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-31 16:24 - 2010-06-04 20:55 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-10-30 05:13 - 2010-11-29 08:51 - 44568576 _____ C:\Users\Bob_Barb\Documents\Address.mdb
2013-10-29 17:11 - 2013-10-29 17:11 - 05572008 _____ (Fitbit Inc.) C:\Users\Bob_Barb\Downloads\FitbitConnect_Win_20131007_1.0.0.4065.exe
2013-10-22 17:09 - 2013-10-22 17:09 - 00070232 _____ C:\Users\Bob_Barb\Downloads\ScotlandsPeople.3385C93F-A0E2-4454-9ADC-C7D71CC0C558-D1922_495_00_0016Z.TIF
2013-10-19 16:24 - 2013-10-19 16:24 - 05064423 _____ C:\Users\Bob_Barb\Downloads\20131019_111935.mp4
 
Files to move or delete:
====================
C:\Windows\System32\mctadmin.exe
 
 
Some content of TEMP:
====================
C:\Users\Bob_Barb\AppData\Local\Temp\contentDATs.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-10 00:13
 
==================== End Of Log ============================
 
ADDITION
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Bob_Barb (administrator) on BOBBARBDESKTOP on 18-11-2013 17:32:19
Running from C:\Users\Bob_Barb\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-25] (Realtek Semiconductor)
HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM-x32\...\Runonce: [GrpConv] - grpconv -o [x]
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKCU\...\Run: [Facebook Update] - C:\Users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-26] (Facebook Inc.)
HKCU\...\Run: [CmTray] - C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [buttons & OSDs control application gen3] - C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe [212992 2009-11-17] (Hewlett-Packard)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] - C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\UpdatusUser\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_02051031.lnk
ShortcutTarget: _uninst_02051031.lnk -> C:\Users\Bob_Barb\AppData\Local\Temp\_uninst_02051031.bat ()
Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_69933140.lnk
ShortcutTarget: _uninst_69933140.lnk -> C:\Users\Bob_Barb\AppData\Local\Temp\_uninst_69933140.bat ()
Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_97672578.lnk
ShortcutTarget: _uninst_97672578.lnk -> C:\Users\Bob_Barb\AppData\Local\Temp\_uninst_97672578.bat ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0D5FBA60-44CF-404D-9299-72C4A446511F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0D5FBA60-44CF-404D-9299-72C4A446511F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {0D5FBA60-44CF-404D-9299-72C4A446511F} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {E8CC5F5E-3C53-4ADE-AB59-1F4B9AEDA949} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131117165819.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131117165854.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {8FD07749-EFFA-48C6-947C-45A8D7BF422F} http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.consorta.com/dana-cached/sc/JuniperSetupClient.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.233.207.8 64.233.207.9
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Bob_Barb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (Google Drive) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
==================== Services (Whitelisted) =================
 
S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R0 02051031; C:\Windows\System32\DRIVERS\02051031.sys [460888 2013-11-18] (Kaspersky Lab ZAO)
R0 69933140; C:\Windows\System32\DRIVERS\69933140.sys [460888 2013-11-17] (Kaspersky Lab ZAO)
R0 97672578; C:\Windows\System32\DRIVERS\97672578.sys [460888 2013-11-17] (Kaspersky Lab ZAO)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdX64.sys [29184 2009-03-26] (Juniper Networks)
R3 FintekCIR; C:\Windows\System32\DRIVERS\FintekCIR.sys [30824 2010-12-22] (Fintek)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [25080 2009-09-17] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S1 47134829; system32\DRIVERS\47134829.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 mfehidk01; \Device\mfehidk01.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-18 17:32 - 2013-11-18 17:32 - 00016237 _____ C:\Users\Bob_Barb\Downloads\FRST.txt
2013-11-18 17:32 - 2013-11-18 17:32 - 00000000 ____D C:\FRST
2013-11-18 17:30 - 2013-11-18 17:30 - 01957964 _____ (Farbar) C:\Users\Bob_Barb\Downloads\FRST64.exe
2013-11-17 18:21 - 2013-11-17 18:21 - 00003206 _____ C:\Windows\System32\Tasks\{D5373953-E929-4A14-8FAC-D7984D315DBD}
2013-11-17 18:14 - 2013-11-18 01:33 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\02051031.sys
2013-11-17 18:13 - 2013-11-17 18:14 - 24149642 _____ C:\Users\Bob_Barb\Desktop\Scan2.zip
2013-11-17 18:12 - 2013-11-17 18:13 - 153641288 _____ C:\Users\Bob_Barb\Desktop\setup_11.0.1.1245.x01_2013_11_18_01_33.exe
2013-11-17 17:12 - 2013-11-17 17:32 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\69933140.sys
2013-11-17 16:56 - 2013-11-17 17:32 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\97672578.sys
2013-11-17 16:45 - 2013-11-17 16:45 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\CrashDumps
2013-11-17 16:32 - 2013-11-17 16:44 - 527145800 _____ C:\Users\Bob_Barb\Desktop\Scan2.txt
2013-11-17 08:41 - 2013-11-17 08:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-15 19:12 - 2013-11-15 19:12 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Desktop\esetsmartinstaller_enu.exe
2013-11-15 18:24 - 2013-11-15 18:24 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Downloads\esetsmartinstaller_enu.exe
2013-11-15 18:24 - 2013-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-15 05:29 - 2013-11-15 05:29 - 00028206 _____ C:\ComboFix.txt
2013-11-14 18:49 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-14 18:49 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-14 18:49 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-14 18:49 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-14 18:49 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-14 18:49 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-14 18:49 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-14 18:49 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-14 18:44 - 2013-11-15 05:29 - 00000000 ____D C:\Qoobox
2013-11-14 18:44 - 2013-11-15 05:27 - 00000000 ____D C:\Windows\erdnt
2013-11-14 18:44 - 2013-11-14 18:41 - 05147957 ____R (Swearware) C:\Users\Bob_Barb\Desktop\ComboFix.exe
2013-11-14 18:19 - 2013-11-14 18:19 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{0E661164-44D0-4FC5-81AA-3D834F88CC63}
2013-11-13 23:40 - 2013-11-13 23:40 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{B40B4C38-F482-403F-B410-F9CB9E0331E2}
2013-11-13 23:20 - 2013-11-13 23:20 - 00002689 _____ C:\Users\Bob_Barb\Desktop\RKreport[0]_S_11132013_232040.txt
2013-11-13 23:18 - 2013-11-13 23:22 - 00000000 ____D C:\Users\Bob_Barb\Desktop\RK_Quarantine
2013-11-13 21:43 - 2013-11-13 21:43 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{1C6310D7-C532-4A1F-BC6F-18DC95FC5ACA}
2013-11-13 21:37 - 2013-11-13 21:49 - 00000000 ____D C:\AdwCleaner
2013-11-13 21:35 - 2013-11-13 21:35 - 00124613 _____ C:\Users\Bob_Barb\Desktop\JRT.txt
2013-11-13 17:25 - 2013-11-13 17:20 - 04118528 _____ C:\Users\Bob_Barb\Desktop\RogueKillerX64.exe
2013-11-13 17:24 - 2013-11-13 17:20 - 03643392 _____ C:\Users\Bob_Barb\Desktop\RogueKiller.exe
2013-11-13 17:24 - 2013-11-13 17:14 - 01085542 _____ C:\Users\Bob_Barb\Desktop\AdwCleaner.exe
2013-11-13 17:23 - 2013-11-13 17:23 - 00000000 ____D C:\Windows\ERUNT
2013-11-13 17:23 - 2013-11-13 17:12 - 01034531 _____ (Thisisu) C:\Users\Bob_Barb\Desktop\JRT.exe
2013-11-13 05:31 - 2013-11-13 05:29 - 00688992 ____R (Swearware) C:\Users\Bob_Barb\Desktop\dds.scr
2013-11-13 04:36 - 2013-11-12 06:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bob_Barb\Desktop\mbam-setup-downloaded.exe
2013-11-12 06:15 - 2013-11-12 06:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-12 06:14 - 2013-11-12 19:28 - 00000000 ____D C:\Users\Bob_Barb\Downloads\mbar
2013-11-12 05:27 - 2013-11-12 05:27 - 04101100 _____ C:\Users\Bob_Barb\Downloads\tdsskiller.zip
2013-11-11 20:00 - 2013-11-11 20:00 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1 (1).exe
2013-11-11 19:55 - 2013-11-13 04:53 - 00000462 _____ C:\rkill.log
2013-11-11 19:51 - 2011-12-24 17:21 - 01578288 _____ (Kaspersky Lab ZAO) C:\Users\Bob_Barb\Desktop\tdsskiller.exe
2013-11-11 19:18 - 2013-11-11 20:01 - 00009274 _____ C:\Windows\IE11_main.log
2013-11-11 19:18 - 2013-11-11 19:18 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1.exe
2013-11-08 19:45 - 2013-11-08 19:45 - 00001745 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-08 19:44 - 2013-11-13 00:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-08 19:44 - 2013-11-13 00:07 - 00000000 ____D C:\Program Files\iTunes
2013-11-08 19:44 - 2013-11-13 00:07 - 00000000 ____D C:\Program Files\iPod
2013-11-08 19:44 - 2013-11-13 00:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-29 17:11 - 2013-10-29 17:11 - 05572008 _____ (Fitbit Inc.) C:\Users\Bob_Barb\Downloads\FitbitConnect_Win_20131007_1.0.0.4065.exe
2013-10-22 17:09 - 2013-10-22 17:09 - 00070232 _____ C:\Users\Bob_Barb\Downloads\ScotlandsPeople.3385C93F-A0E2-4454-9ADC-C7D71CC0C558-D1922_495_00_0016Z.TIF
2013-10-19 16:24 - 2013-10-19 16:24 - 05064423 _____ C:\Users\Bob_Barb\Downloads\20131019_111935.mp4
 
==================== One Month Modified Files and Folders =======
 
2013-11-18 17:32 - 2013-11-18 17:32 - 00016237 _____ C:\Users\Bob_Barb\Downloads\FRST.txt
2013-11-18 17:32 - 2013-11-18 17:32 - 00000000 ____D C:\FRST
2013-11-18 17:32 - 2009-07-13 23:13 - 00005356 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-18 17:30 - 2013-11-18 17:30 - 01957964 _____ (Farbar) C:\Users\Bob_Barb\Downloads\FRST64.exe
2013-11-18 01:33 - 2013-11-17 18:14 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\02051031.sys
2013-11-17 18:23 - 2010-10-14 06:51 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-17 18:21 - 2013-11-17 18:21 - 00003206 _____ C:\Windows\System32\Tasks\{D5373953-E929-4A14-8FAC-D7984D315DBD}
2013-11-17 18:16 - 2010-06-04 20:40 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-17 18:14 - 2013-11-17 18:13 - 24149642 _____ C:\Users\Bob_Barb\Desktop\Scan2.zip
2013-11-17 18:13 - 2013-11-17 18:12 - 153641288 _____ C:\Users\Bob_Barb\Desktop\setup_11.0.1.1245.x01_2013_11_18_01_33.exe
2013-11-17 18:09 - 2013-01-26 09:04 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001UA.job
2013-11-17 18:08 - 2010-05-31 13:40 - 01235174 _____ C:\Windows\WindowsUpdate.log
2013-11-17 18:02 - 2009-07-13 22:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-17 18:02 - 2009-07-13 22:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-17 17:50 - 2010-10-14 06:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 17:49 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-17 17:49 - 2009-07-13 22:51 - 00136063 _____ C:\Windows\setupact.log
2013-11-17 17:32 - 2013-11-17 17:12 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\69933140.sys
2013-11-17 17:32 - 2013-11-17 16:56 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\97672578.sys
2013-11-17 16:56 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-17 16:45 - 2013-11-17 16:45 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\CrashDumps
2013-11-17 16:44 - 2013-11-17 16:32 - 527145800 _____ C:\Users\Bob_Barb\Desktop\Scan2.txt
2013-11-17 13:09 - 2013-08-15 20:38 - 00000000 ____D C:\Users\Bob_Barb\Documents\Outlook Files
2013-11-17 08:41 - 2013-11-17 08:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-15 19:12 - 2013-11-15 19:12 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Desktop\esetsmartinstaller_enu.exe
2013-11-15 18:45 - 2012-09-11 05:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 18:24 - 2013-11-15 18:24 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Downloads\esetsmartinstaller_enu.exe
2013-11-15 18:24 - 2013-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-15 18:13 - 2010-05-31 13:37 - 00297026 _____ C:\Windows\PFRO.log
2013-11-15 05:29 - 2013-11-15 05:29 - 00028206 _____ C:\ComboFix.txt
2013-11-15 05:29 - 2013-11-14 18:44 - 00000000 ____D C:\Qoobox
2013-11-15 05:29 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2013-11-15 05:27 - 2013-11-14 18:44 - 00000000 ____D C:\Windows\erdnt
2013-11-15 05:26 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2013-11-14 18:59 - 2009-07-13 20:34 - 23330816 _____ C:\Windows\system32\config\system.bak
2013-11-14 18:59 - 2009-07-13 20:34 - 118489088 _____ C:\Windows\system32\config\software.bak
2013-11-14 18:59 - 2009-07-13 20:34 - 00786432 _____ C:\Windows\system32\config\default.bak
2013-11-14 18:59 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-11-14 18:59 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-11-14 18:58 - 2013-04-15 16:01 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2013-11-14 18:41 - 2013-11-14 18:44 - 05147957 ____R (Swearware) C:\Users\Bob_Barb\Desktop\ComboFix.exe
2013-11-14 18:19 - 2013-11-14 18:19 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{0E661164-44D0-4FC5-81AA-3D834F88CC63}
2013-11-14 18:19 - 2010-06-08 08:44 - 00000000 ____D C:\Users\Bob_Barb\Tracing
2013-11-13 23:40 - 2013-11-13 23:40 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{B40B4C38-F482-403F-B410-F9CB9E0331E2}
2013-11-13 23:22 - 2013-11-13 23:18 - 00000000 ____D C:\Users\Bob_Barb\Desktop\RK_Quarantine
2013-11-13 23:20 - 2013-11-13 23:20 - 00002689 _____ C:\Users\Bob_Barb\Desktop\RKreport[0]_S_11132013_232040.txt
2013-11-13 21:49 - 2013-11-13 21:37 - 00000000 ____D C:\AdwCleaner
2013-11-13 21:43 - 2013-11-13 21:43 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{1C6310D7-C532-4A1F-BC6F-18DC95FC5ACA}
2013-11-13 21:35 - 2013-11-13 21:35 - 00124613 _____ C:\Users\Bob_Barb\Desktop\JRT.txt
2013-11-13 17:23 - 2013-11-13 17:23 - 00000000 ____D C:\Windows\ERUNT
2013-11-13 17:20 - 2013-11-13 17:25 - 04118528 _____ C:\Users\Bob_Barb\Desktop\RogueKillerX64.exe
2013-11-13 17:20 - 2013-11-13 17:24 - 03643392 _____ C:\Users\Bob_Barb\Desktop\RogueKiller.exe
2013-11-13 17:14 - 2013-11-13 17:24 - 01085542 _____ C:\Users\Bob_Barb\Desktop\AdwCleaner.exe
2013-11-13 17:12 - 2013-11-13 17:23 - 01034531 _____ (Thisisu) C:\Users\Bob_Barb\Desktop\JRT.exe
2013-11-13 05:29 - 2013-11-13 05:31 - 00688992 ____R (Swearware) C:\Users\Bob_Barb\Desktop\dds.scr
2013-11-13 04:53 - 2013-11-11 19:55 - 00000462 _____ C:\rkill.log
2013-11-13 04:39 - 2012-12-24 09:55 - 00000000 ____D C:\Users\Bob_Barb\Documents\cats
2013-11-13 04:37 - 2012-08-24 04:51 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-13 04:37 - 2011-12-24 17:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 04:30 - 2010-06-04 20:34 - 00000000 ____D C:\Users\Bob_Barb
2013-11-13 00:08 - 2009-07-14 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 __RSD C:\Windows\Media
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\IME
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Cursors
2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-11-13 00:07 - 2013-11-08 19:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-13 00:07 - 2013-11-08 19:44 - 00000000 ____D C:\Program Files\iTunes
2013-11-13 00:07 - 2013-11-08 19:44 - 00000000 ____D C:\Program Files\iPod
2013-11-13 00:07 - 2013-03-13 05:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-13 00:07 - 2012-12-25 07:37 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Epson
2013-11-13 00:07 - 2012-12-21 15:19 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2013-11-13 00:07 - 2012-12-21 15:04 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2013-11-13 00:07 - 2012-12-21 14:59 - 00000000 ____D C:\Program Files\Common Files\EPSON
2013-11-13 00:07 - 2012-11-14 12:44 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-11-13 00:07 - 2012-05-28 08:51 - 00000000 ____D C:\ProgramData\FLEXnet
2013-11-13 00:07 - 2012-02-04 10:28 - 00000000 ____D C:\Program Files\Movie Maker
2013-11-13 00:07 - 2012-01-20 16:20 - 00000000 ____D C:\Program Files\Bonjour
2013-11-13 00:07 - 2011-07-25 08:07 - 00000000 ____D C:\Program Files\Bulk Rename Utility
2013-11-13 00:07 - 2011-07-19 05:09 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-11-13 00:07 - 2011-06-28 06:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-13 00:07 - 2011-03-08 16:04 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-13 00:07 - 2011-01-04 17:16 - 00000000 ____D C:\ProgramData\HP
2013-11-13 00:07 - 2010-08-02 17:33 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2013-11-13 00:07 - 2010-08-02 17:33 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Juniper Networks
2013-11-13 00:07 - 2010-07-31 07:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 00:07 - 2010-06-14 11:10 - 00000000 ____D C:\ProgramData\eSellerate
2013-11-13 00:07 - 2010-06-05 06:42 - 00000000 ____D C:\ProgramData\McAfee
2013-11-13 00:07 - 2010-06-04 20:40 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-13 00:07 - 2010-06-04 20:34 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-13 00:07 - 2010-06-04 20:34 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-13 00:07 - 2010-06-04 20:34 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\Hewlett-Packard
2013-11-13 00:07 - 2010-05-31 14:26 - 00000000 ____D C:\ProgramData\Norton
2013-11-13 00:07 - 2010-05-31 14:16 - 00000000 ____D C:\ProgramData\WildTangent
2013-11-13 00:07 - 2010-05-31 14:02 - 00000000 ____D C:\Program Files\PC-Doctor for Windows
2013-11-13 00:07 - 2010-05-31 13:56 - 00000000 ____D C:\ProgramData\Uninstall
2013-11-13 00:07 - 2010-05-31 13:56 - 00000000 ____D C:\ProgramData\CinemaNow
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\zh-CHT
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\zh-CHS
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\tr
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\sv
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\sk
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ru
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ro
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\pt
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\pl
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\no
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\nl
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ko
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ja
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\it
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\hu
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\fr
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\fi
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\es
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\el
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\de
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\da
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\cs
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\bg
2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\ProgramData\Applications
2013-11-13 00:07 - 2010-05-31 13:49 - 00000000 ____D C:\Program Files\PlayReady
2013-11-13 00:07 - 2010-05-31 13:46 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-11-13 00:07 - 2010-05-31 13:44 - 00000000 __HDC C:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}
2013-11-13 00:07 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\restore
2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\spp
2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\Speech
2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Branding
2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-13 00:06 - 2013-11-08 19:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-13 00:06 - 2013-06-27 05:25 - 00000000 ____D C:\Program Files (x86)\Content Manager
2013-11-13 00:06 - 2013-06-21 18:56 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-13 00:06 - 2013-03-13 05:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-13 00:06 - 2012-12-21 15:13 - 00000000 ____D C:\Program Files (x86)\LTCM Client
2013-11-13 00:06 - 2012-01-20 16:20 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-11-13 00:06 - 2011-07-19 05:09 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-11-13 00:06 - 2011-03-08 16:04 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-11-13 00:06 - 2010-12-04 08:53 - 00000000 ____D C:\Program Files (x86)\Brother's Keeper 6
2013-11-13 00:06 - 2010-06-17 17:29 - 00000000 ____D C:\Program Files (x86)\Image Resizer
2013-11-13 00:06 - 2010-06-14 11:23 - 00000000 ____D C:\Program Files (x86)\BIAS
2013-11-13 00:06 - 2010-06-14 11:23 - 00000000 ____D C:\Binaries
2013-11-13 00:06 - 2010-06-05 06:45 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-11-13 00:06 - 2010-05-31 14:20 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-11-13 00:06 - 2010-05-31 14:16 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-11-13 00:06 - 2010-05-31 14:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-11-13 00:06 - 2010-05-31 13:50 - 00000000 ____D C:\Program Files (x86)\Virtual Earth 3D
2013-11-13 00:06 - 2010-05-31 13:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Touch Pack for Windows 7
2013-11-13 00:06 - 2010-05-31 13:41 - 00000000 ____D C:\Program Files (x86)\hp
2013-11-13 00:06 - 2010-05-31 13:40 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-11-13 00:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-11-12 23:52 - 2010-07-31 07:32 - 00000000 ___RD C:\MSOCache
2013-11-12 19:28 - 2013-11-12 06:14 - 00000000 ____D C:\Users\Bob_Barb\Downloads\mbar
2013-11-12 19:28 - 2009-07-14 01:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-12 06:30 - 2013-11-12 06:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-12 06:10 - 2013-11-13 04:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bob_Barb\Desktop\mbam-setup-downloaded.exe
2013-11-12 05:27 - 2013-11-12 05:27 - 04101100 _____ C:\Users\Bob_Barb\Downloads\tdsskiller.zip
2013-11-11 20:01 - 2013-11-11 19:18 - 00009274 _____ C:\Windows\IE11_main.log
2013-11-11 20:00 - 2013-11-11 20:00 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1 (1).exe
2013-11-11 19:18 - 2013-11-11 19:18 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1.exe
2013-11-11 16:23 - 2012-04-18 14:26 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBob_Barb
2013-11-11 16:23 - 2012-04-18 14:26 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForBob_Barb.job
2013-11-11 09:09 - 2013-01-26 09:04 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001Core.job
2013-11-10 08:49 - 2011-12-11 18:03 - 11403264 _____ C:\Users\Bob_Barb\Documents\KernewekCattery.accdb
2013-11-08 19:45 - 2013-11-08 19:45 - 00001745 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-31 16:24 - 2010-06-04 20:55 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-10-30 05:13 - 2010-11-29 08:51 - 44568576 _____ C:\Users\Bob_Barb\Documents\Address.mdb
2013-10-29 17:11 - 2013-10-29 17:11 - 05572008 _____ (Fitbit Inc.) C:\Users\Bob_Barb\Downloads\FitbitConnect_Win_20131007_1.0.0.4065.exe
2013-10-22 17:09 - 2013-10-22 17:09 - 00070232 _____ C:\Users\Bob_Barb\Downloads\ScotlandsPeople.3385C93F-A0E2-4454-9ADC-C7D71CC0C558-D1922_495_00_0016Z.TIF
2013-10-19 16:24 - 2013-10-19 16:24 - 05064423 _____ C:\Users\Bob_Barb\Downloads\20131019_111935.mp4
 
Files to move or delete:
====================
C:\Windows\System32\mctadmin.exe
 
 
Some content of TEMP:
====================
C:\Users\Bob_Barb\AppData\Local\Temp\contentDATs.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-10 00:13
 
==================== End Of Log ============================
Link to post
Share on other sites

ADDITION

(my first attachment of this file may have been incomplete) Apologies

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013

Ran by Bob_Barb at 2013-11-18 17:35:56

Running from C:\Users\Bob_Barb\Downloads

Boot Mode: Safe Mode (with Networking)

==========================================================

 

 

==================== Security Center ========================

 

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

 

==================== Installed Programs ======================

 

64 Bit HP CIO Components Installer (Version: 7.2.8)

Acrobat.com (x32 Version: 2.1.0)

Acrobat.com (x32 Version: 2.1.0.0)

Adobe AIR (x32 Version: 2.0.2.12610)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)

AIS Data Handler (x32)

Apple Application Support (x32 Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (x32 Version: 2.1.3.127)

BIAS SoundSoap SE 2.2 (x32 Version: 2.2)

Bing Bar (x32 Version: 7.0.850.0)

Bing Maps 3D (Version: 4.0.903.16005)

Bluetooth by hp (Version: 6.2.0.9600)

Bonjour (Version: 3.0.0.10)

Brother's Keeper 6.4 (x32)

Bulk Rename Utility 2.7.1.2

Buttons & OSDs control application gen3 (x32 Version: 1.0.3.0)

CinemaNow Media Manager (x32 Version: 1.9.1.102)

Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)

Content Manager (x32 Version: 2.70)

Corel Paint it! touch - IPM (x32 Version: 1.1)

Coupon Printer for Windows (x32 Version: 5.0.0.0)

D3DX10 (x32 Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

DesignPro 5 (x32 Version: 5.5.708)

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)

DVD Menu Pack for HP TouchSmart Video (x32 Version: 3.1.3224)

Epson Connect (x32)

Epson Connect Printer Setup (x32 Version: 1.1.1)

Epson Customer Participation (Version: 1.0.0.0)

Epson Download Navigator (x32 Version: 1.0.1)

Epson Event Manager (x32 Version: 2.50.0000)

EPSON NX430 Series Printer Uninstall

EPSON Scan (x32)

EpsonNet Print (x32 Version: 2.5.00)

ESET Online Scanner v3 (x32)

Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)

Fitbit Connect (x32 Version: 1.0.0.2578)

GIS Tutorial 1 - Student Resources (x32 Version: 1.00.0000)

Google Chrome (x32 Version: 30.0.1599.101)

Google Earth (x32 Version: 7.1.1.1888)

Google Update Helper (x32 Version: 1.3.21.165)

Hardware Diagnostic Tools (Version: 6.0.5247.34)

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)

HP Advisor (x32 Version: 3.3.9512.3162)

HP Ambient Light (Version: 1.9.6.0)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7)

HP Games (x32 Version: 1.0.0.71)

HP MAINSTREAM KEYBOARD (x32 Version: 1.4.3.0)

HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0)

HP MediaSmart DVD (x32 Version: 3.1.3317)

HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.2.0)

HP Odometer (x32 Version: 2.10.0000)

HP Product Detection (x32 Version: 10.7.9.0)

HP Remote Solution (x32 Version: 1.1.11.0)

HP Remote Solution (x32 Version: 1.1.12.0)

HP Setup (x32 Version: 1.2.3560.3170)

HP Support Assistant (x32 Version: 7.0.39.15)

HP Support Information (x32 Version: 10.1.0002)

HP TouchSmart (x32 Version: 3.0.35.0)

HP TouchSmart Browser (x32 Version: 3.0.0008)

HP TouchSmart Calendar (x32 Version: 3.1.3532.29998)

HP TouchSmart Canvas (x32 Version: 1.1.3611.25561)

HP TouchSmart Clock (x32 Version: 3.0.3572.25998)

HP TouchSmart Link (x32 Version: 1.0.3526.0)

HP TouchSmart Music/Photo/Video (x32 Version: 3.1.3601)

HP TouchSmart Notes (x32 Version: 3.1.3544.29053)

HP TouchSmart Paint it! by Corel - Content (x32 Version: 1.0)

HP TouchSmart Paint it! by Corel - Core (x32 Version: 1.0)

HP TouchSmart Paint it! by Corel - ICA (x32 Version: 1.0)

HP TouchSmart Paint it! by Corel - Langauge (x32 Version: 1.0)

HP TouchSmart Paint it! by Corel (x32 Version: 1.5.0.96)

HP TouchSmart RecipeBox (x32 Version: 1.1.4004.27748)

HP TouchSmart RSS (x32 Version: 3.0.0006)

HP TouchSmart Tutorials (x32 Version: 3.0.5.2)

HP TouchSmart Tutorials (x32 Version: 3.2.0.0)

HP TouchSmart Twitter (x32 Version: 1.0.3541.23899)

HP TouchSmart Weather (x32 Version: 3.0.0.1)

HP TouchSmart Webcam (x32 Version: 3.1.2219)

HP Update (x32 Version: 5.003.001.001)

HPDiagnosticAlert (x32 Version: 1.00.0000)

Hulu Desktop (HKCU Version: 0.9.10)

Image Resizer Powertoy Clone for Windows (64 bit) (Version: 2.1)

Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32 (x32 Version: 5.2.0.2)

iTunes (Version: 11.1.3.8)

Java Auto Updater (x32 Version: 2.0.5.1)

Java 6 Update 26 (x32 Version: 6.0.260)

Juniper Networks Cache Cleaner 6.3.0 (HKCU Version: 6.3.0.14121)

Juniper Networks Host Checker (HKCU Version: 6.3.0.14121)

Juniper Networks Network Connect 6.3.0 (x32 Version: 6.3.0.14121)

Juniper Networks Setup Client (HKCU Version: 1.3.2.12683)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

LG USB Modem driver (x32)

LTCM Client (x32 Version: 1.20.3792)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

McAfee AntiVirus Plus (x32 Version: 11.6.511)

McAfee Security Scan Plus (x32 Version: 2.1.121.2)

McAfee Virtual Technician (x32 Version: 5.5.2.0)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)

Microsoft Touch Pack for Windows 7 (x32 Version: 1.0.40517.00)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Works (x32 Version: 9.7.0621)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)

Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)

MobileMe Control Panel (Version: 3.1.8.0)

Movie Maker 6.0 for Windows 7 (64-bit) (Version: 6.0.0)

Movie Theme Pack for HP TouchSmart Video (x32 Version: 3.1.3310)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

NVIDIA Control Panel 296.19 (Version: 296.19)

NVIDIA Display Control Panel (Version: 6.14.11.9819)

NVIDIA Graphics Driver 296.19 (Version: 296.19)

NVIDIA Install Application (Version: 2.1002.62.312)

NVIDIA Update 1.7.12 (Version: 1.7.12)

NVIDIA Update Components (Version: 1.7.12)

Picasa 3 (x32 Version: 3.9)

PlayReady PC Runtime amd64 (Version: 1.3.0)

PVSonyDll (Version: 1.00.0001)

QuickTime (x32 Version: 7.74.80.86)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6053)

Recovery Manager (x32 Version: 5.5.2216)

Roxio CinemaNow 2.0 (x32 Version: 1.0.254)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)

Shared C Run-time for x64 (Version: 10.0.0)

SketchUp 8 (x32 Version: 3.0.16846)

SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0)

SmartSound Sonicfire Pro 5 (x32 Version: 5.1.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2494150) (x32)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3555.0308)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live Sync (x32 Version: 14.0.8089.726)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

 

==================== Restore Points  =========================

 

09-10-2013 09:38:59 Windows Update

17-10-2013 05:00:04 Scheduled Checkpoint

25-10-2013 05:00:01 Scheduled Checkpoint

01-11-2013 05:00:01 Scheduled Checkpoint

08-11-2013 06:00:01 Scheduled Checkpoint

12-11-2013 02:01:26 Windows Modules Installer

 

==================== Hosts content: ==========================

 

2009-07-13 20:34 - 2013-11-14 19:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {013194A4-6A98-48F4-AD0C-8D52BF2BC1D3} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - Bob_Barb => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2011-04-07] (Leader Technologies Inc.)

Task: {0300D12D-666F-4771-B053-36B4E2BF61D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)

Task: {072E5B9F-6AE8-459C-B4CE-10B5A3560CF2} - System32\Tasks\HPCeeScheduleForBob_Barb => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

Task: {08BB0CB9-BD7A-4AC6-BBEB-506E509EA0DC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001UA => C:\Users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-26] (Facebook Inc.)

Task: {32381DD8-8F92-4805-A934-9E7FF9C338B2} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)

Task: {3A6543C0-F6AC-4920-83E9-FD384D80B588} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {49051F9C-AB4D-4519-9DF5-C8C66F4EC4E5} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)

Task: {511DE7F0-5C9E-4765-BDE3-1CEAE52C74DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)

Task: {5CBF80FF-7431-4AE3-A1DC-07A89C86425D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_NetworkCheck.exe [2013-08-20] (Hewlett-Packard)

Task: {66FE12A1-AC82-4FDA-9C59-864B05904D37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {781B6F8B-5E61-4CE3-8E28-688203E0EF5B} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

Task: {8813F975-C8D9-4ECE-8662-AC4B10BD3E1F} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {8E3C7655-6DD5-4572-9C5A-CFB012E685B1} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {928F60E2-193C-411E-A44E-B3E8B72CBFCD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {A0737A0D-4697-4963-A351-8D04AD335261} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {A21596C3-D815-4A84-9D13-E11A5FFABED5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001Core => C:\Users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-26] (Facebook Inc.)

Task: {A594EF00-FEA0-4C16-AFB2-A22EE956B7E6} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)

Task: {D08930E6-619F-42F1-A4C3-5B1AE3B09F07} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()

Task: {D6D21185-344C-43BA-BB33-7CA7BD0E2F43} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {DDE20799-2040-4A3D-919D-42298187507A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)

Task: {E73817CD-BB27-47CC-BD93-6C71C93DF23F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001Core.job => C:\Users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001UA.job => C:\Users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForBob_Barb.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-04-04 00:09 - 2013-04-04 00:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

 

==================== Faulty Device Manager Devices =============

 

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: Buttons and OSDs ACPI driver gen2

Description: Buttons and OSDs ACPI driver gen2

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: ACPI

Service: ACPIService

Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Resolution: A registry problem was detected.

 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

 

Name: Consumer IR Devices

Description: Consumer IR Devices

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: circlass

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/18/2013 05:32:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (11/18/2013 05:32:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (11/18/2013 05:30:40 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (11/18/2013 05:28:07 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (11/17/2013 06:20:46 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (11/17/2013 06:14:21 PM) (Source: Application Hang) (User: )

Description: The program 9130576.exe version 11.0.0.1245 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 16f8

 

Start Time: 01cee3efdf6c490c

 

Termination Time: 60000

 

Application Path: C:\Users\Bob_Barb\AppData\Local\Temp\3781654\9130576.exe

 

Report Id: 551fe40d-4fe5-11e3-b82d-002713a62db3

 

Error: (11/17/2013 05:53:25 PM) (Source: Application Error) (User: )

Description: Faulting application name: mcshield.exe, version: 15.1.0.520, time stamp: 0x50f59f8d

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0000000000000000

Faulting process id: 0xcc0

Faulting application start time: 0xmcshield.exe0

Faulting application path: mcshield.exe1

Faulting module path: mcshield.exe2

Report Id: mcshield.exe3

 

Error: (11/17/2013 05:53:18 PM) (Source: McLogEvent) (User: NT AUTHORITY)

Description: Exception in McShield.Exe!

 

Exception details follow :

 

VSCORE.15.1.0.520

Exception Code       : 0X00000000C0000005

Exception Address    : 0000000000000000

Exception Parameters : 2

 Param 1 = 0X0000000000000008

 Param 2 = 0000000000000000

 

More information :

 

Error: (11/17/2013 05:50:38 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (11/17/2013 05:43:42 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

 

System errors:

=============

Error: (11/18/2013 05:32:04 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/18/2013 05:32:04 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/18/2013 05:32:04 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/18/2013 05:32:02 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/18/2013 05:32:02 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/18/2013 05:32:02 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/18/2013 05:32:02 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/18/2013 05:32:02 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/18/2013 05:32:02 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/18/2013 05:32:02 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

 

Microsoft Office Sessions:

=========================

Error: (11/18/2013 05:32:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: WmiApRplWmiApRpl8F20300004D070000

 

Error: (11/18/2013 05:32:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: Performance1637070000000000000000000009030000

 

Error: (11/18/2013 05:30:40 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bob_Barb\Downloads\esetsmartinstaller_enu.exe

 

Error: (11/18/2013 05:28:07 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bob_Barb\Desktop\esetsmartinstaller_enu.exe

 

Error: (11/17/2013 06:20:46 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bob_Barb\Downloads\esetsmartinstaller_enu.exe

 

Error: (11/17/2013 06:14:21 PM) (Source: Application Hang)(User: )

Description: 9130576.exe11.0.0.124516f801cee3efdf6c490c60000C:\Users\Bob_Barb\AppData\Local\Temp\3781654\9130576.exe551fe40d-4fe5-11e3-b82d-002713a62db3

 

Error: (11/17/2013 05:53:25 PM) (Source: Application Error)(User: )

Description: mcshield.exe15.1.0.52050f59f8dunknown0.0.0.000000000c00000050000000000000000cc001cee3efc3d3b29fC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeunknown7270a839-4fe3-11e3-b82d-002713a62db3

 

Error: (11/17/2013 05:53:18 PM) (Source: McLogEvent)(User: NT AUTHORITY)

Description: VSCORE.15.1.0.520

Exception Code       : 0X00000000C0000005

Exception Address    : 0000000000000000

Exception Parameters : 2

 Param 1 = 0X0000000000000008

 Param 2 = 0000000000000000

 

More information :

 

Error: (11/17/2013 05:50:38 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bob_Barb\Desktop\esetsmartinstaller_enu.exe

 

Error: (11/17/2013 05:43:42 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bob_Barb\Desktop\esetsmartinstaller_enu.exe

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-11-14 18:58:01.320

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-11-14 18:58:01.070

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-11-13 21:59:01.916

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-13 21:59:01.900

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-13 21:59:01.900

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-12-25 07:35:38.964

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-25 07:35:38.839

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 15%

Total physical RAM: 6103.11 MB

Available physical RAM: 5165.73 MB

Total Pagefile: 12204.41 MB

Available Pagefile: 11287.7 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

 

==================== Drives ================================

 

Drive c: (HP) (Fixed) (Total:919.57 GB) (Free:647.96 GB) NTFS

Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.85 GB) (Free:1.69 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi Borislav.

I posted my data for you (the FRST file and the ADDITION file.

I only ran a scan. Did not run fix.

 

I did not try to run the tool in Normal mode.

 

I was waiting for a reply from you as to how I should proceed.

 

(otherwsie, to answer your question, I would say nothing has changed as I have not told this last program to run any kind of "fix", as you did not tell me specifically to do it. So i will assume that nothing has changed on the computer).

 

Just let me know: should I run FRST again, and then riun the Fix option?

Link to post
Share on other sites

Step 1

Download Windows Repair (all in one) from here.

Install and then run the program.

On the Start Repairs tab click Start.

DwysfIW.jpg

When the Repair Options screen populates, be sure to select all items and also check Restart System When Finished.

Now press Start.

Step 2

Follow the instructions here:

http://support.microsoft.com/kb/923737

When you are ready reboot your system and let me know how is the system.

Link to post
Share on other sites

Hi Borislav.

I did run the program (from Safe Mode). Unfortunately it did not help me.

So I went back into Safe Mode and took a chance, running Rogue Killer again. It presented me with pretty much the same registry entry issues posted earlier to this thread.

This time, I told Rouge Killer to delete the entries.

Then I tried running Windows Repair program again.

But I still had no luck. I was unable to see any issues, but the virus maintained control and locked me out of functionality.

 

I then opted to do a factory image restore.

 

That factpry image restore was successful. (well it certainly appears that way so far). Of course I lost all my documents, music, Office programs, etc  on the hard disk, but I had made a backup of the documents many months prior and did not have that much current information to be concerned about. I had to reinstall Office, iTunes, and all the hassle associated to moving my library, as I did not back up the iTunes library file.

 

But so far, it seems to be working. I can now function normally and can run all of the Malware scans I want without being locked out.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.