Wayfair_Furniture_Malware_Infection

zraj07 · November 12, 2013

Visited a website called wayfair furniture.

At some point during navigation, Internet Explorer began to respond very slowly. Then it would not close. Google Chrome seemed to be unaffected. Internet via cable, running McAfee AV, all the latest defintions in place. No threats noted.

My system is Win 7 with the latest updates.

Thought maybe the poor weather was causing cable connectivity issues resulting in poor IE performance.

But noticed it was not possible to do a system restart. System just "hangs". Had to power off. Upon restart, everything seemed to be fine. IE worked...But within a minute or so, IE failed to respond. Then, trying to open Chrome, that failed to respond as well.

However, all folder navigation seemed to function fine.

Beliveing a malware infection, tried running MalwareBytes. It would start a Quick Scan, but then fail to respond. It scanned a few folders.

Unable to terminate MalwareBytes. Power off shutdown and tried again, but tried the McAfee route and chose their scan tool. This also faikled to complete a scan. Just hangs the system.

Tried this a few times, noticed that MalwareBytes would cease scanning, but not at the same files, so there was no pattern to what was kmaking it hang.

Running Windows from Safe Mode allows the MalwareBytes tool to run to completion. It tells me no issues found. I also had TDSS Killer, and a run of that in Safe Mode said no issues existed.

But once you restart Windows, it seems that after some specified number of minutes IE will fail to function. Onvce it fails, then Chrome seems to follow along.

However, if you open Chrome first, and don't load IE, then the system seems to work fine (until you try to scan with Malware Bytes).

(I was able to download the latest version of IE from Chrome and install it successfully).

I don't know if I am dealing with a McAfee update that is just preventing MalwareBytes from running.

McAfee doesn't identify MalwareBytes as a threat (if it sees it as one). McAfee says my system is a-ok, no threats..

I have had experience with MalwareBytes in the past. I know it works. Usually, it runs and scans with no issues from my McAfee. I don't go to sites where I'd expect to pick up malware, but I would tell people to avoid the Arizona Shuttle Bus Service website, as I believe it infected me with an exploit trojan last year, although I can tell you their service is genuine, but just too bad that someone managed to load something bad onto their website..

I guess, before I pester people at MalwareBytes with logfiles, etc, , is there someting I can do to eliminate my McAfee as a suspect in terms of why my Malware Bytes scan will not run (but recall, it runs fine in Safe Mode). I hesitate to turn it of, because I am concerned that the malware may be waiting for me to do just that..

Maniac · November 12, 2013

Hello zraj07 and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

zraj07 · November 13, 2013

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/4/2010 9:34:27 PM
System Uptime: 11/13/2013 5:28:55 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | E66
Processor: Intel® Core i7 CPU Q 720 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 651.093 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.686 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfehidk
Device ID: ROOT\LEGACY_MFEHIDK\0000
Manufacturer:
Name: McAfee Inc. mfehidk
PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
Service: mfehidk
.
==== System Restore Points ===================
.
RP303: 10/9/2013 4:38:59 AM - Windows Update
RP304: 10/17/2013 12:00:04 AM - Scheduled Checkpoint
RP305: 10/25/2013 12:00:01 AM - Scheduled Checkpoint
RP306: 11/1/2013 12:00:01 AM - Scheduled Checkpoint
RP307: 11/8/2013 12:00:01 AM - Scheduled Checkpoint
RP308: 11/11/2013 8:01:26 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
AIS Data Handler
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BIAS SoundSoap SE 2.2
Bing Bar
Bing Maps 3D
Bluetooth by hp
Bonjour
Brother's Keeper 6.4
Bulk Rename Utility 2.7.1.2
Buttons & OSDs control application gen3
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
Content Manager
Corel Paint it! touch - IPM
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignPro 5
DirectX for Managed Code Update (Summer 2004)
DVD Menu Pack for HP TouchSmart Video
Epson Connect
Epson Connect Printer Setup
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
EPSON NX430 Series Printer Uninstall
EPSON Scan
EpsonNet Print
Facebook Video Calling 1.2.0.287
Fitbit Connect
GIS Tutorial 1 - Student Resources
Google Chrome
Google Earth
Google Update Helper
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Ambient Light
HP Customer Experience Enhancements
HP Games
HP MAINSTREAM KEYBOARD
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP TouchSmart
HP TouchSmart Browser
HP TouchSmart Calendar
HP TouchSmart Canvas
HP TouchSmart Clock
HP TouchSmart Link
HP TouchSmart Music/Photo/Video
HP TouchSmart Notes
HP TouchSmart Paint it! by Corel
HP TouchSmart Paint it! by Corel - Content
HP TouchSmart Paint it! by Corel - Core
HP TouchSmart Paint it! by Corel - ICA
HP TouchSmart Paint it! by Corel - Langauge
HP TouchSmart RecipeBox
HP TouchSmart RSS
HP TouchSmart Tutorials
HP TouchSmart Twitter
HP TouchSmart Weather
HP TouchSmart Webcam
HP Update
HPDiagnosticAlert
Hulu Desktop
Image Resizer Powertoy Clone for Windows (64 bit)
Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32
iTunes
Java Auto Updater
Java 6 Update 26
Juniper Networks Cache Cleaner 6.3.0
Juniper Networks Host Checker
Juniper Networks Network Connect 6.3.0
Juniper Networks Setup Client
Junk Mail filter update
LG USB Modem driver
LTCM Client
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee AntiVirus Plus
McAfee Security Scan Plus
McAfee Virtual Technician
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Native Client
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.0
MobileMe Control Panel
Movie Maker 6.0 for Windows 7 (64-bit)
Movie Theme Pack for HP TouchSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 296.19
NVIDIA Display Control Panel
NVIDIA Graphics Driver 296.19
NVIDIA Install Application
NVIDIA Update 1.7.12
NVIDIA Update Components
Picasa 3
PlayReady PC Runtime amd64
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
SketchUp 8
SmartSound Quicktracks Plugin
SmartSound Sonicfire Pro 5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
11/13/2013 5:31:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
11/13/2013 5:30:35 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2013 5:30:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/13/2013 5:30:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/13/2013 5:30:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/13/2013 5:30:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/13/2013 5:30:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2013 5:30:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/13/2013 5:29:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2013 5:29:17 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2013 4:40:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
11/12/2013 7:02:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/12/2013 7:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
11/12/2013 6:30:20 AM, Error: mbamchameleon [61440] -
11/12/2013 10:36:22 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/11/2013 7:47:15 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16720
Run by Bob_Barb at 5:31:21 on 2013-11-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.4862 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130316032629.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [CmTray] "C:\Program Files (x86)\Content Manager\launchCM.exe"
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus NX430" /EF "HKCU"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Bob_Barb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com

TCP: Interfaces\{3B0235CC-F961-4355-A83C-61AD65A5558B} : DHCPNameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{C711AD4E-7C81-4B92-8F37-D6CB8255A279} : DHCPNameServer = 192.168.1.1 64.233.207.8 64.233.207.9
TCP: Interfaces\{C711AD4E-7C81-4B92-8F37-D6CB8255A279}\6594A594F4 : DHCPNameServer = 192.168.1.1 64.233.207.8 64.233.207.9
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130316032629.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-1-24 340216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-14 55280]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2010-5-31 17992]
R3 FintekCIR;Fintek eHome Transceiver;C:\Windows\System32\drivers\FintekCIR.sys [2010-12-22 30824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-31 56344]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\System32\drivers\hidkmdf.sys [2010-5-31 14328]
R3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\System32\drivers\NW1950.sys [2010-5-31 25080]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-1-24 771536]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/05/31 12:58:44];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-5-31 146928]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-31 98208]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-9-10 22072]
S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-1-15 127984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-1-8 151648]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
S2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-14 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-14 201304]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-14 201304]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-1-24 241456]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-1-24 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-24 182752]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-31 35104]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-1-24 70112]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-14 196440]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-1-24 309840]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-1-24 515968]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-1-24 106552]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-13 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-31 239616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-13 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2013-2-2 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-5 1255736]
.
=============== Created Last 30 ================
.
2013-11-13 10:42:52 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{49B24C89-3553-425E-A2A5-0F5C0649E4ED}
2013-11-13 10:31:24 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{CCE938C4-D103-4942-AE0F-E8C98CE9978B}
2013-11-13 00:37:40 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{5B01677C-476A-49F4-81EE-56FF1CE196EB}
2013-11-12 13:00:22 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{D87869D2-4873-4CA9-8D82-7B6A25D62261}
2013-11-12 12:55:07 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{004140B3-E95B-48DE-8D21-974DA9B3C133}
2013-11-12 12:44:07 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{FFC432AC-B75F-4FD6-920E-0B644E25ECBA}
2013-11-12 12:15:00 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-12 00:38:43 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{7006D9A0-B550-404F-9D3F-3916A34D9D1C}
2013-11-12 00:28:32 -------- d-----w- C:\Users\Bob_Barb\AppData\Local\{E76D3EFD-A1B6-47E7-A569-753A1E4C4E13}
2013-11-09 01:44:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 01:44:51 -------- d-----w- C:\Program Files\iTunes
2013-11-09 01:44:51 -------- d-----w- C:\Program Files\iPod
2013-11-09 01:44:51 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2013-10-09 13:45:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 13:45:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH: 5:32:44.21 ===============

zraj07 · November 13, 2013

Hi Borslav. The first set of files I ran in Safe Mode.

The system will not let dds run to completion in normal mode

Maniac · November 13, 2013

Step 1

Please uninstall this application: Coupon Printer for Windows

Step 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
- Launch Malwarebytes' Anti-Malware
- Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
- Go to Scanner tab and select Perform Quick Scan, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Step 5
- Download on the desktop RogueKiller
- Quit all programs
- Start RogueKiller.exe
- Wait until Prescan has finished ...
- Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
Note: Don't fix anything without my instructions
In your next reply, post the following log files:
- Junkware Removal Tool log
- AdwCleaner log
- Malwarebytes' Anti-Malware log
- RogueKiller log

zraj07 · November 14, 2013

# AdwCleaner v3.012 - Report created 13/11/2013 at 21:38:32
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bob_Barb - BOBBARBDESKTOP
# Running from : C:\Users\Bob_Barb\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [998 octets] - [13/11/2013 21:37:19]
AdwCleaner[s0].txt - [926 octets] - [13/11/2013 21:38:32]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [985 octets] ##########

alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.13.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16721
Bob_Barb :: BOBBARBDESKTOP [administrator]

11/13/2013 9:57:31 PM
mbam-log-2013-11-13 (21-57-31).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Bob_Barb\Documents\Storage\H_Drive_Data\accesspv.exe (PUP.Password.Viewer) -> Quarantined and deleted successfully.
C:\Users\Bob_Barb\Documents\Storage\H_Drive_Data\GIS_Stuff\accesspv.zip (PUP.Password.Viewer) -> Quarantined and deleted successfully.
C:\Users\Bob_Barb\Documents\Storage\MyDocs_25Jul12\My Documents\accesspv.exe (PUP.Password.Viewer) -> Quarantined and deleted successfully.
C:\Users\Bob_Barb\Documents\Storage\MyDocs_25Jul12\My Documents\GIS_Stuff\accesspv.zip (PUP.Password.Viewer) -> Quarantined and deleted successfully.

(end)

RogueKiller V8.7.7 _x64_ [Nov 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Bob_Barb [Admin rights]
Mode : Scan -- Date : 11/13/2013 23:20:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] AdwCleaner.exe -- C:\Users\Bob_Barb\Desktop\AdwCleaner.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA332 +++++
--- User ---
[MBR] 9aaf2cd6d507eec1493f599578054c9d
[bSP] 5b897ff099118a0f08861acd82c095a9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941637 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1928679424 | Size: 12130 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE3 @ USB) Generic Flash Disk USB Device +++++
--- User ---
[MBR] 8a1f412dcb8a6f79453545b745f2c3c7
[bSP] d043f3abe1d852a91224723c5930d39b : Legit.A MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2048 | Size: 941 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11132013_232040.txt >>

JRT_output.txt

zraj07 · November 14, 2013

Unable to run any of the previously listed programs in anything except Safe Mode.

Unable to delete Coupon Printer, although this was one of the first programs I had on my computer when I purchased it from HP, and was one of the first programs I tried to uninstall back then with no success.

I was aware that I had a program callled accesspv, found by MalwareBytes after doing a complete scan. I used this tool to unlock excel worksheets. Was not aware it was malware, although I knew that it performed a specific function. It is now deleted.

Rougekiller reported items, but as you indicated, I did not do anything (no fixes/repairs) and exited the program after saving the report.

Maniac · November 14, 2013

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

zraj07 · November 15, 2013

best I could do. Had to run in Safe Mode. It ran, but on reboot, it never did produce the report you see below. hours passed. Restarted and found this file myself in the location you specified. The only dialog box said JANOSD2 kernel could not be loaded. Had to close that to proceed.

ComboFix 13-11-12.01 - Bob_Barb 11/14/2013 18:51:13.1.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.5286 [GMT -6:00]
Running from: C:\Users\Bob_Barb\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\install.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Users\Bob_Barb\Documents\ZDS22236.TMP
C:\Users\Bob_Barb\Documents\ZDS23225.TMP
C:\Users\Bob_Barb\Documents\ZDS23392.TMP
C:\Users\Bob_Barb\Documents\ZDS23692.TMP
C:\Users\Bob_Barb\Documents\ZDS24737.TMP
C:\Users\Bob_Barb\Documents\ZDS25116.TMP
C:\Windows\COUPon~1.ocx
C:\Windows\inf\win32
C:\Windows\inf\win32\0x0404.ini
C:\Windows\inf\win32\0x0405.ini
C:\Windows\inf\win32\0x0406.ini
C:\Windows\inf\win32\0x0407.ini
C:\Windows\inf\win32\0x0408.ini
C:\Windows\inf\win32\0x0409.ini
C:\Windows\inf\win32\0x040a.ini
C:\Windows\inf\win32\0x040b.ini
C:\Windows\inf\win32\0x040c.ini
C:\Windows\inf\win32\0x040e.ini
C:\Windows\inf\win32\0x0410.ini
C:\Windows\inf\win32\0x0411.ini
C:\Windows\inf\win32\0x0412.ini
C:\Windows\inf\win32\0x0413.ini
C:\Windows\inf\win32\0x0414.ini
C:\Windows\inf\win32\0x0415.ini
C:\Windows\inf\win32\0x0416.ini
C:\Windows\inf\win32\0x0418.ini
C:\Windows\inf\win32\0x0419.ini
C:\Windows\inf\win32\0x041a.ini
C:\Windows\inf\win32\0x041d.ini
C:\Windows\inf\win32\0x041f.ini
C:\Windows\inf\win32\0x0804.ini
C:\Windows\inf\win32\0x0816.ini
C:\Windows\inf\win32\1028.mst
C:\Windows\inf\win32\1029.mst
C:\Windows\inf\win32\1030.mst
C:\Windows\inf\win32\1031.mst
C:\Windows\inf\win32\1032.mst
C:\Windows\inf\win32\1033.mst
C:\Windows\inf\win32\1034.mst
C:\Windows\inf\win32\1035.mst
C:\Windows\inf\win32\1036.mst
C:\Windows\inf\win32\1038.mst
C:\Windows\inf\win32\1040.mst
C:\Windows\inf\win32\1041.mst
C:\Windows\inf\win32\1042.mst
C:\Windows\inf\win32\1043.mst
C:\Windows\inf\win32\1044.mst
C:\Windows\inf\win32\1045.mst
C:\Windows\inf\win32\1046.mst
C:\Windows\inf\win32\1048.mst
C:\Windows\inf\win32\1049.mst
C:\Windows\inf\win32\1050.mst
C:\Windows\inf\win32\1053.mst
C:\Windows\inf\win32\1055.mst
C:\Windows\inf\win32\2052.mst
C:\Windows\inf\win32\2070.mst
C:\Windows\inf\win32\BBalloon.dll
C:\Windows\inf\win32\brcmVista\bcbthid32.cat
C:\Windows\inf\win32\brcmVista\bcbthid32.inf
C:\Windows\inf\win32\brcmVista\bcbtums-win7x86-brcm.cat
C:\Windows\inf\win32\brcmVista\Bcbtums-Win7x86-brcm.inf
C:\Windows\inf\win32\brcmVista\btusbflt.sys
C:\Windows\inf\win32\brcmVista\DPInst.exe
C:\Windows\inf\win32\brcmWin7\bcbthid32.cat
C:\Windows\inf\win32\brcmWin7\bcbthid32.inf
C:\Windows\inf\win32\brcmWin7\bcbtums-win7x86-brcm.cat
C:\Windows\inf\win32\brcmWin7\Bcbtums-Win7x86-brcm.inf
C:\Windows\inf\win32\brcmWin7\btusbflt.sys
C:\Windows\inf\win32\brcmWin7\DPInst.exe
C:\Windows\inf\win32\BtSetup.dll
C:\Windows\inf\win32\BTW.msi
C:\Windows\inf\win32\btw_ci.dll
C:\Windows\inf\win32\btwaudio.cat
C:\Windows\inf\win32\btwaudio.inf
C:\Windows\inf\win32\btwaudio.sys
C:\Windows\inf\win32\btwavdt.cat
C:\Windows\inf\win32\btwavdt.inf
C:\Windows\inf\win32\btwavdt.sys
C:\Windows\inf\win32\btwl2cap.cat
C:\Windows\inf\win32\btwl2cap.inf
C:\Windows\inf\win32\BTWL2CAP.sys
C:\Windows\inf\win32\BtwMM.exe
C:\Windows\inf\win32\btwprofpack.dll
C:\Windows\inf\win32\btwrchid.cat
C:\Windows\inf\win32\btwrchid.inf
C:\Windows\inf\win32\btwrchid.sys
C:\Windows\inf\win32\BtwRSupport.dll
C:\Windows\inf\win32\Data1.cab
C:\Windows\inf\win32\Inst.exe
C:\Windows\inf\win32\instmsia.exe
C:\Windows\inf\win32\instmsiw.exe
C:\Windows\inf\win32\Setup.exe
C:\Windows\inf\win32\Setup.ini
C:\Windows\inf\win32\svcpack\SvcPack.ini

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ACPIService

((((((((((((((((((((((((( Files Created from 2013-10-15 to 2013-11-15 )))))))))))))))))))))))))))))))

2013-11-14 03:37:03 . 2013-11-14 03:49:25 -------- d-----w- C:\AdwCleaner
2013-11-13 23:23:27 . 2013-11-13 23:23:27 -------- d-----w- C:\Windows\ERUNT
2013-11-12 12:15:00 . 2013-11-12 12:30:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-09 01:44:51 . 2013-11-13 06:07:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 01:44:51 . 2013-11-13 06:07:06 -------- d-----w- C:\Program Files\iTunes
2013-11-09 01:44:51 . 2013-11-13 06:07:04 -------- d-----w- C:\Program Files\iPod
2013-11-09 01:44:51 . 2013-11-13 06:06:43 -------- d-----w- C:\Program Files (x86)\iTunes
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-10-09 13:45:15 . 2012-06-07 20:30:01 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-09 13:45:15 . 2011-05-18 11:07:16 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 09:43:28 . 2010-06-08 11:05:42 80541720 ----a-w- C:\Windows\system32\MRT.exe
2013-09-22 23:28:06 . 2013-10-09 09:52:02 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 . 2013-10-09 09:52:05 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 . 2013-10-09 09:52:09 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 . 2013-10-09 09:52:09 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:16 . 2013-10-09 09:52:09 51712 ----a-w- C:\Windows\system32\ie4uinit.exe
2013-09-22 22:55:10 . 2013-10-09 09:52:02 2241024 ----a-w- C:\Windows\system32\wininet.dll
2013-09-22 22:55:07 . 2013-10-09 09:52:04 1365504 ----a-w- C:\Windows\system32\urlmon.dll
2013-09-22 22:54:55 . 2013-10-09 09:52:07 603136 ----a-w- C:\Windows\system32\msfeeds.dll
2013-09-22 22:54:55 . 2013-10-09 09:51:58 19252224 ----a-w- C:\Windows\system32\mshtml.dll
2013-09-22 22:54:51 . 2013-10-09 09:52:06 855552 ----a-w- C:\Windows\system32\jscript.dll
2013-09-22 22:54:51 . 2013-10-09 09:52:06 3959296 ----a-w- C:\Windows\system32\jscript9.dll
2013-09-22 22:54:51 . 2013-10-09 09:52:03 53248 ----a-w- C:\Windows\system32\jsproxy.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:10 526336 ----a-w- C:\Windows\system32\ieui.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:09 67072 ----a-w- C:\Windows\system32\iesetup.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:09 39936 ----a-w- C:\Windows\system32\iernonce.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:09 136704 ----a-w- C:\Windows\system32\iesysprep.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:08 2647552 ----a-w- C:\Windows\system32\iertutil.dll
2013-09-22 22:54:50 . 2013-10-09 09:52:00 15404544 ----a-w- C:\Windows\system32\ieframe.dll
2013-09-21 03:38:39 . 2013-10-09 09:52:11 2706432 ----a-w- C:\Windows\system32\mshtml.tlb
2013-09-21 03:30:24 . 2013-10-09 09:52:10 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 . 2013-10-09 09:52:09 89600 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 . 2013-10-09 09:52:09 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 . 2013-10-09 09:38:12 497152 ----a-w- C:\Windows\system32\drivers\afd.sys
2013-09-08 02:30:37 . 2013-10-09 09:38:13 1903552 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-09-08 02:27:14 . 2013-10-09 09:38:13 327168 ----a-w- C:\Windows\system32\mswsock.dll
2013-09-08 02:03:58 . 2013-10-09 09:38:12 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 . 2013-10-09 09:34:33 343040 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2013-09-04 12:11:51 . 2013-10-09 09:34:33 325120 ----a-w- C:\Windows\system32\drivers\usbport.sys
2013-09-04 12:11:49 . 2013-10-09 09:34:33 99840 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
2013-09-04 12:11:43 . 2013-10-09 09:34:33 52736 ----a-w- C:\Windows\system32\drivers\usbehci.sys
2013-09-04 12:11:43 . 2013-10-09 09:34:33 30720 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
2013-09-04 12:11:42 . 2013-10-09 09:34:32 25600 ----a-w- C:\Windows\system32\drivers\usbohci.sys
2013-09-04 12:11:40 . 2013-10-09 09:34:33 7808 ----a-w- C:\Windows\system32\drivers\usbd.sys
2013-08-29 02:17:48 . 2013-10-09 09:38:23 5549504 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-08-29 02:16:35 . 2013-10-09 09:38:22 1732032 ----a-w- C:\Windows\system32\ntdll.dll
2013-08-29 02:16:28 . 2013-10-09 09:38:21 243712 ----a-w- C:\Windows\system32\wow64.dll
2013-08-29 02:16:14 . 2013-10-09 09:38:21 859648 ----a-w- C:\Windows\system32\tdh.dll
2013-08-29 02:13:28 . 2013-10-09 09:38:22 878080 ----a-w- C:\Windows\system32\advapi32.dll
2013-08-29 01:51:45 . 2013-10-09 09:38:22 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 . 2013-10-09 09:38:22 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 . 2013-10-09 09:38:20 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 . 2013-10-09 09:38:21 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 . 2013-10-09 09:38:21 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 . 2013-10-09 09:38:21 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 . 2013-10-09 09:38:20 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 . 2013-10-09 09:38:20 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 . 2013-10-09 09:38:20 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 . 2013-10-09 09:38:20 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 . 2013-10-09 09:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 . 2013-10-09 09:38:02 3155968 ----a-w- C:\Windows\system32\win32k.sys
2013-08-28 01:12:33 . 2013-10-09 09:37:54 461312 ----a-w- C:\Windows\system32\scavengeui.dll

Maniac · November 15, 2013

This is not the entire log file. Make sure you mark all of the content before copy/paste.

zraj07 · November 15, 2013

I had to run ComboFix from Windows Safe Mode.

After it ran (and it seemed to run successfully from what I saw) , it rebooted the system.

Once the system rebooted, it was in Normal mode.

Combo fix said it was finishing up and going to produce a log file, but once the computer got going in Normal mode, ComboFix sat there for a couple of hours and the system became unresponsive.

I have tried to run ComboFix from the system in normal mode as well. The program only gets to a point where it tries to create a Sytem Restore Point.

It does not proceed from there.

zraj07 · November 15, 2013

I am running Combofix again from Safe Mode.

It tells me McAfee is active, but I checked and everything I could turn off was in Off mode

It says it completed 50 stages.

Preparing log report. do not run any programs until Combofix has finished.

Says "combofix log shall be located at C:\combofix.txt

alsmot done. this windoow will close in a short while.

OK..So now the report is completed.

This iwas a different set of behaviors this morning than yesterday evening, as yesterday evening after running Combofix it wanted to reboot into Normal mode and after that, the "incomplete log file" generated.

here is the new "complete file after running from Safe Mode:

ComboFix 13-11-12.01 - Bob_Barb 11/15/2013   5:18.2.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6103.4804 [GMT -6:00]
Running from: c:\users\Bob_Barb\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe
c:\users\Bob_Barb\Documents\ZDS22236.TMP
c:\users\Bob_Barb\Documents\ZDS23225.TMP
c:\users\Bob_Barb\Documents\ZDS23392.TMP
c:\users\Bob_Barb\Documents\ZDS23692.TMP
c:\users\Bob_Barb\Documents\ZDS24737.TMP
c:\users\Bob_Barb\Documents\ZDS25116.TMP
c:\windows\COUPon~1.ocx
c:\windows\inf\win32\0x0404.ini
c:\windows\inf\win32\0x0405.ini
c:\windows\inf\win32\0x0406.ini
c:\windows\inf\win32\0x0407.ini
c:\windows\inf\win32\0x0408.ini
c:\windows\inf\win32\0x0409.ini
c:\windows\inf\win32\0x040a.ini
c:\windows\inf\win32\0x040b.ini
c:\windows\inf\win32\0x040c.ini
c:\windows\inf\win32\0x040e.ini
c:\windows\inf\win32\0x0410.ini
c:\windows\inf\win32\0x0411.ini
c:\windows\inf\win32\0x0412.ini
c:\windows\inf\win32\0x0413.ini
c:\windows\inf\win32\0x0414.ini
c:\windows\inf\win32\0x0415.ini
c:\windows\inf\win32\0x0416.ini
c:\windows\inf\win32\0x0418.ini
c:\windows\inf\win32\0x0419.ini
c:\windows\inf\win32\0x041a.ini
c:\windows\inf\win32\0x041d.ini
c:\windows\inf\win32\0x041f.ini
c:\windows\inf\win32\0x0804.ini
c:\windows\inf\win32\0x0816.ini
c:\windows\inf\win32\1028.mst
c:\windows\inf\win32\1029.mst
c:\windows\inf\win32\1030.mst
c:\windows\inf\win32\1031.mst
c:\windows\inf\win32\1032.mst
c:\windows\inf\win32\1033.mst
c:\windows\inf\win32\1034.mst
c:\windows\inf\win32\1035.mst
c:\windows\inf\win32\1036.mst
c:\windows\inf\win32\1038.mst
c:\windows\inf\win32\1040.mst
c:\windows\inf\win32\1041.mst
c:\windows\inf\win32\1042.mst
c:\windows\inf\win32\1043.mst
c:\windows\inf\win32\1044.mst
c:\windows\inf\win32\1045.mst
c:\windows\inf\win32\1046.mst
c:\windows\inf\win32\1048.mst
c:\windows\inf\win32\1049.mst
c:\windows\inf\win32\1050.mst
c:\windows\inf\win32\1053.mst
c:\windows\inf\win32\1055.mst
c:\windows\inf\win32\2052.mst
c:\windows\inf\win32\2070.mst
c:\windows\inf\win32\BBalloon.dll
c:\windows\inf\win32\brcmVista\bcbthid32.cat
c:\windows\inf\win32\brcmVista\bcbthid32.inf
c:\windows\inf\win32\brcmVista\bcbtums-win7x86-brcm.cat
c:\windows\inf\win32\brcmVista\Bcbtums-Win7x86-brcm.inf
c:\windows\inf\win32\brcmVista\btusbflt.sys
c:\windows\inf\win32\brcmVista\DPInst.exe
c:\windows\inf\win32\brcmWin7\bcbthid32.cat
c:\windows\inf\win32\brcmWin7\bcbthid32.inf
c:\windows\inf\win32\brcmWin7\bcbtums-win7x86-brcm.cat
c:\windows\inf\win32\brcmWin7\Bcbtums-Win7x86-brcm.inf
c:\windows\inf\win32\brcmWin7\btusbflt.sys
c:\windows\inf\win32\brcmWin7\DPInst.exe
c:\windows\inf\win32\BtSetup.dll
c:\windows\inf\win32\BTW.msi
c:\windows\inf\win32\btw_ci.dll
c:\windows\inf\win32\btwaudio.cat
c:\windows\inf\win32\btwaudio.inf
c:\windows\inf\win32\btwaudio.sys
c:\windows\inf\win32\btwavdt.cat
c:\windows\inf\win32\btwavdt.inf
c:\windows\inf\win32\btwavdt.sys
c:\windows\inf\win32\btwl2cap.cat
c:\windows\inf\win32\btwl2cap.inf
c:\windows\inf\win32\BTWL2CAP.sys
c:\windows\inf\win32\BtwMM.exe
c:\windows\inf\win32\btwprofpack.dll
c:\windows\inf\win32\btwrchid.cat
c:\windows\inf\win32\btwrchid.inf
c:\windows\inf\win32\btwrchid.sys
c:\windows\inf\win32\BtwRSupport.dll
c:\windows\inf\win32\Data1.cab
c:\windows\inf\win32\Inst.exe
c:\windows\inf\win32\instmsia.exe
c:\windows\inf\win32\instmsiw.exe
c:\windows\inf\win32\Setup.exe
c:\windows\inf\win32\Setup.ini
c:\windows\inf\win32\svcpack\SvcPack.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACPIService
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-15 to 2013-11-15 )))))))))))))))))))))))))))))))
.
.
2013-11-15 11:26 . 2013-11-15 11:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-15 11:26 . 2013-11-15 11:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-14 03:37 . 2013-11-14 03:49 -------- d-----w- C:\AdwCleaner
2013-11-13 23:23 . 2013-11-13 23:23 -------- d-----w- c:\windows\ERUNT
2013-11-12 12:15 . 2013-11-12 12:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-09 01:44 . 2013-11-13 06:07 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 01:44 . 2013-11-13 06:07 -------- d-----w- c:\program files\iTunes
2013-11-09 01:44 . 2013-11-13 06:07 -------- d-----w- c:\program files\iPod
2013-11-09 01:44 . 2013-11-13 06:06 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 13:45 . 2012-06-07 20:30 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 13:45 . 2011-05-18 11:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 09:43 . 2010-06-08 11:05 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-22 23:28 . 2013-10-09 09:52 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-09 09:52 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-09 09:52 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-09 09:52 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-09 09:52 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-09 09:52 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-09 09:52 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-09 09:52 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-09 09:51 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-09 09:52 855552 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-09 09:52 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-09 09:52 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-09 09:52 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-09 09:52 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-09 09:52 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-09 09:52 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-09 09:52 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-09 09:52 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-09 09:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-09 09:52 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-09 09:52 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-09 09:52 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-09 09:38 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-09 09:38 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 09:38 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 09:38 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 09:34 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 09:34 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 09:34 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 09:34 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 09:34 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 09:34 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 09:34 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-09 09:38 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 09:38 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 09:38 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 09:38 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 09:38 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 09:38 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 09:38 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 09:38 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 09:38 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 09:38 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 09:38 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 09:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 09:38 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 09:38 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 09:38 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 09:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 09:38 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 09:37 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Facebook Update"="c:\users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-26 138096]
"CmTray"="c:\program files (x86)\Content Manager\launchCM.exe" [2011-12-28 94208]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE" [2012-02-29 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2011-04-07 2756864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/05/31 12:58];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl;c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
R2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
R3 mfehidk01;McAfee Inc.;Device\mfehidk01.sys;Device\mfehidk01.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys;c:\windows\SYSNATIVE\DRIVERS\lgx64gps.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S3 FintekCIR;Fintek eHome Transceiver;c:\windows\system32\DRIVERS\FintekCIR.sys;c:\windows\SYSNATIVE\DRIVERS\FintekCIR.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys;c:\windows\SYSNATIVE\DRIVERS\NW1950.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 07:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 13:45]
.
2013-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001Core.job
- c:\users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-26 15:04]
.
2013-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001UA.job
- c:\users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-26 15:04]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 12:50]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 12:50]
.
2013-11-11 c:\windows\Tasks\HPCeeScheduleForBob_Barb.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2013-10-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com

.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Fitbit Connect - c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Fitbit Connect - c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-15 05:29:15
ComboFix-quarantined-files.txt 2013-11-15 11:29
.
Pre-Run: 700,121,792,512 bytes free
Post-Run: 699,610,976,256 bytes free
.
- - End Of File - - EAD783A428D15D558469A4A4631E1E6A
8592081FD66D4D425D9A1A5A55A7AA57

zraj07 · November 15, 2013

ComboFix quarantinedfiles

2013-11-15 11:27:42 . 2013-11-15 11:27:42              377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-11-15 11:27:29 . 2013-11-15 11:27:30              185 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-Fitbit Connect.reg.dat
2013-11-15 11:27:27 . 2013-11-15 11:27:27              172 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Fitbit Connect.reg.dat
2013-11-15 00:56:07 . 2013-11-15 00:56:07            1,328 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ACPIService.reg.dat
2013-11-15 00:55:56 . 2013-11-15 11:24:10           11,914 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-11-15 00:49:04 . 2013-11-15 11:17:07              153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-02-25 15:58:30 . 2013-02-25 15:58:30        3,093,024 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe.vir
2011-01-30 22:37:00 . 2011-01-30 22:37:00               51 ----a-w- C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS25116.TMP.vir
2011-01-15 03:30:31 . 2011-01-15 03:30:31               67 ----a-w- C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS24737.TMP.vir
2011-01-15 03:25:11 . 2011-01-15 03:25:11               66 ----a-w- C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS23692.TMP.vir
2011-01-15 03:23:39 . 2011-01-15 03:23:39               67 ----a-w- C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS23392.TMP.vir
2011-01-15 03:22:48 . 2011-01-15 03:22:48               66 ----a-w- C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS23225.TMP.vir
2011-01-15 03:17:45 . 2011-01-15 03:17:45               66 ----a-w- C:\Qoobox\Quarantine\C\Users\Bob_Barb\Documents\ZDS22236.TMP.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:24           10,100 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\bcbtums-win7x86-brcm.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:28           13,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\Bcbtums-Win7x86-brcm.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:20           43,944 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\btusbflt.sys.vir
2010-05-31 19:45:49 . 2006-05-02 11:15:04          521,128 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\DPInst.exe.vir
2010-05-31 19:45:49 . 2009-04-10 13:53:32            2,927 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\svcpack\SvcPack.ini.vir
2010-05-31 19:45:49 . 2009-07-01 18:03:10          869,664 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\Setup.exe.vir
2010-05-31 19:45:49 . 2009-07-02 08:44:06            2,113 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\Setup.ini.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:28            8,086 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\bcbthid32.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:26            1,661 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\bcbthid32.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:24           10,100 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\bcbtums-win7x86-brcm.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:28           13,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\Bcbtums-Win7x86-brcm.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:20           43,944 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\btusbflt.sys.vir
2010-05-31 19:45:49 . 2006-05-02 11:15:04          521,128 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmVista\DPInst.exe.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:28            8,086 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\bcbthid32.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:26            1,661 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\brcmWin7\bcbthid32.inf.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:14          260,648 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\Inst.exe.vir
2010-05-31 19:45:49 . 2002-03-11 09:45:04        1,708,856 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\instmsia.exe.vir
2010-05-31 19:45:49 . 2002-03-11 10:06:30        1,822,520 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\instmsiw.exe.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:10            3,510 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwl2cap.inf.vir
2010-05-31 19:45:49 . 2009-04-07 15:32:50           29,472 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\BTWL2CAP.sys.vir
2010-05-31 19:45:49 . 2007-02-05 00:16:48        6,115,168 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\BtwMM.exe.vir
2010-05-31 19:45:49 . 2009-07-01 18:03:26          628,000 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwprofpack.dll.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:08            8,050 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwrchid.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:08           23,342 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwrchid.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:04           18,344 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwrchid.sys.vir
2010-05-31 19:45:49 . 2009-07-01 18:03:26          234,784 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\BtwRSupport.dll.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:20          113,256 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btw_ci.dll.vir
2010-05-31 19:45:49 . 2009-07-02 08:41:40       13,468,412 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\Data1.cab.vir
2010-05-31 19:45:49 . 2009-07-01 18:03:20          107,808 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\BBalloon.dll.vir
2010-05-31 19:45:49 . 2009-07-01 18:03:24          374,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\BtSetup.dll.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:08        3,608,724 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\BTW.msi.vir
2010-05-31 19:45:49 . 2009-07-02 07:59:28            9,643 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwaudio.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:18           35,938 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwaudio.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:14           86,056 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwaudio.sys.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:14           12,414 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwavdt.cat.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:12           14,078 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwavdt.inf.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:12          108,072 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwavdt.sys.vir
2010-05-31 19:45:49 . 2009-07-01 12:46:10            7,484 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\btwl2cap.cat.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          244,736 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1040.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          295,424 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1041.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          394,752 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1042.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          244,736 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1043.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          238,592 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1044.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          238,592 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1045.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          241,664 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1046.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:08          276,480 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1048.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          258,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1049.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          272,896 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1050.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          238,592 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1053.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:08          273,920 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1055.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:00          273,920 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\2052.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          274,944 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\2070.mst.vir
2010-05-31 19:45:49 . 2004-04-08 17:31:48            6,076 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0816.ini.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:00          241,152 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1028.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          273,408 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1029.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:00          239,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1030.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          245,760 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1031.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          302,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1032.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:08            3,584 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1033.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:04          242,176 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1034.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          240,128 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1035.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:02          245,760 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1036.mst.vir
2010-05-31 19:45:49 . 2009-07-02 08:42:06          276,480 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\1038.mst.vir
2010-05-31 19:45:49 . 2004-04-15 11:16:50            5,586 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x040b.ini.vir
2010-05-31 19:45:49 . 2004-04-07 14:04:46            6,394 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x040c.ini.vir
2010-05-31 19:45:49 . 2004-04-07 14:17:08            5,760 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x040e.ini.vir
2010-05-31 19:45:49 . 2004-04-07 14:30:20            6,160 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0410.ini.vir
2010-05-31 19:45:49 . 2004-04-15 16:37:32            5,887 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0411.ini.vir
2010-05-31 19:45:49 . 2004-04-09 15:19:28            5,045 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0412.ini.vir
2010-05-31 19:45:49 . 2004-04-07 15:24:54            6,087 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0413.ini.vir
2010-05-31 19:45:49 . 2004-04-14 14:11:40            5,695 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0414.ini.vir
2010-05-31 19:45:49 . 2004-04-07 15:50:12            5,863 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0415.ini.vir
2010-05-31 19:45:49 . 2004-04-07 16:09:12            5,900 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0416.ini.vir
2010-05-31 19:45:49 . 2004-04-07 16:19:26            5,708 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0418.ini.vir
2010-05-31 19:45:49 . 2004-04-07 16:29:22            5,780 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0419.ini.vir
2010-05-31 19:45:49 . 2004-04-08 10:45:42            5,677 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x041a.ini.vir
2010-05-31 19:45:49 . 2004-04-14 14:00:30            5,485 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x041d.ini.vir
2010-05-31 19:45:49 . 2004-04-08 11:13:20            5,656 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x041f.ini.vir
2010-05-31 19:45:49 . 2004-04-08 15:10:00            3,841 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0804.ini.vir
2010-05-31 19:45:49 . 2004-04-14 10:36:42            3,771 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0404.ini.vir
2010-05-31 19:45:49 . 2004-04-06 17:43:56            5,770 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0405.ini.vir
2010-05-31 19:45:49 . 2004-04-07 09:20:02            5,722 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0406.ini.vir
2010-05-31 19:45:49 . 2004-04-15 15:24:44            6,265 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0407.ini.vir
2010-05-31 19:45:49 . 2004-04-14 13:49:30            6,601 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0408.ini.vir
2010-05-31 19:45:49 . 2009-02-10 17:02:04            5,491 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x0409.ini.vir
2010-05-31 19:45:49 . 2004-04-07 11:24:56            6,265 ----a-w- C:\Qoobox\Quarantine\C\Windows\inf\Win32\0x040a.ini.vir
2009-11-10 03:21:03 . 2009-11-19 21:16:27           68,824 ----a-w- C:\Qoobox\Quarantine\C\Windows\COUPon~1.ocx.vir
2007-11-07 13:03:18 . 2007-11-07 13:03:18          562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir

Maniac · November 15, 2013

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

zraj07 · November 16, 2013

Could not run this tool from Normal mode.

Sytem first indicated JAN2OSD can't open because ACPI Kernel Mode Driver would not open.

Could not get Internet Explorer to function.

Was able to disable McAfee as ESET indicated it could detect it was running

Downloaded and ran ESET online scan tool using Google Chrome

The program ESET online and the computer becaame unresponsive at 20% completion. Had to reboot into Safe Mode

Ran ESET online from Internet Explorer, but ESET indicated it was not running against Internet Explorer and I had to run their tool for alternate browsers.

ESET online launched and scanned.

It completed and their dialog box indicated no threats were found. There was no option anywhere in which to produce a txt file or access any kind of report, so I have nothing to provide unless it wrote a report to the system somewhere.

Maniac · November 17, 2013

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

zraj07 · November 18, 2013

I ran the tool from Safe Mode. it took all day. At completion, said no threats found. I extracted the report regardless and attached it here.

I restarted and tried to run the program from normal mode.

The tool loaded and started to run. It gets to 1% completion and then stops. Every AV program so far has only been able to run for about 1 min 30 secs total, then the system seems to be aware an AV program is trying to do something, and it sets the system into an endless loop.

The only tool you have had me try that actually seemed to find anything was Rouge Killer, and that tool willl not run from Normal mode either (it only ran in safe Mode).

I kind of appreciate what someone has done here, as they have successfully hid their work from nearly every program you have suggested so far, remaining invisible in Safe Mode, only to wakeup and prevent itsef from being found or seen or termnated.

Maniac · November 18, 2013

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

zraj07 · November 18, 2013

All run from Safe Mode. 64 bit

I only chose SCAN

I kept the defaults (everything on Whitelist selected, and in Optional scan, I left BCD and Drivers unchecked, and by default had only the Addition.txt checked.

(I will also try to run this tool from "normal" mode if you tell me I should do that.

I did NOT run "search files" and did NOT run "fix". Please advise if I should do that or not.

Thanks very much for all of your help borislav (maniac) . I greatly appreciate this!

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013

Ran by Bob_Barb (administrator) on BOBBARBDESKTOP on 18-11-2013 17:32:19

Running from C:\Users\Bob_Barb\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-25] (Realtek Semiconductor)

HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)

HKLM-x32\...\Runonce: [GrpConv] - grpconv -o [x]

HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

HKCU\...\Run: [Facebook Update] - C:\Users\Bob_Barb\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-26] (Facebook Inc.)

HKCU\...\Run: [CmTray] - C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()

HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)

HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)

HKLM-x32\...\Run: [buttons & OSDs control application gen3] - C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe [212992 2009-11-17] (Hewlett-Packard)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [LTCM Client] - C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

HKU\UpdatusUser\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_02051031.lnk

ShortcutTarget: _uninst_02051031.lnk -> C:\Users\Bob_Barb\AppData\Local\Temp\_uninst_02051031.bat ()

Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_69933140.lnk

ShortcutTarget: _uninst_69933140.lnk -> C:\Users\Bob_Barb\AppData\Local\Temp\_uninst_69933140.bat ()

Startup: C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_97672578.lnk

ShortcutTarget: _uninst_97672578.lnk -> C:\Users\Bob_Barb\AppData\Local\Temp\_uninst_97672578.bat ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {0D5FBA60-44CF-404D-9299-72C4A446511F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM-x32 - {0D5FBA60-44CF-404D-9299-72C4A446511F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKCU - {0D5FBA60-44CF-404D-9299-72C4A446511F} URL =

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {E8CC5F5E-3C53-4ADE-AB59-1F4B9AEDA949} URL =

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131117165819.dll (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131117165854.dll (McAfee, Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: HKLM-x32 {8FD07749-EFFA-48C6-947C-45A8D7BF422F} http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.consorta.com/dana-cached/sc/JuniperSetupClient.cab

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 64.233.207.8 64.233.207.9

Chrome:

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Bob_Barb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File

CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll (Hulu LLC)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()

CHR Extension: (Google Drive) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Google Wallet) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Gmail) - C:\Users\Bob_Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R0 02051031; C:\Windows\System32\DRIVERS\02051031.sys [460888 2013-11-18] (Kaspersky Lab ZAO)

R0 69933140; C:\Windows\System32\DRIVERS\69933140.sys [460888 2013-11-17] (Kaspersky Lab ZAO)

R0 97672578; C:\Windows\System32\DRIVERS\97672578.sys [460888 2013-11-17] (Kaspersky Lab ZAO)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdX64.sys [29184 2009-03-26] (Juniper Networks)

R3 FintekCIR; C:\Windows\System32\DRIVERS\FintekCIR.sys [30824 2010-12-22] (Fintek)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

R3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [25080 2009-09-17] ()

S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)

S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)

S1 47134829; system32\DRIVERS\47134829.sys [x]

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 mfehidk01; \Device\mfehidk01.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-18 17:32 - 2013-11-18 17:32 - 00016237 _____ C:\Users\Bob_Barb\Downloads\FRST.txt

2013-11-18 17:32 - 2013-11-18 17:32 - 00000000 ____D C:\FRST

2013-11-18 17:30 - 2013-11-18 17:30 - 01957964 _____ (Farbar) C:\Users\Bob_Barb\Downloads\FRST64.exe

2013-11-17 18:21 - 2013-11-17 18:21 - 00003206 _____ C:\Windows\System32\Tasks\{D5373953-E929-4A14-8FAC-D7984D315DBD}

2013-11-17 18:14 - 2013-11-18 01:33 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\02051031.sys

2013-11-17 18:13 - 2013-11-17 18:14 - 24149642 _____ C:\Users\Bob_Barb\Desktop\Scan2.zip

2013-11-17 18:12 - 2013-11-17 18:13 - 153641288 _____ C:\Users\Bob_Barb\Desktop\setup_11.0.1.1245.x01_2013_11_18_01_33.exe

2013-11-17 17:12 - 2013-11-17 17:32 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\69933140.sys

2013-11-17 16:56 - 2013-11-17 17:32 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\97672578.sys

2013-11-17 16:45 - 2013-11-17 16:45 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\CrashDumps

2013-11-17 16:32 - 2013-11-17 16:44 - 527145800 _____ C:\Users\Bob_Barb\Desktop\Scan2.txt

2013-11-17 08:41 - 2013-11-17 08:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2013-11-15 19:12 - 2013-11-15 19:12 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Desktop\esetsmartinstaller_enu.exe

2013-11-15 18:24 - 2013-11-15 18:24 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Downloads\esetsmartinstaller_enu.exe

2013-11-15 18:24 - 2013-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\ESET

2013-11-15 05:29 - 2013-11-15 05:29 - 00028206 _____ C:\ComboFix.txt

2013-11-14 18:49 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe

2013-11-14 18:49 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe

2013-11-14 18:49 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-11-14 18:49 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-11-14 18:49 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-11-14 18:49 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe

2013-11-14 18:49 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe

2013-11-14 18:49 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe

2013-11-14 18:44 - 2013-11-15 05:29 - 00000000 ____D C:\Qoobox

2013-11-14 18:44 - 2013-11-15 05:27 - 00000000 ____D C:\Windows\erdnt

2013-11-14 18:44 - 2013-11-14 18:41 - 05147957 ____R (Swearware) C:\Users\Bob_Barb\Desktop\ComboFix.exe

2013-11-14 18:19 - 2013-11-14 18:19 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{0E661164-44D0-4FC5-81AA-3D834F88CC63}

2013-11-13 23:40 - 2013-11-13 23:40 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{B40B4C38-F482-403F-B410-F9CB9E0331E2}

2013-11-13 23:20 - 2013-11-13 23:20 - 00002689 _____ C:\Users\Bob_Barb\Desktop\RKreport[0]_S_11132013_232040.txt

2013-11-13 23:18 - 2013-11-13 23:22 - 00000000 ____D C:\Users\Bob_Barb\Desktop\RK_Quarantine

2013-11-13 21:43 - 2013-11-13 21:43 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{1C6310D7-C532-4A1F-BC6F-18DC95FC5ACA}

2013-11-13 21:37 - 2013-11-13 21:49 - 00000000 ____D C:\AdwCleaner

2013-11-13 21:35 - 2013-11-13 21:35 - 00124613 _____ C:\Users\Bob_Barb\Desktop\JRT.txt

2013-11-13 17:25 - 2013-11-13 17:20 - 04118528 _____ C:\Users\Bob_Barb\Desktop\RogueKillerX64.exe

2013-11-13 17:24 - 2013-11-13 17:20 - 03643392 _____ C:\Users\Bob_Barb\Desktop\RogueKiller.exe

2013-11-13 17:24 - 2013-11-13 17:14 - 01085542 _____ C:\Users\Bob_Barb\Desktop\AdwCleaner.exe

2013-11-13 17:23 - 2013-11-13 17:23 - 00000000 ____D C:\Windows\ERUNT

2013-11-13 17:23 - 2013-11-13 17:12 - 01034531 _____ (Thisisu) C:\Users\Bob_Barb\Desktop\JRT.exe

2013-11-13 05:31 - 2013-11-13 05:29 - 00688992 ____R (Swearware) C:\Users\Bob_Barb\Desktop\dds.scr

2013-11-13 04:36 - 2013-11-12 06:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Bob_Barb\Desktop\mbam-setup-downloaded.exe

2013-11-12 06:15 - 2013-11-12 06:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-12 06:14 - 2013-11-12 19:28 - 00000000 ____D C:\Users\Bob_Barb\Downloads\mbar

2013-11-12 05:27 - 2013-11-12 05:27 - 04101100 _____ C:\Users\Bob_Barb\Downloads\tdsskiller.zip

2013-11-11 20:00 - 2013-11-11 20:00 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1 (1).exe

2013-11-11 19:55 - 2013-11-13 04:53 - 00000462 _____ C:\rkill.log

2013-11-11 19:51 - 2011-12-24 17:21 - 01578288 _____ (Kaspersky Lab ZAO) C:\Users\Bob_Barb\Desktop\tdsskiller.exe

2013-11-11 19:18 - 2013-11-11 20:01 - 00009274 _____ C:\Windows\IE11_main.log

2013-11-11 19:18 - 2013-11-11 19:18 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1.exe

2013-11-08 19:45 - 2013-11-08 19:45 - 00001745 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-11-08 19:44 - 2013-11-13 00:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-08 19:44 - 2013-11-13 00:07 - 00000000 ____D C:\Program Files\iTunes

2013-11-08 19:44 - 2013-11-13 00:07 - 00000000 ____D C:\Program Files\iPod

2013-11-08 19:44 - 2013-11-13 00:06 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-10-29 17:11 - 2013-10-29 17:11 - 05572008 _____ (Fitbit Inc.) C:\Users\Bob_Barb\Downloads\FitbitConnect_Win_20131007_1.0.0.4065.exe

2013-10-22 17:09 - 2013-10-22 17:09 - 00070232 _____ C:\Users\Bob_Barb\Downloads\ScotlandsPeople.3385C93F-A0E2-4454-9ADC-C7D71CC0C558-D1922_495_00_0016Z.TIF

2013-10-19 16:24 - 2013-10-19 16:24 - 05064423 _____ C:\Users\Bob_Barb\Downloads\20131019_111935.mp4

==================== One Month Modified Files and Folders =======

2013-11-18 17:32 - 2013-11-18 17:32 - 00016237 _____ C:\Users\Bob_Barb\Downloads\FRST.txt

2013-11-18 17:32 - 2013-11-18 17:32 - 00000000 ____D C:\FRST

2013-11-18 17:32 - 2009-07-13 23:13 - 00005356 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-18 17:30 - 2013-11-18 17:30 - 01957964 _____ (Farbar) C:\Users\Bob_Barb\Downloads\FRST64.exe

2013-11-18 01:33 - 2013-11-17 18:14 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\02051031.sys

2013-11-17 18:23 - 2010-10-14 06:51 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-17 18:21 - 2013-11-17 18:21 - 00003206 _____ C:\Windows\System32\Tasks\{D5373953-E929-4A14-8FAC-D7984D315DBD}

2013-11-17 18:16 - 2010-06-04 20:40 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-17 18:14 - 2013-11-17 18:13 - 24149642 _____ C:\Users\Bob_Barb\Desktop\Scan2.zip

2013-11-17 18:13 - 2013-11-17 18:12 - 153641288 _____ C:\Users\Bob_Barb\Desktop\setup_11.0.1.1245.x01_2013_11_18_01_33.exe

2013-11-17 18:09 - 2013-01-26 09:04 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001UA.job

2013-11-17 18:08 - 2010-05-31 13:40 - 01235174 _____ C:\Windows\WindowsUpdate.log

2013-11-17 18:02 - 2009-07-13 22:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-17 18:02 - 2009-07-13 22:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-17 17:50 - 2010-10-14 06:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-17 17:49 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-17 17:49 - 2009-07-13 22:51 - 00136063 _____ C:\Windows\setupact.log

2013-11-17 17:32 - 2013-11-17 17:12 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\69933140.sys

2013-11-17 17:32 - 2013-11-17 16:56 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\97672578.sys

2013-11-17 16:56 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-11-17 16:45 - 2013-11-17 16:45 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\CrashDumps

2013-11-17 16:44 - 2013-11-17 16:32 - 527145800 _____ C:\Users\Bob_Barb\Desktop\Scan2.txt

2013-11-17 13:09 - 2013-08-15 20:38 - 00000000 ____D C:\Users\Bob_Barb\Documents\Outlook Files

2013-11-17 08:41 - 2013-11-17 08:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2013-11-15 19:12 - 2013-11-15 19:12 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Desktop\esetsmartinstaller_enu.exe

2013-11-15 18:45 - 2012-09-11 05:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-11-15 18:24 - 2013-11-15 18:24 - 02347384 _____ (ESET) C:\Users\Bob_Barb\Downloads\esetsmartinstaller_enu.exe

2013-11-15 18:24 - 2013-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\ESET

2013-11-15 18:13 - 2010-05-31 13:37 - 00297026 _____ C:\Windows\PFRO.log

2013-11-15 05:29 - 2013-11-15 05:29 - 00028206 _____ C:\ComboFix.txt

2013-11-15 05:29 - 2013-11-14 18:44 - 00000000 ____D C:\Qoobox

2013-11-15 05:29 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default

2013-11-15 05:27 - 2013-11-14 18:44 - 00000000 ____D C:\Windows\erdnt

2013-11-15 05:26 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini

2013-11-14 18:59 - 2009-07-13 20:34 - 23330816 _____ C:\Windows\system32\config\system.bak

2013-11-14 18:59 - 2009-07-13 20:34 - 118489088 _____ C:\Windows\system32\config\software.bak

2013-11-14 18:59 - 2009-07-13 20:34 - 00786432 _____ C:\Windows\system32\config\default.bak

2013-11-14 18:59 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\security.bak

2013-11-14 18:59 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\sam.bak

2013-11-14 18:58 - 2013-04-15 16:01 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect

2013-11-14 18:41 - 2013-11-14 18:44 - 05147957 ____R (Swearware) C:\Users\Bob_Barb\Desktop\ComboFix.exe

2013-11-14 18:19 - 2013-11-14 18:19 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{0E661164-44D0-4FC5-81AA-3D834F88CC63}

2013-11-14 18:19 - 2010-06-08 08:44 - 00000000 ____D C:\Users\Bob_Barb\Tracing

2013-11-13 23:40 - 2013-11-13 23:40 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{B40B4C38-F482-403F-B410-F9CB9E0331E2}

2013-11-13 23:22 - 2013-11-13 23:18 - 00000000 ____D C:\Users\Bob_Barb\Desktop\RK_Quarantine

2013-11-13 23:20 - 2013-11-13 23:20 - 00002689 _____ C:\Users\Bob_Barb\Desktop\RKreport[0]_S_11132013_232040.txt

2013-11-13 21:49 - 2013-11-13 21:37 - 00000000 ____D C:\AdwCleaner

2013-11-13 21:43 - 2013-11-13 21:43 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\{1C6310D7-C532-4A1F-BC6F-18DC95FC5ACA}

2013-11-13 21:35 - 2013-11-13 21:35 - 00124613 _____ C:\Users\Bob_Barb\Desktop\JRT.txt

2013-11-13 17:23 - 2013-11-13 17:23 - 00000000 ____D C:\Windows\ERUNT

2013-11-13 17:20 - 2013-11-13 17:25 - 04118528 _____ C:\Users\Bob_Barb\Desktop\RogueKillerX64.exe

2013-11-13 17:20 - 2013-11-13 17:24 - 03643392 _____ C:\Users\Bob_Barb\Desktop\RogueKiller.exe

2013-11-13 17:14 - 2013-11-13 17:24 - 01085542 _____ C:\Users\Bob_Barb\Desktop\AdwCleaner.exe

2013-11-13 17:12 - 2013-11-13 17:23 - 01034531 _____ (Thisisu) C:\Users\Bob_Barb\Desktop\JRT.exe

2013-11-13 05:29 - 2013-11-13 05:31 - 00688992 ____R (Swearware) C:\Users\Bob_Barb\Desktop\dds.scr

2013-11-13 04:53 - 2013-11-11 19:55 - 00000462 _____ C:\rkill.log

2013-11-13 04:39 - 2012-12-24 09:55 - 00000000 ____D C:\Users\Bob_Barb\Documents\cats

2013-11-13 04:37 - 2012-08-24 04:51 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-13 04:37 - 2011-12-24 17:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-13 04:30 - 2010-06-04 20:34 - 00000000 ____D C:\Users\Bob_Barb

2013-11-13 00:08 - 2009-07-14 01:45 - 00000000 ____D C:\Program Files\Windows Journal

2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-11-13 00:08 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker

2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 __RSD C:\Windows\Media

2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries

2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\migwiz

2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing

2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\IME

2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Cursors

2013-11-13 00:08 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\System

2013-11-13 00:07 - 2013-11-08 19:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-13 00:07 - 2013-11-08 19:44 - 00000000 ____D C:\Program Files\iTunes

2013-11-13 00:07 - 2013-11-08 19:44 - 00000000 ____D C:\Program Files\iPod

2013-11-13 00:07 - 2013-03-13 05:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-11-13 00:07 - 2012-12-25 07:37 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Epson

2013-11-13 00:07 - 2012-12-21 15:19 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies

2013-11-13 00:07 - 2012-12-21 15:04 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software

2013-11-13 00:07 - 2012-12-21 14:59 - 00000000 ____D C:\Program Files\Common Files\EPSON

2013-11-13 00:07 - 2012-11-14 12:44 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2013-11-13 00:07 - 2012-05-28 08:51 - 00000000 ____D C:\ProgramData\FLEXnet

2013-11-13 00:07 - 2012-02-04 10:28 - 00000000 ____D C:\Program Files\Movie Maker

2013-11-13 00:07 - 2012-01-20 16:20 - 00000000 ____D C:\Program Files\Bonjour

2013-11-13 00:07 - 2011-07-25 08:07 - 00000000 ____D C:\Program Files\Bulk Rename Utility

2013-11-13 00:07 - 2011-07-19 05:09 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2013-11-13 00:07 - 2011-06-28 06:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-11-13 00:07 - 2011-03-08 16:04 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-11-13 00:07 - 2011-01-04 17:16 - 00000000 ____D C:\ProgramData\HP

2013-11-13 00:07 - 2010-08-02 17:33 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks

2013-11-13 00:07 - 2010-08-02 17:33 - 00000000 ____D C:\Users\Bob_Barb\AppData\Roaming\Juniper Networks

2013-11-13 00:07 - 2010-07-31 07:32 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-13 00:07 - 2010-06-14 11:10 - 00000000 ____D C:\ProgramData\eSellerate

2013-11-13 00:07 - 2010-06-05 06:42 - 00000000 ____D C:\ProgramData\McAfee

2013-11-13 00:07 - 2010-06-04 20:40 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-11-13 00:07 - 2010-06-04 20:34 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-11-13 00:07 - 2010-06-04 20:34 - 00000000 ___RD C:\Users\Bob_Barb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-11-13 00:07 - 2010-06-04 20:34 - 00000000 ____D C:\Users\Bob_Barb\AppData\Local\Hewlett-Packard

2013-11-13 00:07 - 2010-05-31 14:26 - 00000000 ____D C:\ProgramData\Norton

2013-11-13 00:07 - 2010-05-31 14:16 - 00000000 ____D C:\ProgramData\WildTangent

2013-11-13 00:07 - 2010-05-31 14:02 - 00000000 ____D C:\Program Files\PC-Doctor for Windows

2013-11-13 00:07 - 2010-05-31 13:56 - 00000000 ____D C:\ProgramData\Uninstall

2013-11-13 00:07 - 2010-05-31 13:56 - 00000000 ____D C:\ProgramData\CinemaNow

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\zh-CHT

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\zh-CHS

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\tr

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\sv

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\sk

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ru

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ro

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\pt

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\pl

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\no

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\nl

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ko

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\ja

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\it

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\hu

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\fr

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\fi

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\es

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\el

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\de

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\da

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\cs

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\Windows\SysWOW64\bg

2013-11-13 00:07 - 2010-05-31 13:50 - 00000000 ____D C:\ProgramData\Applications

2013-11-13 00:07 - 2010-05-31 13:49 - 00000000 ____D C:\Program Files\PlayReady

2013-11-13 00:07 - 2010-05-31 13:46 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2013-11-13 00:07 - 2010-05-31 13:44 - 00000000 __HDC C:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}

2013-11-13 00:07 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\restore

2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\spp

2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\Speech

2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Branding

2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat

2013-11-13 00:07 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-11-13 00:06 - 2013-11-08 19:44 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-13 00:06 - 2013-06-27 05:25 - 00000000 ____D C:\Program Files (x86)\Content Manager

2013-11-13 00:06 - 2013-06-21 18:56 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-11-13 00:06 - 2013-03-13 05:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-11-13 00:06 - 2012-12-21 15:13 - 00000000 ____D C:\Program Files (x86)\LTCM Client

2013-11-13 00:06 - 2012-01-20 16:20 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-11-13 00:06 - 2011-07-19 05:09 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-11-13 00:06 - 2011-03-08 16:04 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan

2013-11-13 00:06 - 2010-12-04 08:53 - 00000000 ____D C:\Program Files (x86)\Brother's Keeper 6

2013-11-13 00:06 - 2010-06-17 17:29 - 00000000 ____D C:\Program Files (x86)\Image Resizer

2013-11-13 00:06 - 2010-06-14 11:23 - 00000000 ____D C:\Program Files (x86)\BIAS

2013-11-13 00:06 - 2010-06-14 11:23 - 00000000 ____D C:\Binaries

2013-11-13 00:06 - 2010-06-05 06:45 - 00000000 ____D C:\Program Files (x86)\McAfee.com

2013-11-13 00:06 - 2010-05-31 14:20 - 00000000 ____D C:\Program Files (x86)\Windows Live

2013-11-13 00:06 - 2010-05-31 14:16 - 00000000 ____D C:\Program Files (x86)\HP Games

2013-11-13 00:06 - 2010-05-31 14:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Works

2013-11-13 00:06 - 2010-05-31 13:50 - 00000000 ____D C:\Program Files (x86)\Virtual Earth 3D

2013-11-13 00:06 - 2010-05-31 13:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Touch Pack for Windows 7

2013-11-13 00:06 - 2010-05-31 13:41 - 00000000 ____D C:\Program Files (x86)\hp

2013-11-13 00:06 - 2010-05-31 13:40 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

2013-11-13 00:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration

2013-11-12 23:52 - 2010-07-31 07:32 - 00000000 ___RD C:\MSOCache

2013-11-12 19:28 - 2013-11-12 06:14 - 00000000 ____D C:\Users\Bob_Barb\Downloads\mbar

2013-11-12 19:28 - 2009-07-14 01:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-11-12 06:30 - 2013-11-12 06:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-12 06:10 - 2013-11-13 04:36 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Bob_Barb\Desktop\mbam-setup-downloaded.exe

2013-11-12 05:27 - 2013-11-12 05:27 - 04101100 _____ C:\Users\Bob_Barb\Downloads\tdsskiller.zip

2013-11-11 20:01 - 2013-11-11 19:18 - 00009274 _____ C:\Windows\IE11_main.log

2013-11-11 20:00 - 2013-11-11 20:00 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1 (1).exe

2013-11-11 19:18 - 2013-11-11 19:18 - 02077392 _____ (Microsoft Corporation) C:\Users\Bob_Barb\Downloads\IE11-Windows6.1.exe

2013-11-11 16:23 - 2012-04-18 14:26 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBob_Barb

2013-11-11 16:23 - 2012-04-18 14:26 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForBob_Barb.job

2013-11-11 09:09 - 2013-01-26 09:04 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4271706789-1197537893-1666037796-1001Core.job

2013-11-10 08:49 - 2011-12-11 18:03 - 11403264 _____ C:\Users\Bob_Barb\Documents\KernewekCattery.accdb

2013-11-08 19:45 - 2013-11-08 19:45 - 00001745 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-10-31 16:24 - 2010-06-04 20:55 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

2013-10-30 05:13 - 2010-11-29 08:51 - 44568576 _____ C:\Users\Bob_Barb\Documents\Address.mdb

2013-10-29 17:11 - 2013-10-29 17:11 - 05572008 _____ (Fitbit Inc.) C:\Users\Bob_Barb\Downloads\FitbitConnect_Win_20131007_1.0.0.4065.exe

2013-10-22 17:09 - 2013-10-22 17:09 - 00070232 _____ C:\Users\Bob_Barb\Downloads\ScotlandsPeople.3385C93F-A0E2-4454-9ADC-C7D71CC0C558-D1922_495_00_0016Z.TIF

2013-10-19 16:24 - 2013-10-19 16:24 - 05064423 _____ C:\Users\Bob_Barb\Downloads\20131019_111935.mp4

Files to move or delete:

====================

C:\Windows\System32\mctadmin.exe

Some content of TEMP:

====================

C:\Users\Bob_Barb\AppData\Local\Temp\contentDATs.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-10 00:13

==================== End Of Log ============================

ADDITION