Jump to content

MBAM RootKit Not Active at Bootup--Why?


Recommended Posts

Running MBAM Premium (2.0.3.125) on Windows Vista.  For at least the last 2 days on first bootup, I've gotten an error message that the MBAM rootkit scanner was not able to load.  I've rebooted and MBAM runs (finding no risks), but the screen is then blank (dark) and I have to reboot again. 

 

I had to disable Norton 360 AV to download and run FRST.

 

I'd like to confirm if there is or is not any infection.  Thanks.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Donna and Larry (administrator) on DONNAANDLARR-PC on 05-11-2014 11:17:06
Running from C:\Users\Donna and Larry\Desktop
Loaded Profiles: Donna and Larry &  (Available profiles: Donna and Larry & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4136010648-1277825472-1809701594-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4136010648-1277825472-1809701594-1000\...\MountPoints2: {93fe0c44-324c-11e1-bf87-806e6f6e6963} - D:\Launch.exe
HKU\S-1-5-21-4136010648-1277825472-1809701594-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk
ShortcutTarget: AtHomeConnect.lnk -> C:\Program Files\AtHomeConnect\AtHomeConnect.exe (No File)
Startup: C:\Users\Donna and Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DECD8E4D413CF01
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
SearchScopes: HKCU - {BE1C6795-018A-473F-90E7-345F7315B9B3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=245FE547-0B22-4CD2-A20B-9D500F1D7B55&apn_sauid=E587A144-3C8C-4C01-BE31-169C132842E5
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\safesearch.xml
FF Extension: Garmin Communicator - C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-10]
FF Extension: NoScript - C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-31]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-29]

Chrome:
=======
CHR Profile: C:\Users\Donna and Larry\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141104.001\IDSvix86.sys [476888 2014-09-01] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141104.035\NAVENG.SYS [95704 2014-10-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141104.035\NAVEX15.SYS [1636696 2014-10-23] (Symantec Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [104120 2014-11-05] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1506000.020\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1506000.020\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-17] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1506000.020\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 yeddef; System32\Drivers\yeddef.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 11:17 - 2014-11-05 11:17 - 00017994 _____ () C:\Users\Donna and Larry\Desktop\FRST.txt
2014-11-05 11:16 - 2014-11-05 11:17 - 00000000 ____D () C:\FRST
2014-11-05 11:15 - 2014-11-05 11:15 - 01106432 _____ (Farbar) C:\Users\Donna and Larry\Desktop\FRST.exe
2014-11-05 09:59 - 2014-11-05 10:59 - 00104120 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2014-11-05 09:59 - 2014-11-05 10:59 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2014-11-04 08:22 - 2014-11-04 08:22 - 00000000 ____D () C:\NPE
2014-11-04 08:18 - 2014-11-05 10:59 - 00000000 ____D () C:\Users\Donna and Larry\AppData\Local\NPE
2014-11-04 08:15 - 2014-11-04 08:16 - 03060320 ____N (Symantec Corporation) C:\Users\Donna and Larry\Downloads\NPE.exe
2014-10-31 09:47 - 2014-10-31 09:47 - 00444293 _____ () C:\Users\Donna and Larry\Downloads\Rev_136_Miles_From_Larry_s_House(1).tcx
2014-10-31 09:47 - 2014-10-31 09:47 - 00402362 _____ () C:\Users\Donna and Larry\Downloads\32_miles_from_Debbie_Drive.tcx
2014-10-31 08:14 - 2014-10-31 16:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-30 10:39 - 2014-10-30 10:39 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-30 10:39 - 2014-10-30 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-30 10:39 - 2014-10-30 10:39 - 00000000 ____D () C:\Program Files\QuickTime
2014-10-30 10:36 - 2014-10-30 10:36 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-30 10:36 - 2014-10-30 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-30 10:35 - 2014-10-30 10:36 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-30 10:35 - 2014-10-30 10:36 - 00000000 ____D () C:\Program Files\iTunes
2014-10-30 10:35 - 2014-10-30 10:35 - 00000000 ____D () C:\Program Files\iPod
2014-10-25 06:41 - 2014-10-25 06:41 - 00890630 _____ () C:\Users\Donna and Larry\Downloads\63SimsB.tcx
2014-10-24 10:27 - 2014-10-24 10:27 - 01301881 _____ () C:\Users\Donna and Larry\Downloads\Tour_de_Manure_Plus_-_80_miles.tcx
2014-10-24 07:49 - 2014-10-24 07:49 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-24 07:49 - 2014-10-24 07:48 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-24 07:48 - 2014-10-24 07:48 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-24 07:48 - 2014-10-24 07:48 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-24 07:48 - 2014-10-24 07:48 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-24 07:48 - 2014-10-24 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-16 05:08 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 05:08 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 05:08 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 04:54 - 2014-09-27 18:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 04:27 - 2014-09-04 18:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 04:22 - 2014-09-16 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 17:17 - 2014-10-27 16:21 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-10-15 05:04 - 2014-09-19 17:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 05:04 - 2014-09-19 17:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 05:04 - 2014-09-19 17:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 05:04 - 2014-09-19 17:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 05:04 - 2014-09-19 17:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 05:04 - 2014-09-19 17:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 05:04 - 2014-09-19 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 05:04 - 2014-09-19 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 05:04 - 2014-09-19 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 05:04 - 2014-09-19 17:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 05:04 - 2014-09-19 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 05:04 - 2014-09-19 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 05:04 - 2014-09-19 17:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 05:04 - 2014-09-19 17:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 05:04 - 2014-09-19 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 05:04 - 2014-09-19 17:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 05:04 - 2014-09-19 17:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 05:04 - 2014-09-19 17:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 05:04 - 2014-09-19 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 05:04 - 2014-09-19 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 05:04 - 2014-09-19 17:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-11 09:50 - 2014-10-11 09:50 - 00011052 _____ () C:\Users\Donna and Larry\Documents\Copy of contact_list (Ben Canary Island 2014).xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 11:17 - 2012-04-21 10:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 10:37 - 2012-01-12 13:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 09:59 - 2006-11-02 07:52 - 01059629 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 09:55 - 2014-05-17 08:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 09:55 - 2012-01-12 13:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 09:55 - 2011-12-29 12:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-05 09:55 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 09:55 - 2006-11-02 07:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 09:55 - 2006-11-02 07:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 09:54 - 2006-11-02 08:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-04 10:20 - 2014-01-30 13:59 - 00000000 ____D () C:\Users\Donna and Larry\AppData\Roaming\HpUpdate
2014-11-04 08:18 - 2011-12-29 11:00 - 00000000 ____D () C:\ProgramData\Norton
2014-11-04 06:06 - 2006-11-02 05:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-01 07:44 - 2012-03-10 14:01 - 00000000 ____D () C:\ProgramData\pdf995
2014-11-01 06:21 - 2012-04-27 11:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-30 10:35 - 2014-09-16 08:54 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-30 10:35 - 2011-12-30 16:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-30 06:53 - 2011-12-29 13:46 - 00230150 _____ () C:\Windows\PFRO.log
2014-10-28 17:24 - 2014-04-21 22:01 - 00000000 ____D () C:\Users\Donna and Larry\Documents\Jeff Starr Photos 2014
2014-10-28 12:46 - 2012-01-12 13:05 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-24 07:54 - 2013-11-17 16:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-24 07:48 - 2011-12-29 18:01 - 00000000 ____D () C:\Program Files\Java
2014-10-24 07:31 - 2014-05-17 08:17 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 07:31 - 2014-05-17 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 07:31 - 2014-05-17 08:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-16 17:50 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 17:21 - 2006-11-02 07:47 - 00314744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 05:07 - 2011-12-29 13:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 04:45 - 2013-08-15 05:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 04:28 - 2006-11-02 05:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-06 12:51 - 2014-03-23 10:31 - 00000000 ____D () C:\Users\Donna and Larry\AppData\Local\CrashDumps

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 10:04

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Donna and Larry at 2014-11-05 11:18:09
Running from C:\Users\Donna and Larry\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AtHomeConnect version 1.0.1.0 (HKLM\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.0.1.0 - HRBlock)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
Elevated Installer (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Garmin City Navigator North America NT 2015.10 (HKLM\...\{FCDB42FC-A70B-4041-877F-D73E16DE4345}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator NorthAmerica NT 2013.30 Update (HKLM\...\{45C4E2EC-53D5-4190-B1A5-02B9BA732C3A}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
H&R Block Connecticut 2011 (HKLM\...\{732B5CC4-72BB-4D98-8F91-FA7FE6B920D6}) (Version: 1.11.3301 - HRB Technology, LLC.)
H&R Block Connecticut 2012 (HKLM\...\{764E1CA6-6C7E-43E9-85B9-4F65F49A7598}) (Version: 1.12.4001 - HRB Technology, LLC.)
H&R Block Connecticut 2013 (HKLM\...\{064D37C8-9C82-492F-B667-063015BE4398}) (Version: 1.13.4201 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2011 (HKLM\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
HP ENVY 4500 series Basic Device Software (HKLM\...\{790305ED-B75A-44E7-9B68-D5D737CCA03B}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Norton 360 (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.117 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (Version: 2.01.0600 - Seagate) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll No File
CustomCLSID: HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{1EF21888-3BD8-4064-BAD3-4BF694952652}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\WLPG.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points  =========================

16-10-2014 09:19:37 Windows Update
17-10-2014 00:51:26 Scheduled Checkpoint
24-10-2014 12:46:38 Installed Java 7 Update 71
25-10-2014 23:00:06 Scheduled Checkpoint
26-10-2014 13:20:26 Scheduled Checkpoint
27-10-2014 11:27:07 Scheduled Checkpoint
28-10-2014 17:12:22 Scheduled Checkpoint
29-10-2014 15:34:11 Scheduled Checkpoint
30-10-2014 14:01:32 Scheduled Checkpoint
31-10-2014 03:01:54 Scheduled Checkpoint
31-10-2014 15:38:23 Scheduled Checkpoint
01-11-2014 12:23:29 Scheduled Checkpoint
04-11-2014 00:15:50 Scheduled Checkpoint
04-11-2014 12:46:09 Scheduled Checkpoint
04-11-2014 14:09:35 Norton_Power_Eraser_20141104090935293
05-11-2014 05:00:07 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2011-12-30 10:12 - 00000098 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CA310C5-CE5A-4DE6-BDC8-FF1DCBB8517D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {1A74ED2B-7BAD-4C73-A7D8-933245BF2E85} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3785433B-AC2E-4187-A0D1-0EE5834026D8} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {6C0AFD17-257F-4232-B171-C696CC4D83A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8AB70746-05CF-4137-A3D2-6938F01E7B87} - System32\Tasks\HP AR Program Upload - 7a494d11330f4fd7842d74672a0e252f350763b83f764731825e0d2a7318d679 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {90E69DDE-3219-4F45-8494-54552C692DF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {9CEA66B9-03FB-4D49-ACA8-049FA0004E1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {C562A667-B24C-47D1-9FB3-F121B7F60297} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {DD9E9D4F-45F8-4DF6-9273-A9DE406EA30F} - System32\Tasks\HP AR Program Upload - a15a0d87f69746f5934241207e75d8315642a52b149f485bbe6cb060902dbb44 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {E3CBB6D6-8873-4E8D-930F-92F3FC62C853} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe
Task: {E927DA48-9D15-4686-BB82-61F3694F5D17} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FA98FC37-B19A-435C-8B41-5C643795B9BE} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-10 14:01 - 2012-03-10 14:01 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2011-12-29 13:16 - 2006-10-26 16:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2006-11-05 10:58 - 2006-11-05 10:58 - 00516096 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-31 08:14 - 2014-10-31 08:15 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Donna and Larry\Documents\.picasaoriginals:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\2006 Toyota Camry LE V6 Private Party Value kbb com.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Amex Concur Missing Payment.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Apple Chat 12-09-2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\ApplianceZone Part Receipt 11-05-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Autoanything Yakima Rack (via Skymiles Shopping) 11-22-10.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Avis First Free Gas.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Beth Israel Cemetery #2.PNG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Beth Israel Cemetery.PNG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Blu Ray List 1.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Blu Ray List 2.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Boat Cover Order 05-20-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Boat.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Capture.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Capture.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Cemetery Map #2.PNG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Cemetery Map.PNG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Crystal Lake Ride.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad 01-14-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad 2007 TurboTax Claim ScreenShot 07-14-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Amtrust Checking Opening 06-23-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Amtrust Savings Hx 11-10-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Bloomfield Ambulance July 17, 2009.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Peoples Transfer Nov 21, 2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Peoples Transfers July 23, 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Regions Transfer 043009.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad's Honda Edmunds Buyer.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad's Honda KBB Private Party.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Debbie #1_MG_8471.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Debbie #2_MG_8471.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Debbie #3_MG_8471.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Amex Platinum First  1000 Charges by Nov 15.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Amex Platinum First Transactions Nov 19, 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Amex Transfer Bonus Nov 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Birthday Offer 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Choice Benefits Dec 2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Hilton MQM Bonus Q4 2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 03-01-10.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 10-19-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 11-11-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 11-22-10.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 11-26-10.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 11-30-10.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Statement 06-25-09 Bonus.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Tampa Flights DXXWHU Dec 30 2010 With Seat Assignments.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Tampa Flights October 8 Original seating 06-02-10.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Tampa Flights October 8 Updated seating 06-02-10.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dicks Sporting Goods Online Receipt 07-16-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Amex Order May 26, 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Mags for Miles SI and Golf Digest 09-07-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Skymiles Magazine Atlantic and PC World Purchase (Delta Site Link)07-01-10.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Skymiles Magazine Bassin Purchase (Delta Site Link)07-14-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Skymiles Magazine Bassin Purchase 07-14-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Skymiles Magazine Sports Illustrated (Delta Site Link)07-01-10.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Skymiles Magazine Sports Illustrated (Delta Site Link)07-01-10.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\DSCF2688 Size Check.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\DSCF2717.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\eFax Messenger 4.4:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Elyse's LG 500 Cover Receipt PayPal 03-04-10.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\EMS Pickup 11-23-2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Etrade Transfer Confirm April 16, 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Fox Soccer Web Cap #2.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Fox Soccer Web Cap.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Goldminers Daughter Alta Reservation 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\GUAQCX Delta BDL-SLC Alta February 2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Double Miles July to Sep 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Double Points through June 30, 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Dusseldorf Nov 2.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Free Night Q4-2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Honors Bonus Q4 09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Honors Status 06-06-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Snapshot 12-11-2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton St. Louis Cancellation.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Status July 1, 2009 (20 nights, not 18).GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Honda Recall Brake Master Dec 23, 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Janus Cost Basis Ben Account Redemption.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Janus Coverdell Exchange 04012011 Ben.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\JUMP DRIVE BEN-06-02-08:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\June 2009 Atlanta Weekend.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Keeler Bay Chart.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Larry USAir Order Sears Kiplingers July 1, 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Macy's (Second time) for Lisa Dec 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Map.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\McAfee detect log 12-01-2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\MOVE Photos:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\My Documents:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\NWA as of Jan 28-2010.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\OneNote Notebooks:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\PartsTree Order 04-15-2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Peoples Transfer October 23, 2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Pic 1.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Pic 2.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Regions Address Change 1 07-02-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Regions Address Change 2 07-02-09.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Seabury.gif:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Seabury.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Shop Amex Ipad Order 12-099-2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Staples Rebate Ink 02-25-2011.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\TT 2007 Form List.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\TurboTax:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\TurboTax 2008 Receipt.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Ulead DVD MovieFactory:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\USAirways Dividend Miles 2009.GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\USAirways Dividend Miles 2010 (Mag purchase--activity July 2010).GIF:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\UTC Fidelity Status June 23, 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\UTC Fidelity Status Nov 13, 2010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Donna and Larry\Documents\Waksman Ketubah Excerpt.TIF:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4136010648-1277825472-1809701594-500 - Administrator - Disabled)
Donna and Larry (S-1-5-21-4136010648-1277825472-1809701594-1000 - Administrator - Enabled) => C:\Users\Donna and Larry
Guest (S-1-5-21-4136010648-1277825472-1809701594-501 - Limited - Enabled)
UpdatusUser (S-1-5-21-4136010648-1277825472-1809701594-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 04:53:14 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (10/16/2014 04:53:12 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (10/16/2014 04:40:05 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/16/2014 04:40:00 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (10/15/2014 09:51:37 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\security.cpp78800706e5

Error: (10/06/2014 00:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.3.5379, time stamp 0x54224e6b, faulting module mozalloc.dll, version 32.0.3.5379, time stamp 0x54221b67, exception code 0x80000003, fault offset 0x0000141b,
process id 0x1384, application start time 0xplugin-container.exe0.

Error: (10/02/2014 02:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.3.5379, time stamp 0x54224e6b, faulting module mozalloc.dll, version 32.0.3.5379, time stamp 0x54221b67, exception code 0x80000003, fault offset 0x0000141b,
process id 0x880, application start time 0xplugin-container.exe0.

Error: (10/02/2014 01:59:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DONNA AND LARRY\DOCUMENTS\MY DOCUMENTS\BETH AHM KOL\MEMORIAL PLAQUES AND YARZHEITS\KOL YARZHEITS JANUARY TO DECEMBER 2015 (REVISION OCT 02, 2014).DOC> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/16/2014 09:33:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Larry\032and\032Donna’s\032Library._home-sharing._tcp.local.; delaying announcement by 3 seconds

Error: (09/16/2014 09:32:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Larry\032and\032Donna’s\032Library._home-sharing._tcp.local.; delaying announcement by 2 seconds


System errors:
=============
Error: (11/05/2014 09:58:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (11/05/2014 09:58:28 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (11/05/2014 08:51:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (11/05/2014 08:51:14 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (11/05/2014 08:45:41 AM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_SMR430\0000 disappeared from the system without first being prepared for removal.

Error: (11/04/2014 09:17:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (11/04/2014 09:17:23 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (11/04/2014 09:15:51 AM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_SMR430\0000 disappeared from the system without first being prepared for removal.

Error: (11/04/2014 08:26:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (11/04/2014 08:26:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-05 11:17:37.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-05 11:17:37.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-05 11:17:37.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-05 11:17:37.267
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-05 11:17:29.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-05 11:17:28.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-05 11:17:28.703
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-05 11:17:28.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-05 11:17:21.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-05 11:17:20.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 64%
Total physical RAM: 2045.45 MB
Available physical RAM: 715.97 MB
Total Pagefile: 4334.16 MB
Available Pagefile: 2401.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.04 GB) (Free:120.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 48000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello dollysdad, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important file before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================

 

I do not believe your computer is infected. There's most likely an issue with your MBAM installation, which should be resolved with the use of MBAM Clean. 

 

Please temporarily disable Norton if you are unable to complete any of the steps below. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKU\S-1-5-21-4136010648-1277825472-1809701594-1000\...\MountPoints2: {93fe0c44-324c-11e1-bf87-806e6f6e6963} - D:\Launch.exeSearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=5SearchScopes: HKCU - {BE1C6795-018A-473F-90E7-345F7315B9B3} URL = http://websearch.ask...31-169C132842E5FF SearchEngineOrder.1: Ask.comFF Homepage: www.yahoo.comFF SearchPlugin: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\askcom.xmlFF SearchPlugin: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\safesearch.xmlCustomCLSID: HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll No FileCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

STEP 3
x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg MBAM Clean

  • Please read the following article on how to run MBAM Clean. 
  • (!) Ensure you follow the correct set of instructions depending on which version you have (Free or Premium).
  • Download and install the latest version of MBAM as per the instructions.  
  • Let me know how you get on, and if you are still experiencing issues with the programme or not. 
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • TDSSKiller log (attached)
  • Did the MBAM Clean process complete successfully? 
Link to post
Share on other sites

Adam--Thanks for your quick reply.  Good to hear that it's likely not an infection.

 

My name is Larry.

 

I have followed all your directions and will post the logs here...Needed two posts to do so.

 

After following steps 1 through 4--all looks good.  MBAM is back and enabled and it's in the task tray after startup.

 

Only one minor hiccup in the  MBAM Clean process...when running mbam-clean.exe, I got a popup about a file missing--qtaccessiblewidgets4.dll.  I clicked "yes" to the question "do you want to create it". Otherwise, it appeared to run without any problems.

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-11-2014
Ran by Donna and Larry at 2014-11-06 08:28:02 Run:1
Running from C:\Users\Donna and Larry\Desktop
Loaded Profile: Donna and Larry (Available profiles: Donna and Larry & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-4136010648-1277825472-1809701594-1000\...\MountPoints2: {93fe0c44-324c-11e1-bf87-806e6f6e6963} - D:\Launch.exe
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://websearch.ask...31-169C132842E5
FF SearchEngineOrder.1: Ask.com
FF Homepage: www.yahoo.com
FF SearchPlugin: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\safesearch.xml
CustomCLSID: HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

"HKU\S-1-5-21-4136010648-1277825472-1809701594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93fe0c44-324c-11e1-bf87-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{93fe0c44-324c-11e1-bf87-806e6f6e6963}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
"HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE1C6795-018A-473F-90E7-345F7315B9B3}" => Key deleted successfully.
"HKCR\CLSID\{BE1C6795-018A-473F-90E7-345F7315B9B3}" => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\safesearch.xml => Moved successfully.
"HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}" => Key deleted successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Echo Request, OK!
A reboot is required to complete this action.


========= End of CMD: =========

EmptyTemp: => Removed 429 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

Hi Larry, 
 
Lets do a couple more checks to confirm.
 
Please provide an update on your computer after completing the steps below. Are there any outstanding issues?
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

 
STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[s0].txt
  • MBAM Scan log
  • ESET Online Scan log
  • Are there any outstanding issues?
Link to post
Share on other sites

Adam,

 

All ran well...The shutdown process after running AdwCleaner got hung up, and I had to do a hard shutdown. 

 

MBAM found nothing (log copied in below)

 

No threats found by ESET Online Scan, so no log to include here.

 

All else looks OK.

 

 

# AdwCleaner v3.311 - Report created 06/11/2014 at 14:12:27
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Donna and Larry - DONNAANDLARR-PC
# Running from : C:\Users\Donna and Larry\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Donna and Larry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2119 octets] - [06/11/2014 14:08:21]
AdwCleaner[s0].txt - [2214 octets] - [06/11/2014 14:12:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2274 octets] ##########
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/6/2014
Scan Time: 4:10:58 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.06.09
Rootkit Database: v2014.11.01.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Donna and Larry

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342371
Time Elapsed: 14 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Staff

Excellent.

 

We need to update your vulnerable software to reduce the risk of reinfection. 

 

STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Shockwave Player 11.6
    • Java 7 Update 71
  • Follow the prompts, and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites

I will run through the above early Friday am and post the results. This evening I returned to the PC to find a Windows error message that "a problem caused MBAM to stop working correctly", but a right-click on the MBAM icon in the task-tray opened MBAM up only to find it running a scan.  I can't tell the order of occurence--if the scan started before I right-clicked or if the error message popped up before or after the scan started. 

Link to post
Share on other sites

  • Staff

Hi Larry, 

 

If you experience the error again, please run MBAM Clean.

 

I'll look out for your post on Friday with an update. 

 

x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg MBAM Clean

  • Please read the following article on how to run MBAM Clean. 
  • (!) Ensure you follow the correct set of instructions depending on which version you have (Free or Premium).
  • Download and install the latest version of MBAM as per the instructions.  
Link to post
Share on other sites

Adam,

 

I will keep this page bookmarked in case I need to go back to MBAM Clean again.

 

Updated the Adobe programs.

Surprised that Java was out-of-date.  I thought I had it on auto-update, and will monitor more closely from here on.

Firefox auto-updated and was on latest version.

Windows Updates were up-to-date.

Java is now disabled in browser.

 

The PC started up without any trouble today--and no error msg on MBAM.  Both MBAM and Norton 360 were operating from the bootup.
Only thing unusual is that it sometimes takes a pretty long time for programs to open once double-clicked.  Otherwise ok.
 

 

 

 Results of screen317's Security Check version 0.99.89  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version out of Date!
 Adobe Flash Player     15.0.0.189  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (33.0.3)
 Mozilla Thunderbird (31.2.0)
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Staff

Hello Larry, 
 
Unless you have a SSD (Solid State Drive), please perform a defrag. Instructions here.

 

Now for the good news!
 
All Clean!
Congratulations, your computer appears clean! :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), preventing your files from being encrypted.
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. :)    
Adam (LiquidTension).

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.