Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspicious incoming connection blocked. And Artemis!B3C322F02778


  • This topic is locked This topic is locked
21 replies to this topic

#1 jones24

jones24

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 28 June 2013 - 01:07 AM

Friday of last week McAfee did it's weekly scheduled scan.  It discovered Artemis!B3C322F02778.  I was looking in security history and also discovered that there have been over 3100 Suspicious incoming network connections blocked over the previous 4 days, which is about 4 times a minute.

Since the I have run McAfee Stinger, 2 times it found Artemis!B3C322F02778, once after a system restore and another time after McAfee had been updated and was slow to start up.

After that I ran,  McAfee anti virus, Stinger, Superantispyware, spywareblaster, getsup, Malwarebytes, rootkitremover, hijackthis, FFS, minitoolbox,                  malwarebytes anti-rootkit, RKill, TFC, ADWcleaner, junkware removel tool, and ESEt online scanner.    Nothing suspicious was found.  And I am still getting Suspicious incoming connections blocked.

The logs are at this link:http://www.bleepingcomputer.com/forums/t/499073/suspicious-incoming-network-connection-blocked-artemisb3c322f02778/

 

 

I then ran DDS, here are the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.25.2
Run by James at 0:44:10 on 2013-06-28
Microsoft Windows 7 Home Premium   

6.1.7601.1.1252.1.1033.18.6135.3593 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated*

{ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated*

{16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44

-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-

924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin

\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Protexis\License Service

\PsiService_2.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo

X2\CorelIOMonitor.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility

\CNMNSUT.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant

\HPWAMain.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost

\McSvHost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k

NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel

\CLML\CLMLSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\McAPExe.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared

\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework

\hpsa_service.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-

4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee

\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} -

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet

Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:

\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE

\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-

A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-

2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor

\McIEPlg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-

988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar

\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-

86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion

\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\hpswp_BHO.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-

4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-

AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar

\3.0.0566.0\msneshellx.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-

4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-

516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor

\McIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-

1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-

CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart

Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-

CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart

Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\James\AppData\Local\Google

\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware

\SUPERAntiSpyware.exe
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel

\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard

\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files

(x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce

"Software\Hewlett-Packard\Media\Webcam"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon

IJ Network Scan Utility\CNMNSUT.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-

Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"

/runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple

\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software

Update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer

\Update\realsched.exe" -osboot
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent

\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe

\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime

\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes

\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files

\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs

\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth

Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:

\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files

\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files

\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files

\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-

48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital

Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all

domains' option.
.
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} -

hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/

framework/microsoft/wrc32.ocx
TCP: NameServer = 192.168.182.1
TCP: Interfaces\{6A2C3722-9467-4D84-96F4-10EC6AAFA767} :

DHCPNameServer = 192.168.182.1
TCP: Interfaces\{6A2C3722-9467-4D84-96F4-

10EC6AAFA767}\C696E6B6379737 : DHCPNameServer = 192.168.254.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-

786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -

c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:

\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program

Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier

\5.2.4204.1700\swg64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-

2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor

\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-

BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-

516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor

\x64\McIEPlg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP

\SynTPEnh.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin

\jusched.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-

i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-

786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5}

- c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -

c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla

\Firefox\Profiles\mf2prtpq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?

fr=mcafee&p=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader

\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX

\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive

\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater

\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin

\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor

\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight

\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media

Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer

\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App

\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin

\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin

\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop

\instances\0.9.7.1\nphdplg.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update

\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\Local\Yahoo!\BrowserPlus

\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer

\loader\npUnity3D32.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\plugins

\npgoogletalk.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\plugins

\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\plugins

\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director

\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-06-28 15:42; smartwebprinting@hp.com;

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers

\mfehidk.sys [2012-11-9 772944]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers

\mfewfpk.sys [2012-11-9 342416]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers

\RapportKE64.sys [2011-4-8 236688]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys

[2011-6-8 66040]
R1 RapportCerberus_53984;RapportCerberus_53984;C:\ProgramData

\Trusteer\Rapport\store\exts\RapportCerberus

\53984\RapportCerberus64_53984.sys [2013-6-26 588048]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer

\Rapport\bin\x64\RapportEI64.sys [2013-6-18 229040]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer

\Rapport\bin\x64\RapportPG64.sys [2013-6-18 357712]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware

\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware

\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware

\SASCore64.exe [2013-5-23 143120]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control

[2009/12/22 01:41:12];C:\Program Files (x86)\Hewlett-Packard

\Media\DVD\000.fcl [2009-12-22 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows

\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-

7-8 89600]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files

\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 HP Support Assistant Service;HP Support Assistant Service;C:

\Program Files (x86)\Hewlett-Packard\HP Support Framework

\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program

Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28

94264]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13

30520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:

\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012

-10-17 201304]
R2 McciCMService64;McciCMService64;C:\Program Files\Common

Files\Motive\McciCMService.exe [2010-7-9 517632]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files

\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4

221296]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common

Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common

Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files

\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common

Files\McAfee\AMCore\mcshield.exe [2013-1-4 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common

Files\McAfee\SystemCore\mfefire.exe [2013-1-4 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows

\System32\mfevtps.exe [2013-1-4 182752]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee

Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 RapportMgmtService;Rapport Management Service;C:\Program

Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-6

-18 1124632]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers

\btusbflt.sys [2010-4-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers

\btwl2cap.sys [2009-12-22 35104]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers

\cfwids.sys [2012-11-9 70112]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers

\enecir.sys [2009-6-29 70656]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers

\mfeavfk.sys [2012-11-9 309968]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers

\mfefirek.sys [2012-11-9 516608]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers

\mfencbdc.sys [2013-2-18 337120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BRDriver64;BRDriver64;C:\ProgramData\bitraider\BRDriver64.sys

[2013-4-14 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData

\bitraider\BRSptSvc.exe [2013-3-22 915736]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP

Quick Launch Buttons\Com4QLBEx.exe [2009-11-27 228408]
S3 GamesAppService;GamesAppService;C:\Program Files

(x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12

206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows

\System32\drivers\HipShieldK.sys [2013-4-5 197264]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20

140712]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers

\mfencrk.sys [2013-2-18 95856]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter

Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers

\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:

\Windows\System32\drivers\rdpvideominiport.sys [2013-3-4 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers

\Rt64win7.sys [2009-12-22 258560]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS

[2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS

[2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers

\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys

[2013-3-4 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows

\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:

\Windows\System32\Wat\WatAdminSvc.exe [2010-6-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers

\wdcsam64.sys [2008-5-6 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet

Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10

389120]
.
=============== Created Last 30 ================
.
2013-06-26 05:17:16    --------    d-----w-    C:

\Program Files (x86)\ESET
2013-06-26 04:55:23    --------    d-----w-    C:

\Windows\ERUNT
2013-06-26 04:54:20    --------    d-----w-    C:\JRT
2013-06-25 15:01:26    --------    d-----w-    C:

\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-25 14:05:09    9552976    ----a-w-    C:\ProgramData

\Microsoft\Windows Defender\Definition Updates\{A16D92A1-9E82-

4495-8A4F-B2CA09263015}\mpengine.dll
2013-06-24 20:56:28    --------    d-----w-    C:

\Users\James\AppData\Roaming\WildTangent
2013-06-23 06:26:36    --------    d-----w-    C:

\Users\James\AppData\Roaming\SUPERAntiSpyware.com
2013-06-23 06:26:19    --------    d-----w-    C:

\ProgramData\SUPERAntiSpyware.com
2013-06-23 06:26:19    --------    d-----w-    C:

\Program Files\SUPERAntiSpyware
2013-06-23 06:19:19    --------    d-----w-    C:

\ProgramData\Licenses
2013-06-23 06:19:12    129872    ----a-w-    C:\Windows

\SysWow64\MSSTDFMT.DLL
2013-06-23 06:19:10    --------    d-----w-    C:

\Program Files (x86)\SpywareBlaster
2013-06-23 06:14:24    --------    d-----w-    C:

\Program Files (x86)\stinger
2013-06-23 04:03:40    96168    ----a-w-    C:\Windows

\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 09:28:21    --------    d-----w-    C:

\Stinger_Quarantine
2013-06-22 08:35:41    --------    d-----w-    C:

\Users\James\AppData\Roaming\McAFee TechCheck
2013-06-22 08:32:30    --------    d-----w-    C:

\Users\James\AppData\Roaming\TechCheck
2013-06-12 06:03:13    1910632    ----a-w-    C:\Windows

\System32\drivers\tcpip.sys
2013-06-12 06:03:09    751104    ----a-w-    C:\Windows

\System32\win32spl.dll
2013-06-12 06:03:09    492544    ----a-w-    C:\Windows

\SysWow64\win32spl.dll
2013-06-12 06:02:40    30720    ----a-w-    C:\Windows

\System32\cryptdlg.dll
2013-06-12 06:02:39    24576    ----a-w-    C:\Windows

\SysWow64\cryptdlg.dll
2013-06-12 06:01:55    1424384    ----a-w-    C:\Windows

\System32\WindowsCodecs.dll
2013-06-12 06:01:55    1230336    ----a-w-    C:\Windows

\SysWow64\WindowsCodecs.dll
2013-06-12 06:01:22    1192448    ----a-w-    C:\Windows

\System32\certutil.exe
2013-06-12 06:01:21    903168    ----a-w-    C:\Windows

\SysWow64\certutil.exe
2013-06-12 06:01:20    1464320    ----a-w-    C:\Windows

\System32\crypt32.dll
2013-06-12 06:01:19    184320    ----a-w-    C:\Windows

\System32\cryptsvc.dll
2013-06-12 06:01:19    139776    ----a-w-    C:\Windows

\System32\cryptnet.dll
2013-06-12 06:01:19    1160192    ----a-w-    C:\Windows

\SysWow64\crypt32.dll
2013-06-12 06:01:18    140288    ----a-w-    C:\Windows

\SysWow64\cryptsvc.dll
2013-06-12 06:01:18    103936    ----a-w-    C:\Windows

\SysWow64\cryptnet.dll
2013-06-12 06:01:17    52224    ----a-w-    C:\Windows

\System32\certenc.dll
2013-06-12 06:01:17    43008    ----a-w-    C:\Windows

\SysWow64\certenc.dll
2013-06-12 06:00:24    1887232    ----a-w-    C:\Windows

\System32\d3d11.dll
2013-06-12 06:00:24    1505280    ----a-w-    C:\Windows

\SysWow64\d3d11.dll
2013-06-09 06:46:54    --------    d-----w-    C:

\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-07 08:06:58    --------    d-----w-    C:

\Program Files\iTunes
2013-06-07 08:06:58    --------    d-----w-    C:

\Program Files\iPod
2013-06-07 08:06:58    --------    d-----w-    C:

\Program Files (x86)\iTunes
2013-06-07 07:59:14    159744    ----a-w-    C:\Program

Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program

Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program

Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program

Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program

Files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-05 07:29:13    --------    d-----w-    C:

\Users\James\AppData\Local\InfiniteCrisis
2013-06-05 06:58:14    --------    d-----w-    C:

\Users\James\AppData\Local\Turbine
2013-06-05 06:58:14    --------    d-----w-    C:

\ProgramData\Turbine
2013-06-05 06:53:22    --------    d-----w-    C:

\Program Files (x86)\InfiniteCrisis
.
==================== Find3M  ====================
.
2013-06-27 04:40:52    71048    ----a-w-    C:\Windows

\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 04:40:52    692104    ----a-w-    C:\Windows

\SysWow64\FlashPlayerApp.exe
2013-06-23 04:03:29    867240    ----a-w-    C:\Windows

\SysWow64\npdeployJava1.dll
2013-06-23 04:03:29    789416    ----a-w-    C:\Windows

\SysWow64\deployJava1.dll
2013-06-18 20:14:30    236688    ----a-w-    C:\Windows

\System32\drivers\RapportKE64.sys
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows

\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows

\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows

\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows

\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows

\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows

\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows

\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows

\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows

\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows

\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows

\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows

\SysWow64\RegisterIEPKEYs.exe
2013-05-02 06:06:08    278800    ------w-    C:\Windows

\System32\MpSigStub.exe
2013-05-01 07:59:12    94208    ----a-w-    C:\Windows

\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12    69632    ----a-w-    C:\Windows

\SysWow64\QuickTime.qts
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows

\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows

\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows

\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows

\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows

\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows

\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows

\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows

\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows

\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows

\System32\win32k.sys
2013-04-04 18:50:32    25928    ----a-w-    C:\Windows

\System32\drivers\mbam.sys
2013-04-03 17:37:38    70112    ----a-w-    C:\Windows

\System32\drivers\cfwids.sys
2013-04-03 17:34:58    342416    ----a-w-    C:\Windows

\System32\drivers\mfewfpk.sys
2013-04-03 17:34:46    182752    ----a-w-    C:\Windows

\System32\mfevtps.exe
2013-04-03 17:33:06    772944    ----a-w-    C:\Windows

\System32\drivers\mfehidk.sys
2013-04-03 17:32:14    516608    ----a-w-    C:\Windows

\System32\drivers\mfefirek.sys
2013-04-03 17:31:36    309968    ----a-w-    C:\Windows

\System32\drivers\mfeavfk.sys
2013-04-03 17:31:14    179664    ----a-w-    C:\Windows

\System32\drivers\mfeapfk.sys
.
============= FINISH:  0:45:31.78 ===============

 

 

 

.
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/21/2010 5:56:57 PM
System Uptime: 6/27/2013 11:55:35 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 365C
Processor: Intel® Core™ i7 CPU       Q 720  @ 1.60GHz | CPU

| 1600/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 579 GiB total, 443.057 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.749 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP602: 6/16/2013 7:00:17 PM - Windows Backup
RP603: 6/18/2013 8:53:53 AM - Windows Update
RP604: 6/22/2013 3:11:01 AM - Installed Rapport
RP605: 6/22/2013 11:56:59 PM - Windows Update
RP606: 6/22/2013 11:59:39 PM - Installed Java 7 Update 25
RP607: 6/23/2013 12:05:14 AM - Windows Update
RP608: 6/23/2013 12:07:21 AM - Windows Backup
RP609: 6/23/2013 12:13:50 AM - Installed Rapport
RP610: 6/24/2013 7:48:04 AM - Windows Backup
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BBViewer
BitRaider Web Client
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Camfrog Video Chat 6.4
CamfrogWEB Advanced ActiveX Plugin (remove only)
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon MP560 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Compatibility Pack for the 2007 Office system
CopyTrans Suite Remove Only
Corel Paint Shop Pro Photo X2
Corel VideoStudio 12
CyberLink DVD Suite
DC Universe Online Live
DVD Menu Pack for HP MediaSmart Video
ENE CIR Receiver Driver
ESET Online Scanner v3
ESU for Microsoft Windows 7
Google Chrome
Google Talk Plugin
Google Updater
Hewlett-Packard ACLM.NET v1.1.1.0
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Integrated Module with Bluetooth wireless technology
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart SmartMenu
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Product Detection
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing 4.60
HP Support Assistant
HP Update
HP User Guides 0153
HP Wireless Assistant
Hulu Desktop
iCloud
IDT Audio
InfiniteCrisis
Intel® Matrix Storage Manager
iTunes
Java 7 Update 25
Java 7 Update 9 (64-bit)
Java Auto Updater
Java™ 6 Update 15 (64-bit)
Java™ 6 Update 37
Java™ SE Development Kit 6 Update 15 (64-bit)
JMicron Flash Media Controller Driver
LabelPrint
LibreOffice 3.3
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Marvel Heroes
McAfee Internet Security
McAfee Online Backup
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Mouse and Keyboard Center
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64

9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86

9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Windows Media Video 9 VCM
Microsoft Works
mIRC
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 311.00
NVIDIA Graphics Driver 311.00
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Update 1.11.3
NVIDIA Update Components
Pando Media Booster
PhotoNow!
Power2Go
PowerDirector
QLBCASL
QuickTime
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
RealUpgrade 1.1
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2804576)
Shared C Run-time for x64
SmartWebPrinting
SpywareBlaster 5.0
Star Trek Online
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update Installer for WildTangent Games App
VideoStudio
WildTangent Games App (HP Games)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009

6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009

6.2.0.9405)
Windows Driver Package - Broadcom HIDClass  (07/28/2009

6.2.0.9800)
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Sync
Windows Media Encoder 9 Series
Yahoo! BrowserPlus 2.9.8
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/28/2013 12:00:05 AM, Error: Service Control Manager [7038]  -

The nvUpdatusService service was unable to log on as .

\UpdatusUser with the currently configured password due to the

following error:  Logon failure: the specified account password

has expired. To ensure that the service is configured properly,

use the Services snap-in in Microsoft Management Console (MMC).
6/28/2013 12:00:05 AM, Error: Service Control Manager [7000]  -

The NVIDIA Update Service Daemon service failed to start due to

the following error:  The service did not start due to a logon

failure.
6/27/2013 2:06:55 AM, Error: Service Control Manager [7009]  - A

timeout was reached (30000 milliseconds) while waiting for the

McAfee Platform Services service to connect.
6/27/2013 2:06:55 AM, Error: Service Control Manager [7000]  -

The McAfee Platform Services service failed to start due to the

following error:  The service did not respond to the start or

control request in a timely fashion.
6/27/2013 2:06:54 AM, Error: Microsoft-Windows-DistributedCOM

[10005]  - DCOM got error "1053" attempting to start the service

mcpltsvc with arguments "" in order to run the server:

{20966775-18A4-4299-B8E3-772C336B52A7}
6/26/2013 7:44:10 AM, Error: Microsoft-Windows-DistributedCOM

[10005]  - DCOM got error "1084" attempting to start the service

McNaiAnn with arguments "" in order to run the server:

{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/26/2013 7:44:10 AM, Error: Microsoft-Windows-DistributedCOM

[10005]  - DCOM got error "1084" attempting to start the service

McNaiAnn with arguments "" in order to run the server:

{C90134D2-4AE9-407A-919A-4A2EF09C6C51}
6/26/2013 7:42:56 AM, Error: Service Control Manager [7001]  -

The Network List Service service depends on the Network Location

Awareness service which failed to start because of the following

error:  The dependency service or group failed to start.
6/26/2013 7:42:55 AM, Error: Microsoft-Windows-DistributedCOM

[10005]  - DCOM got error "1084" attempting to start the service

WSearch with arguments "" in order to run the server:

{9E175B6D-F52A-11D8-B9A5-505054503030}
6/26/2013 7:42:55 AM, Error: Microsoft-Windows-DistributedCOM

[10005]  - DCOM got error "1084" attempting to start the service

WSearch with arguments "" in order to run the server:

{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/26/2013 7:42:53 AM, Error: Microsoft-Windows-DistributedCOM

[10005]  - DCOM got error "1068" attempting to start the service

netprofm with arguments "" in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}
6/26/2013 7:42:53 AM, Error: Microsoft-Windows-DistributedCOM

[10005]  - DCOM got error "1068" attempting to start the service

netman with arguments "" in order to run the server: {BA126AD1-

2166-11D1-B1D0-00805FC1270E}
6/26/2013 7:42:51 AM, Error: Microsoft-Windows-DistributedCOM

[10005]  - DCOM got error "1084" attempting to start the service

EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
6/26/2013 7:42:45 AM, Error: Microsoft-Windows-DistributedCOM

[10005]  - DCOM got error "1084" attempting to start the service

ShellHWDetection with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}
6/26/2013 7:42:33 AM, Error: Service Control Manager [7026]  -

The following boot-start or system-start driver(s) failed to

load:  AFD DfsC discache mfehidk MOBKFilter NetBIOS NetBT

nsiproxy Psched RapportKE64 rdbss SASDIFSV SASKUTIL spldr tdx

vwififlt Wanarpv6 WfpLwf
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The Workstation service depends on the Network Store Interface

Service service which failed to start because of the following

error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The TCP/IP NetBIOS Helper service depends on the Ancillary

Function Driver for Winsock service which failed to start

because of the following error:  A device attached to the system

is not functioning.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The SMB MiniRedirector Wrapper and Engine service depends on the

Redirected Buffering Sub Sysytem service which failed to start

because of the following error:  A device attached to the system

is not functioning.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The SMB 2.0 MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start

because of the following error:  The dependency service or group

failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The SMB 1.x MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start

because of the following error:  The dependency service or group

failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The Network Store Interface Service service depends on the NSI

proxy service driver. service which failed to start because of

the following error:  A device attached to the system is not

functioning.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The Network Location Awareness service depends on the Network

Store Interface Service service which failed to start because of

the following error:  The dependency service or group failed to

start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The McAfee Validation Trust Protection Service service depends

on the McAfee Inc. mfehidk service which failed to start because

of the following error:  A device attached to the system is not

functioning.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The McAfee Proxy Service service depends on the McAfee Firewall

Core Service service which failed to start because of the

following error:  The dependency service or group failed to

start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The McAfee Personal Firewall Service service depends on the

Windows Firewall service which failed to start because of the

following error:  The dependency service or group failed to

start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The McAfee Firewall Core Service service depends on the McAfee

Validation Trust Protection Service service which failed to

start because of the following error:  The dependency service or

group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The McAfee Anti-Spam Service service depends on the McAfee

Firewall Core Service service which failed to start because of

the following error:  The dependency service or group failed to

start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The McAfee Anti-Malware Core service depends on the McAfee

Validation Trust Protection Service service which failed to

start because of the following error:  The dependency service or

group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The IP Helper service depends on the Network Store Interface

Service service which failed to start because of the following

error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The DNS Client service depends on the NetIO Legacy TDI Support

Driver service which failed to start because of the following

error:  A device attached to the system is not functioning.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  -

The DHCP Client service depends on the Ancillary Function Driver

for Winsock service which failed to start because of the

following error:  A device attached to the system is not

functioning.
.
==== End Of File ===========================
 


Edited by jones24, 28 June 2013 - 01:11 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 03 July 2013 - 01:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/499480 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jones24

jones24
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 03 July 2013 - 05:45 AM

1.  Nothing has changed since the first post.

2.  Logs below.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.25.2
Run by James at 6:35:48 on 2013-07-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.2951 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRA~1\McAfee\MSC\McAPExe.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
TCP: NameServer = 192.168.182.1
TCP: Interfaces\{6A2C3722-9467-4D84-96F4-10EC6AAFA767} : DHCPNameServer = 192.168.182.1
TCP: Interfaces\{6A2C3722-9467-4D84-96F4-10EC6AAFA767}\C696E6B6379737 : DHCPNameServer = 192.168.254.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\mf2prtpq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\nphdplg.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-28 04:18; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\mf2prtpq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: !HIDDEN! 2010-06-28 15:42; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 772944]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 342416]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-4-8 236688]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2011-6-8 66040]
R1 RapportCerberus_53984;RapportCerberus_53984;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [2013-6-26 588048]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-6-18 229040]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-6-18 357712]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/12/22 01:41:12];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-12-22 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-7-8 89600]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-17 201304]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-7-9 517632]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-1-4 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-1-4 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-4 182752]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-6-18 1124632]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-12-22 35104]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 70112]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 309968]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 516608]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-2-18 337120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BRDriver64;BRDriver64;C:\ProgramData\bitraider\BRDriver64.sys [2013-4-14 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\bitraider\BRSptSvc.exe [2013-3-22 915736]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-27 228408]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-4-5 197264]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-2-18 95856]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-4 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-22 258560]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-4 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-07-02 15:26:24    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2175A9A-39A1-4632-AF62-2B140E02C3A8}\mpengine.dll
2013-06-30 07:14:20    --------    d-----w-    C:\Program Files (x86)\BBViewer
2013-06-29 09:37:26    --------    d-----w-    C:\Users\James\AppData\Roaming\BBViewer
2013-06-26 05:17:16    --------    d-----w-    C:\Program Files (x86)\ESET
2013-06-26 04:55:23    --------    d-----w-    C:\Windows\ERUNT
2013-06-26 04:54:20    --------    d-----w-    C:\JRT
2013-06-25 15:01:26    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-24 20:56:28    --------    d-----w-    C:\Users\James\AppData\Roaming\WildTangent
2013-06-23 06:26:36    --------    d-----w-    C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
2013-06-23 06:26:19    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-06-23 06:26:19    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-06-23 06:19:19    --------    d-----w-    C:\ProgramData\Licenses
2013-06-23 06:19:12    129872    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2013-06-23 06:19:10    --------    d-----w-    C:\Program Files (x86)\SpywareBlaster
2013-06-23 06:14:24    --------    d-----w-    C:\Program Files (x86)\stinger
2013-06-23 04:03:40    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 09:28:21    --------    d-----w-    C:\Stinger_Quarantine
2013-06-22 08:35:41    --------    d-----w-    C:\Users\James\AppData\Roaming\McAFee TechCheck
2013-06-22 08:32:30    --------    d-----w-    C:\Users\James\AppData\Roaming\TechCheck
2013-06-12 06:03:13    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-12 06:03:09    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-06-12 06:03:09    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-06-12 06:02:40    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-06-12 06:02:39    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-06-12 06:01:55    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-06-12 06:01:55    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-12 06:01:22    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-06-12 06:01:21    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-06-12 06:01:20    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-06-12 06:01:19    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-06-12 06:01:19    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-06-12 06:01:19    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-06-12 06:01:18    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 06:01:18    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-06-12 06:01:17    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-06-12 06:01:17    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-06-12 06:00:24    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-06-12 06:00:24    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-06-09 06:46:54    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-07 08:06:58    --------    d-----w-    C:\Program Files\iTunes
2013-06-07 08:06:58    --------    d-----w-    C:\Program Files\iPod
2013-06-07 08:06:58    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-07 07:59:14    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-05 07:29:13    --------    d-----w-    C:\Users\James\AppData\Local\InfiniteCrisis
2013-06-05 06:58:14    --------    d-----w-    C:\Users\James\AppData\Local\Turbine
2013-06-05 06:58:14    --------    d-----w-    C:\ProgramData\Turbine
2013-06-05 06:53:22    --------    d-----w-    C:\Program Files (x86)\InfiniteCrisis
.
==================== Find3M  ====================
.
2013-06-27 04:40:52    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 04:40:52    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-23 04:03:29    867240    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-06-23 04:03:29    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-18 20:14:30    236688    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-02 06:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-04 18:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
.
============= FINISH:  6:37:35.20 ===============

 

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/21/2010 5:56:57 PM
System Uptime: 7/2/2013 11:58:41 PM (7 hours ago)
.
Motherboard: Hewlett-Packard |  | 365C
Processor: Intel® Core™ i7 CPU       Q 720  @ 1.60GHz | CPU | 1600/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 579 GiB total, 442.003 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.749 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP604: 6/22/2013 3:11:01 AM - Installed Rapport
RP605: 6/22/2013 11:56:59 PM - Windows Update
RP606: 6/22/2013 11:59:39 PM - Installed Java 7 Update 25
RP607: 6/23/2013 12:05:14 AM - Windows Update
RP608: 6/23/2013 12:07:21 AM - Windows Backup
RP609: 6/23/2013 12:13:50 AM - Installed Rapport
RP610: 6/24/2013 7:48:04 AM - Windows Backup
RP611: 6/28/2013 5:13:46 AM - Windows Update
RP612: 6/30/2013 11:20:43 PM - Windows Backup
RP613: 7/2/2013 11:25:48 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BBViewer
BitRaider Web Client
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Camfrog Video Chat 6.4
CamfrogWEB Advanced ActiveX Plugin (remove only)
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon MP560 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Compatibility Pack for the 2007 Office system
CopyTrans Suite Remove Only
Corel Paint Shop Pro Photo X2
Corel VideoStudio 12
CyberLink DVD Suite
DC Universe Online Live
DVD Menu Pack for HP MediaSmart Video
ENE CIR Receiver Driver
ESET Online Scanner v3
ESU for Microsoft Windows 7
Google Chrome
Google Talk Plugin
Google Updater
Hewlett-Packard ACLM.NET v1.1.1.0
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Integrated Module with Bluetooth wireless technology
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart SmartMenu
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Product Detection
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing 4.60
HP Support Assistant
HP Update
HP User Guides 0153
HP Wireless Assistant
Hulu Desktop
iCloud
IDT Audio
InfiniteCrisis
Intel® Matrix Storage Manager
iTunes
Java 7 Update 25
Java 7 Update 9 (64-bit)
Java Auto Updater
Java™ 6 Update 15 (64-bit)
Java™ 6 Update 37
Java™ SE Development Kit 6 Update 15 (64-bit)
JMicron Flash Media Controller Driver
LabelPrint
LibreOffice 3.3
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Marvel Heroes
McAfee Internet Security
McAfee Online Backup
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Mouse and Keyboard Center
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Windows Media Video 9 VCM
Microsoft Works
mIRC
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 311.00
NVIDIA Graphics Driver 311.00
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Update 1.11.3
NVIDIA Update Components
Pando Media Booster
PhotoNow!
Power2Go
PowerDirector
QLBCASL
QuickTime
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
RealUpgrade 1.1
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Shared C Run-time for x64
SmartWebPrinting
SpywareBlaster 5.0
Star Trek Online
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update Installer for WildTangent Games App
VideoStudio
WildTangent Games App (HP Games)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Sync
Windows Media Encoder 9 Series
Yahoo! BrowserPlus 2.9.8
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/3/2013 12:04:00 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/3/2013 12:04:00 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
7/3/2013 12:00:55 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
7/3/2013 12:00:55 AM, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/2/2013 11:03:11 AM, Error: Microsoft-Windows-HttpEvent [15011]  - Unable to create the error log file. Make sure that the error logging directory is correct.
6/27/2013 2:06:55 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
6/27/2013 2:06:55 AM, Error: Service Control Manager [7000]  - The McAfee Platform Services service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/27/2013 2:06:54 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7}
6/26/2013 7:44:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/26/2013 7:44:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}
6/26/2013 7:42:56 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:55 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/26/2013 7:42:55 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/26/2013 7:42:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/26/2013 7:42:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/26/2013 7:42:51 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/26/2013 7:42:45 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/26/2013 7:42:33 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache mfehidk MOBKFilter NetBIOS NetBT nsiproxy Psched RapportKE64 rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The McAfee Anti-Malware Core service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
6/26/2013 7:42:32 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
.
==== End Of File ===========================



3.  I DO NOT have my original windows cd available.



#4 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:37 AM

Posted 05 July 2013 - 02:58 PM

Hello jones24,

:welcome: to Bleeping Computer!

My name is whoabuddy and I will be assisting you today. Before we get started, please keep the following in mind while I am helping you to make things go easier and faster for both of us.


Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please do not attach logs or use code boxes, just copy and paste the text.

Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Also watch for items italicized or in green[/i], these entries are notes to help explain the process or common occurrences.

Please provide feedback about your experience as we go.

A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of headaches as we go along. For more information about backing up your system, please review the links in the first item of the Malware Removal Preparation Guide.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Please respond and acknowledge that you have read my introduction and I will begin reviewing your logs so we can get started!

Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#5 jones24

jones24
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 06 July 2013 - 12:08 AM

I am still having 3-4 suspicious incoming connections blocked every minute.  Yes I have read your introduction and am ready to get started.



#6 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:37 AM

Posted 06 July 2013 - 04:02 PM

Hello jones24,

Thank you for acknowledging my post. I can see you have run several tools and so far they prove inconclusive, so let's try a few tools with a little more power in regard to your system. The task below will need to be performed from an offline environment, so please make sure you print the instructions or have them available on another computer throughout the process. You will need a flash drive in order to perform this fix, please let me know if you do not have one available.

We need to run a scan with Farbar's Recovery Scan Tool: :spacer:
  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system (64-bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    - Restart the computer.
    - As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    - Use the arrow keys to select the Repair your computer menu item.
    - Select US as the keyboard language settings, and then click Next.
    - Select the operating system you want to repair, and then click Next.
    - Select your user account an click Next.
  • On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
    • Restart your computer
We need to run a scan with aswMBR:

After restarting your computer and logging in normally, please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
In your next post I need the following:
  • FRST.txt from FRST scan in Recovery Environment
  • aswMBR.txt from aswMBR scan in Normal Mode
  • status update - is there anything else you would like to add at this point?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#7 jones24

jones24
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 09 July 2013 - 02:10 PM

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01
Ran by SYSTEM on 09-07-2013 13:52:38
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-11-27] (Sun Microsystems, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-07] (IDT, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKLM-x32\...\Run: [Corel File Shell Monitor] - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] ()
HKLM-x32\...\Run: [HPCam_Menu] - "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454600 2013-02-28] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] - "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454600 2013-02-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\James\...\Run: [Google Update] - "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-06-28] (Google Inc.)
HKU\James\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2010-07-07] (Andrea Electronics Corporation)
S3 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [915736 2013-06-08] (BitRaider, LLC)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-09] ()
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-13] (Alcatel-Lucent)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [388680 2013-06-15] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-02-28] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-04-03] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-04-03] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1124632 2013-06-18] (Trusteer Ltd.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-07-07] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [75048 2013-06-08] (BitRaider)
S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [75048 2013-06-08] (BitRaider)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-04-03] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309968 2013-04-03] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [516608 2013-04-03] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [772944 2013-04-03] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [337120 2013-02-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95856 2013-02-18] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [342416 2013-04-03] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA))
S1 RapportCerberus_53984; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [588048 2013-06-25] ()
S1 RapportCerberus_53984; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [588048 2013-06-25] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [229040 2013-06-18] (Trusteer Ltd.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [229040 2013-06-18] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236688 2013-06-18] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357712 2013-06-18] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357712 2013-06-18] (Trusteer Ltd.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-16] (CyberLink Corp.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-16] (CyberLink Corp.)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 13:52 - 2013-07-09 13:52 - 00000000 ____D C:\FRST
2013-07-09 09:41 - 2013-07-09 09:41 - 00005126 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-07-09 09:40 - 2013-07-09 09:43 - 01776221 ____A (Farbar) C:\Users\James\Downloads\FRST64.exe
2013-07-08 18:49 - 2013-07-08 18:49 - 00000000 ____D C:\Program Files (x86)\BBViewer
2013-07-08 12:19 - 2013-07-08 16:33 - 00000640 ____A C:\Users\James\Downloads\Stinger_08072013_161919.html
2013-07-08 12:06 - 2013-07-08 12:17 - 11361824 ____A (McAfee Inc) C:\Users\James\Downloads\stinger32.exe
2013-07-08 09:51 - 2013-07-08 09:51 - 00003158 ____A C:\Users\James\Desktop\virus stuff.txt
2013-07-06 02:00 - 2013-07-06 02:00 - 00000764 ____A C:\Users\James\Desktop\JRT.txt
2013-07-03 02:33 - 2013-07-03 02:33 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds(1).com
2013-07-02 21:04 - 2013-07-02 21:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 19:36 - 2013-06-30 19:46 - 04396440 ____A (Piriform Ltd) C:\Users\James\Downloads\ccsetup403.exe
2013-06-29 01:37 - 2013-06-29 01:37 - 00000000 ____D C:\Users\James\AppData\Roaming\BBViewer
2013-06-29 01:36 - 2013-06-29 01:36 - 03617451 ____A C:\Users\James\Downloads\BBViewer-2.0.air
2013-06-27 20:57 - 2013-06-27 20:57 - 00014934 ____A C:\Users\James\Desktop\Attach.txt1.txt
2013-06-27 20:56 - 2013-06-27 20:56 - 00028306 ____A C:\Users\James\Desktop\DDS.txt1.txt
2013-06-27 20:45 - 2013-07-03 02:37 - 00028234 ____A C:\Users\James\Desktop\dds.txt
2013-06-27 20:45 - 2013-07-03 02:37 - 00015530 ____A C:\Users\James\Desktop\attach.txt
2013-06-27 20:40 - 2013-06-27 20:40 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2013-06-26 19:58 - 2013-06-26 19:58 - 00001858 ____A C:\Users\James\Documents\cc_20130626_235848.reg
2013-06-26 03:45 - 2013-06-26 05:54 - 00000647 ____A C:\Users\James\Desktop\Stinger_26062013_074506.html
2013-06-25 21:17 - 2013-06-25 21:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-25 21:16 - 2013-06-25 21:16 - 02347384 ____A (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu.exe
2013-06-25 20:55 - 2013-06-25 20:55 - 00000000 ____D C:\Windows\ERUNT
2013-06-25 20:54 - 2013-07-06 01:42 - 00000000 ____D C:\JRT
2013-06-25 20:53 - 2013-06-25 20:53 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\James\Desktop\JRT.exe
2013-06-25 20:40 - 2013-06-25 20:42 - 00006826 ____A C:\AdwCleaner[S1].txt
2013-06-25 20:36 - 2013-06-25 20:36 - 00448512 ____A (OldTimer Tools) C:\Users\James\Desktop\TFC.exe
2013-06-25 09:46 - 2013-06-25 11:01 - 00000643 ____A C:\Users\James\Desktop\Stinger_25062013_134602.html
2013-06-25 08:49 - 2013-06-25 08:49 - 00890988 ____A C:\Users\James\Downloads\SecurityCheck.exe
2013-06-25 08:34 - 2013-06-25 08:38 - 00002364 ____A C:\Users\James\Desktop\Rkill.txt
2013-06-25 08:33 - 2013-06-25 08:33 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\James\Desktop\rkill.exe
2013-06-25 07:01 - 2013-06-25 08:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-25 06:57 - 2013-06-25 06:57 - 00000000 ____D C:\Users\James\Desktop\mbar-1.06.0.1004
2013-06-25 06:55 - 2013-06-25 06:56 - 13399154 ____A C:\Users\James\Desktop\mbar-1.06.0.1004.zip
2013-06-25 06:28 - 2013-06-25 06:29 - 00032900 ____A C:\Users\James\Downloads\Result.txt
2013-06-25 06:24 - 2013-06-25 06:25 - 00760775 ____A (Farbar) C:\Users\James\Downloads\MiniToolBox.exe
2013-06-25 06:20 - 2013-06-25 06:25 - 00002273 ____A C:\Users\James\Downloads\FSS.txt
2013-06-25 06:19 - 2013-06-25 06:19 - 00355927 ____A (Farbar) C:\Users\James\Downloads\FSS.exe
2013-06-25 06:12 - 2013-06-25 06:15 - 00000643 ____A C:\Users\James\Desktop\Stinger_25062013_101238.html
2013-06-24 12:56 - 2013-06-24 12:56 - 00002406 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-06-24 12:56 - 2013-06-24 12:56 - 00000000 ____D C:\Users\James\AppData\Roaming\WildTangent
2013-06-24 09:41 - 2013-06-24 12:26 - 00000826 ____A C:\Users\James\Desktop\Stinger_24062013_134108.html
2013-06-24 03:56 - 2013-06-24 03:56 - 00016278 ____A C:\Users\James\Desktop\hijackthis.log
2013-06-24 03:53 - 2013-06-24 03:53 - 00015755 ____A C:\Users\James\Downloads\hijackthis.log
2013-06-24 03:51 - 2013-06-24 03:51 - 00388608 ____A (Trend Micro Inc.) C:\Users\James\Desktop\HijackThis.exe
2013-06-23 03:46 - 2013-06-23 03:46 - 00000780 ____A C:\Users\James\Documents\cc_20130623_074640.reg
2013-06-23 02:21 - 2013-06-23 03:03 - 00000641 ____A C:\Users\James\Desktop\Stinger_23062013_062154.html
2013-06-23 02:02 - 2013-06-23 02:02 - 00000050 ___RH C:\Users\James\Desktop\GetSusp.opt
2013-06-23 01:58 - 2013-06-23 01:58 - 00735397 ____N C:\Users\James\Desktop\gsusp_3189E6786369_062313_055832.zip
2013-06-23 01:54 - 2013-06-23 01:58 - 00001141 ____A C:\Users\James\Desktop\GetSusp.xml
2013-06-22 22:26 - 2013-06-22 22:26 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-22 22:26 - 2013-06-22 22:26 - 00000000 ____D C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
2013-06-22 22:26 - 2013-06-22 22:26 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-22 22:26 - 2013-06-22 22:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-22 22:24 - 2013-06-22 22:24 - 26260960 ____A (SUPERAntiSpyware.com) C:\Users\James\Downloads\SUPERAntiSpyware.exe
2013-06-22 22:19 - 2013-06-23 03:49 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-06-22 22:19 - 2013-06-22 22:19 - 00001043 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-06-22 22:19 - 2013-06-22 22:19 - 00000000 ____D C:\ProgramData\Licenses
2013-06-22 22:19 - 2009-03-24 08:52 - 00129872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2013-06-22 22:18 - 2013-06-22 22:18 - 04095448 ____A (BrightFort LLC                                              ) C:\Users\James\Downloads\spywareblastersetup50.exe
2013-06-22 22:16 - 2013-06-22 22:16 - 00000052 ___RH C:\Users\James\Downloads\GetSusp.opt
2013-06-22 22:15 - 2013-06-22 22:16 - 01517752 ____A (McAfee Inc.) C:\Users\James\Desktop\getsusp.exe
2013-06-22 22:14 - 2013-07-08 16:33 - 00000000 ____D C:\Program Files (x86)\stinger
2013-06-22 22:14 - 2013-06-22 22:14 - 11325472 ____A (McAfee Inc) C:\Users\James\Desktop\stinger32.exe
2013-06-22 20:05 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 20:05 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 20:05 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 20:05 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 20:05 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 20:05 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 20:05 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 20:05 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 20:05 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 20:05 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 20:05 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 20:05 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 20:03 - 2013-06-22 20:03 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-22 20:03 - 2013-06-22 20:03 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-22 20:02 - 2013-06-22 20:03 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-22 20:02 - 2013-06-22 20:03 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-22 18:05 - 2013-07-08 12:06 - 00000110 ___RH C:\Users\James\Desktop\Stinger.opt
2013-06-22 16:08 - 2013-06-22 18:05 - 00000645 ____A C:\Users\James\Desktop\Stinger_22062013_200859.html
2013-06-22 16:08 - 2013-06-22 16:08 - 00486148 ____A C:\Users\James\Desktop\runtime.dat
2013-06-22 03:35 - 2013-07-08 16:33 - 00000114 ___RH C:\Users\James\Downloads\Stinger.opt
2013-06-22 01:28 - 2013-07-08 12:18 - 00000000 ____D C:\Stinger_Quarantine
2013-06-22 01:28 - 2013-06-22 03:34 - 00000830 ____A C:\Users\James\Downloads\Stinger_22062013_052821.html
2013-06-22 01:27 - 2013-07-08 12:18 - 00490268 ____A C:\Users\James\Downloads\runtime.dat
2013-06-22 00:35 - 2013-06-22 00:35 - 00000000 ____D C:\Users\James\AppData\Roaming\McAFee TechCheck
2013-06-22 00:32 - 2013-06-22 00:35 - 00000000 ____D C:\Users\James\AppData\Roaming\TechCheck
2013-06-21 01:54 - 2013-06-21 03:09 - 00009884 ____A C:\Users\James\Desktop\MAA 12.2 cp.ods
2013-06-11 23:02 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 23:02 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 23:02 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 23:02 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 23:02 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-11 23:02 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-11 23:02 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 23:02 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-11 23:02 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 23:02 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-11 23:02 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 23:02 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 23:02 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 23:02 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-11 23:02 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-11 23:02 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 23:02 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-11 23:02 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 23:02 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-11 22:03 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 22:03 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 22:03 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 22:02 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 22:02 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 22:01 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 22:01 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 22:01 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 22:01 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 22:01 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 22:01 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 22:01 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 22:01 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 22:01 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 22:01 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 22:01 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-11 22:01 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 22:00 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-11 22:00 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-09 13:52 - 2013-07-09 13:52 - 00000000 ____D C:\FRST
2013-07-09 09:45 - 2009-12-22 01:27 - 01789503 ____A C:\Windows\WindowsUpdate.log
2013-07-09 09:43 - 2013-07-09 09:40 - 01776221 ____A (Farbar) C:\Users\James\Downloads\FRST64.exe
2013-07-09 09:41 - 2013-07-09 09:41 - 00005126 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-07-09 09:35 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 09:35 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 09:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 09:08 - 2010-06-28 10:51 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2992529811-3974644797-4099108840-1000UA.job
2013-07-09 09:08 - 2010-06-28 10:51 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2992529811-3974644797-4099108840-1000Core.job
2013-07-08 22:42 - 2010-09-01 00:49 - 00000000 ____D C:\Users\James\Desktop\New folder
2013-07-08 18:49 - 2013-07-08 18:49 - 00000000 ____D C:\Program Files (x86)\BBViewer
2013-07-08 18:49 - 2012-08-13 12:36 - 00000831 ____A C:\Users\Public\Desktop\BBViewer.lnk
2013-07-08 18:48 - 2010-07-19 01:44 - 00000000 ____D C:\Windows\Minidump
2013-07-08 18:43 - 2010-06-21 15:12 - 00000000 ____D C:\Users\James\AppData\Roaming\HpUpdate
2013-07-08 16:33 - 2013-07-08 12:19 - 00000640 ____A C:\Users\James\Downloads\Stinger_08072013_161919.html
2013-07-08 16:33 - 2013-06-22 22:14 - 00000000 ____D C:\Program Files (x86)\stinger
2013-07-08 16:33 - 2013-06-22 03:35 - 00000114 ___RH C:\Users\James\Downloads\Stinger.opt
2013-07-08 13:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-08 12:18 - 2013-06-22 01:28 - 00000000 ____D C:\Stinger_Quarantine
2013-07-08 12:18 - 2013-06-22 01:27 - 00490268 ____A C:\Users\James\Downloads\runtime.dat
2013-07-08 12:17 - 2013-07-08 12:06 - 11361824 ____A (McAfee Inc) C:\Users\James\Downloads\stinger32.exe
2013-07-08 12:06 - 2013-06-22 18:05 - 00000110 ___RH C:\Users\James\Desktop\Stinger.opt
2013-07-08 09:51 - 2013-07-08 09:51 - 00003158 ____A C:\Users\James\Desktop\virus stuff.txt
2013-07-08 09:34 - 2010-07-05 06:35 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-08 09:27 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 09:06 - 2010-06-21 13:57 - 00000000 ____D C:\users\James
2013-07-06 02:00 - 2013-07-06 02:00 - 00000764 ____A C:\Users\James\Desktop\JRT.txt
2013-07-06 01:42 - 2013-06-25 20:54 - 00000000 ____D C:\JRT
2013-07-04 15:30 - 2012-05-03 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 02:37 - 2013-06-27 20:45 - 00028234 ____A C:\Users\James\Desktop\dds.txt
2013-07-03 02:37 - 2013-06-27 20:45 - 00015530 ____A C:\Users\James\Desktop\attach.txt
2013-07-03 02:33 - 2013-07-03 02:33 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds(1).com
2013-07-02 21:04 - 2013-07-02 21:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 07:19 - 2010-07-05 04:47 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-30 19:48 - 2013-03-02 22:58 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-30 19:48 - 2013-03-02 22:58 - 00000000 ____D C:\Program Files\CCleaner
2013-06-30 19:46 - 2013-06-30 19:36 - 04396440 ____A (Piriform Ltd) C:\Users\James\Downloads\ccsetup403.exe
2013-06-29 22:09 - 2013-03-23 13:20 - 00000000 ____D C:\Users\James\AppData\Roaming\Awesomium
2013-06-29 21:32 - 2013-05-24 23:49 - 00001873 ____A C:\Users\Public\Desktop\Marvel Heroes.lnk
2013-06-29 01:37 - 2013-06-29 01:37 - 00000000 ____D C:\Users\James\AppData\Roaming\BBViewer
2013-06-29 01:36 - 2013-06-29 01:36 - 03617451 ____A C:\Users\James\Downloads\BBViewer-2.0.air
2013-06-28 21:53 - 2010-07-07 23:00 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForJames.job
2013-06-27 20:57 - 2013-06-27 20:57 - 00014934 ____A C:\Users\James\Desktop\Attach.txt1.txt
2013-06-27 20:56 - 2013-06-27 20:56 - 00028306 ____A C:\Users\James\Desktop\DDS.txt1.txt
2013-06-27 20:40 - 2013-06-27 20:40 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2013-06-27 20:17 - 2010-06-22 22:01 - 00000000 ____D C:\Users\James\AppData\Roaming\Mozilla
2013-06-26 20:40 - 2012-06-30 23:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-26 20:40 - 2012-06-30 23:41 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-26 20:39 - 2010-07-08 02:49 - 00000000 ____D C:\Users\James\AppData\Local\Adobe
2013-06-26 19:58 - 2013-06-26 19:58 - 00001858 ____A C:\Users\James\Documents\cc_20130626_235848.reg
2013-06-26 05:54 - 2013-06-26 03:45 - 00000647 ____A C:\Users\James\Desktop\Stinger_26062013_074506.html
2013-06-25 21:17 - 2013-06-25 21:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-25 21:16 - 2013-06-25 21:16 - 02347384 ____A (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu.exe
2013-06-25 20:55 - 2013-06-25 20:55 - 00000000 ____D C:\Windows\ERUNT
2013-06-25 20:53 - 2013-06-25 20:53 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\James\Desktop\JRT.exe
2013-06-25 20:42 - 2013-06-25 20:40 - 00006826 ____A C:\AdwCleaner[S1].txt
2013-06-25 20:36 - 2013-06-25 20:36 - 00448512 ____A (OldTimer Tools) C:\Users\James\Desktop\TFC.exe
2013-06-25 11:01 - 2013-06-25 09:46 - 00000643 ____A C:\Users\James\Desktop\Stinger_25062013_134602.html
2013-06-25 08:49 - 2013-06-25 08:49 - 00890988 ____A C:\Users\James\Downloads\SecurityCheck.exe
2013-06-25 08:38 - 2013-06-25 08:34 - 00002364 ____A C:\Users\James\Desktop\Rkill.txt
2013-06-25 08:33 - 2013-06-25 08:33 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\James\Desktop\rkill.exe
2013-06-25 08:29 - 2013-06-25 07:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-25 06:57 - 2013-06-25 06:57 - 00000000 ____D C:\Users\James\Desktop\mbar-1.06.0.1004
2013-06-25 06:56 - 2013-06-25 06:55 - 13399154 ____A C:\Users\James\Desktop\mbar-1.06.0.1004.zip
2013-06-25 06:29 - 2013-06-25 06:28 - 00032900 ____A C:\Users\James\Downloads\Result.txt
2013-06-25 06:25 - 2013-06-25 06:24 - 00760775 ____A (Farbar) C:\Users\James\Downloads\MiniToolBox.exe
2013-06-25 06:25 - 2013-06-25 06:20 - 00002273 ____A C:\Users\James\Downloads\FSS.txt
2013-06-25 06:19 - 2013-06-25 06:19 - 00355927 ____A (Farbar) C:\Users\James\Downloads\FSS.exe
2013-06-25 06:15 - 2013-06-25 06:12 - 00000643 ____A C:\Users\James\Desktop\Stinger_25062013_101238.html
2013-06-24 13:23 - 2009-11-27 13:57 - 00000000 ____D C:\ProgramData\WildTangent
2013-06-24 13:23 - 2009-11-27 13:57 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-06-24 13:11 - 2012-03-19 09:29 - 00000000 ___RD C:\Users\James\Desktop\junk
2013-06-24 12:56 - 2013-06-24 12:56 - 00002406 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-06-24 12:56 - 2013-06-24 12:56 - 00000000 ____D C:\Users\James\AppData\Roaming\WildTangent
2013-06-24 12:56 - 2011-08-27 21:23 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-06-24 12:26 - 2013-06-24 09:41 - 00000826 ____A C:\Users\James\Desktop\Stinger_24062013_134108.html
2013-06-24 03:56 - 2013-06-24 03:56 - 00016278 ____A C:\Users\James\Desktop\hijackthis.log
2013-06-24 03:53 - 2013-06-24 03:53 - 00015755 ____A C:\Users\James\Downloads\hijackthis.log
2013-06-24 03:51 - 2013-06-24 03:51 - 00388608 ____A (Trend Micro Inc.) C:\Users\James\Desktop\HijackThis.exe
2013-06-23 03:49 - 2013-06-22 22:19 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-06-23 03:46 - 2013-06-23 03:46 - 00000780 ____A C:\Users\James\Documents\cc_20130623_074640.reg
2013-06-23 03:03 - 2013-06-23 02:21 - 00000641 ____A C:\Users\James\Desktop\Stinger_23062013_062154.html
2013-06-23 02:02 - 2013-06-23 02:02 - 00000050 ___RH C:\Users\James\Desktop\GetSusp.opt
2013-06-23 01:58 - 2013-06-23 01:58 - 00735397 ____N C:\Users\James\Desktop\gsusp_3189E6786369_062313_055832.zip
2013-06-23 01:58 - 2013-06-23 01:54 - 00001141 ____A C:\Users\James\Desktop\GetSusp.xml
2013-06-23 01:18 - 2010-06-28 10:56 - 00002368 ____A C:\Users\James\Desktop\Google Chrome.lnk
2013-06-22 22:26 - 2013-06-22 22:26 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-22 22:26 - 2013-06-22 22:26 - 00000000 ____D C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
2013-06-22 22:26 - 2013-06-22 22:26 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-22 22:26 - 2013-06-22 22:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-22 22:24 - 2013-06-22 22:24 - 26260960 ____A (SUPERAntiSpyware.com) C:\Users\James\Downloads\SUPERAntiSpyware.exe
2013-06-22 22:19 - 2013-06-22 22:19 - 00001043 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-06-22 22:19 - 2013-06-22 22:19 - 00000000 ____D C:\ProgramData\Licenses
2013-06-22 22:18 - 2013-06-22 22:18 - 04095448 ____A (BrightFort LLC                                              ) C:\Users\James\Downloads\spywareblastersetup50.exe
2013-06-22 22:16 - 2013-06-22 22:16 - 00000052 ___RH C:\Users\James\Downloads\GetSusp.opt
2013-06-22 22:16 - 2013-06-22 22:15 - 01517752 ____A (McAfee Inc.) C:\Users\James\Desktop\getsusp.exe
2013-06-22 22:14 - 2013-06-22 22:14 - 11325472 ____A (McAfee Inc) C:\Users\James\Desktop\stinger32.exe
2013-06-22 20:03 - 2013-06-22 20:03 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-22 20:03 - 2013-06-22 20:03 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-22 20:03 - 2013-06-22 20:02 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-22 20:03 - 2013-06-22 20:02 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-22 20:03 - 2012-05-01 23:48 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-22 20:03 - 2010-06-22 15:32 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-22 20:02 - 2011-06-08 02:38 - 00000000 ____D C:\Program Files\McAfee
2013-06-22 19:50 - 2013-06-04 23:29 - 00000000 ____D C:\Users\James\Documents\InfiniteCrisis
2013-06-22 19:50 - 2013-03-22 00:26 - 00000000 ____D C:\ProgramData\bitraider
2013-06-22 19:46 - 2010-06-24 00:54 - 00000000 ____D C:\ProgramData\Real
2013-06-22 18:05 - 2013-06-22 16:08 - 00000645 ____A C:\Users\James\Desktop\Stinger_22062013_200859.html
2013-06-22 16:08 - 2013-06-22 16:08 - 00486148 ____A C:\Users\James\Desktop\runtime.dat
2013-06-22 03:34 - 2013-06-22 01:28 - 00000830 ____A C:\Users\James\Downloads\Stinger_22062013_052821.html
2013-06-22 00:35 - 2013-06-22 00:35 - 00000000 ____D C:\Users\James\AppData\Roaming\McAFee TechCheck
2013-06-22 00:35 - 2013-06-22 00:32 - 00000000 ____D C:\Users\James\AppData\Roaming\TechCheck
2013-06-21 03:09 - 2013-06-21 01:54 - 00009884 ____A C:\Users\James\Desktop\MAA 12.2 cp.ods
2013-06-19 05:53 - 2010-11-19 01:59 - 00000000 ____D C:\Users\James\AppData\Roaming\Camfrog
2013-06-18 12:14 - 2011-04-07 23:52 - 00236688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2013-06-12 23:35 - 2011-06-08 02:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-06-12 21:25 - 2009-09-06 17:57 - 00000000 ____D C:\Windows\Panther
2013-06-11 23:03 - 2010-06-21 16:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 22:28 - 2013-06-04 22:53 - 00000000 ____D C:\Program Files (x86)\InfiniteCrisis

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-28 01:14:10
Restore point made on: 2013-06-30 19:21:09
Restore point made on: 2013-07-02 07:26:09
Restore point made on: 2013-07-07 18:04:36
Restore point made on: 2013-07-08 18:43:51
Restore point made on: 2013-07-08 18:48:32

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 6134.87 MB
Available physical RAM: 5296.33 MB
Total Pagefile: 6133.02 MB
Available Pagefile: 5288.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:578.99 GB) (Free:446.4 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:16.89 GB) (Free:2.75 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive h: () (Removable) (Total:7.45 GB) (Free:4.01 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: DDE89CC3)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=579 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 6F20736B)
Partition 1: (Not Active) - (Size=544 GB) - (Type=72)
Partition 2: (Not Active) - (Size=923 GB) - (Type=65)
Partition 3: (Not Active) - (Size=923 GB) - (Type=79)
Partition 4: (Not Active) - (Size=27 MB) - (Type=0D)


LastRegBack: 2013-07-08 22:35

==================== End Of Log ============================

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-09 14:23:27
-----------------------------
14:23:27.594    OS Version: Windows x64 6.1.7601 Service Pack 1
14:23:27.595    Number of processors: 8 586 0x1E05
14:23:27.596    ComputerName: JAMES-PC  UserName: James
14:23:30.622    Initialize success
14:28:23.085    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:28:23.101    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
14:28:23.241    Disk 0 MBR read successfully
14:28:23.241    Disk 0 MBR scan
14:28:23.241    Disk 0 unknown MBR code
14:28:23.257    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
14:28:23.272    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       592882 MB offset 409600
14:28:23.303    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        17294 MB offset 1214631936
14:28:23.319    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 1250050048
14:28:23.475    Disk 0 scanning C:\Windows\system32\drivers
14:28:33.833    Service scanning
14:29:12.163    Modules scanning
14:29:12.178    Disk 0 trace - called modules:
14:29:12.272    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
14:29:12.802    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007206060]
14:29:12.802    3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8007059b10]
14:29:12.818    5 hpdskflt.sys[fffff88002086189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006362050]
14:29:12.833    Scan finished successfully
14:29:31.366    Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
14:29:31.397    The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"
 

As of right not there haven't been any suspicious incomming connections blocked today, but then again I am at home with slower internet.  At home I usually get about 13 incoming connections blocked an hour, usually clustered withing a few minutes and then go for an hour without any.  I get more when i am at work, that is when I usually get 4-5 a minute.



#8 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:37 AM

Posted 09 July 2013 - 09:03 PM

Hi jones24,

Thank you for the logs and additional information, I will review them and get back to you with our next steps.

Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#9 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:37 AM

Posted 10 July 2013 - 06:34 PM

Hi jones24,

I have good news - your log files look clean! The tools you ran before were being honest, and I think I can explain some of what you are seeing with McAfee.

First off, any detection labeled as "artemis" by McAfee is considered a heuristic detection, which is an attempt by your antivirus software to identify an unknown virus by a pattern of behavior that matches a certain set of criteria. Although this is something that is designed to protect you, it has the ability to detect false positives as well.

McAfee reference: https://community.mcafee.com/thread/2016

As of right not there haven't been any suspicious incomming connections blocked today, but then again I am at home with slower internet. At home I usually get about 13 incoming connections blocked an hour, usually clustered withing a few minutes and then go for an hour without any. I get more when i am at work, that is when I usually get 4-5 a minute.


Second, how long have you been monitoring the incoming connections on your computer? One thing I have learned after years of working with computers is that the closer you look, the more you see, which you can take down to sub-atomics! :crazy: What I mean by this is when we actually look at what's going on with our computers, or something like the "incoming connections" in our firewall, we may see a lot more information then what we originally expected. Does this mean anything abnormal is happening with your computer? Not necessarily, but if you are truly concerned I would advise contacting your ISP and asking them to change your IP address. This will prevent attackers from knowing your current location. According to Wikipedia, "spam averages 78% of all email sent", so you have to consider that a lot of incoming traffic needs to be blocked - hence the need for an updated firewall and antivirus.

We can still review the incoming connections to see what exactly is causing the issue, do you have access to view the logs in text format? Can you copy and paste the text in your next post?

Reference from McAfee forum post: https://community.mcafee.com/message/293751#293751

Now there are a few small things we still need to address, first is an NVidia driver issue. Nvidia creates a specialized user based on the hardware you have installed, but the password for the account expired, which we need to correct. Please follow the instructions below:

Nvidia account reference: http://nvidia.custhelp.com/app/answers/detail/a_id/3067/~/what-is-nvidia-updatususer%3F

We need to update the NVida UpdatusUser account:
  • On your keyboard, press the Windows Key + R, a run screen will appear
  • Type in the following text and press Enter: lusrmgr.msc
  • Click on Users on the left-hand side
  • Double-click on the account UpdatusUser
  • Uncheck User must change password at next logon
  • Check User cannot change password
  • Check Password never expires
  • Save the settings, close any open windows
  • On your keyboard, press the Windows Key + R, a run screen will appear
  • Type in the following text and press Enter: services.msc
  • Scroll down to the NVidia Update Service or similar
  • Right-click on the service and click Restart
We need to run a scan with Farbar's Recovery Scan Tool:

Please delete any copy of FRST.exe that you have now and download the latest version here and save it to your Desktop

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Although you will see references to a fix throughout these instructions, this particular action is just providing some additional information about your flash drive.
  • Insert your USB drive that you used in recovery mode
  • Click on the Start Orb, in the search box type: notepad
  • Click on Notepad, a blank text document will appear, copy and paste the entire text below into the document:
    SaveMbr: Drive=1
  • Click on File then Save As..., navigate to your Desktop
  • For the file name, enter: fixlist.txt and save the file
    Note: It is important that the file is named fixlist.txt so the tool will run, and it's also important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work
  • Run FRST/FRST64 and press the Fix button just once and wait
  • If the tool needs a restart please make sure you let the system to restart normally and let the tool completes its run after restart
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply
Note: If the tool warned you about the outdated version please download and run the updated version.

In your next post I need the following:
  • McAfee incoming connection log(s)
  • result of NVidia user account change
  • fixlist.txt from FRST script
  • attached MBRDUMP.TXT from FRST script
  • status update - is there anything else you would like to add at this point?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#10 jones24

jones24
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 11 July 2013 - 02:56 AM

I'll start with the comment about monitoring incomming connections.  A few weeks ago Mcafee did it's weekly scheduled virus scan.  It found the artemis trojan.  I closed the window without getting the name of what the trojan was.  I reopened mcafee and went to the history to get the name of the virus so I  could google it and that's when I saw the blocked incomming connections and they had just started a few days earler.  In the logs the only other "Events"  are blocked outgoing connections from windows media player from 10 months ago.

I see no way to view the logs in text format.  I can't copy and paste from the security history box that comes up.  I did a google search and didn't find any help.  I'll try again tomorrow and do the rest on the list later in the day.



#11 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:37 AM

Posted 14 July 2013 - 12:25 PM

Hi jones24,

Just checking in, were you able to follow the instructions I provided? Once we determine the logs are clean we can take a second look at the firewall and incoming connections.

I did a few searches as well and you were right, it sounds like the log files in the home version of McAfee are only available to view within the progam itself or by technical support. If you can take a screen shot of the description and upload it to a free image hosting site such as postimage.org, then link the image here, we can research the issue further.

If there is no reply in two days the topic will be closed.

Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#12 jones24

jones24
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 July 2013 - 01:10 PM

On the update NVidia step,  after I type lusrmgr.msc and hit enter, the local user and groups box comes up and it says in it  " this computer is running Window 7 Home Premium.  This snapin  may not be used with this version of windows.  To manage user accounts for this computer, use the User Accounts tool in the Control Panel."  When I go to User Accounts, I search for UpdatusUser and can't find it.


Edited by jones24, 15 July 2013 - 01:56 PM.


#13 jones24

jones24
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 July 2013 - 01:20 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2013
Ran by James at 2013-07-15 14:17:46 Run:1
Running from C:\Users\James\Desktop
Boot Mode: Normal
==============================================

MBRDUMP.txt is made successfully.

==== End of Fixlog ====



#14 jones24

jones24
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 July 2013 - 01:34 PM

Also I am apparently an idiot.  You want the MBRDUMP.TXT as an attachment.  I can't figure out how to do that.  There is no choose file or attach file button that I can find even though that's what the "Help" topics here said to use.



#15 jones24

jones24
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 July 2013 - 01:54 PM

http://postimg.org/image/gzpsq94qr/

http://postimg.org/image/kair3vk1v/

http://postimg.org/image/jm9wkxlc3/

http://postimg.org/image/om7csvqyr/

The first incoming connection blocked was on June 18,  I saw that when Artemis was found on June 22.  Apparently it only stores so many blocked connections in the logs because it only has 2500 which is only a few days worth.   WHich I guess that means it could have been doing this since I got the computer and I would only see a few days in the logs.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users