Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess Rootkit


  • This topic is locked This topic is locked
13 replies to this topic

#1 herbc0704

herbc0704

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 02 September 2013 - 04:53 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611
Run by Herbert Carty at 17:37:28 on 2013-09-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1982.948 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\BackOnTrack\App\BService.exe
c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Roxio 2011\5.0\CPMonitor.exe
C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Origin\Origin.exe
C:\Program Files\Roxio 2011\Roxio Burn\Roxio Burn.exe
C:\windows\system32\ArcVCapRender\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\SearchIndexer.exe
c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
c:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k bthsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\hewlett-packard\hp protecttools security manager\bin\DPAgent.exe,
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - c:\program files\vuze_remote\prxtbVuze.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [EADM] "c:\program files\origin\Origin.exe" -AutoStart
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DTRun] c:\program files\arcsoft\totalmedia suite\totalmedia theatre 3\uDTRun.exe
mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe
mRun: [HPQuickWebProxy] "c:\program files\hewlett-packard\hp quickweb\hpqwutils.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [MfeEpePcMonitor] "c:\program files\hewlett-packard\drive encryption\EpePcMonitor.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatchTray13.exe"
mRun: [CPMonitor] "c:\program files\roxio 2011\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2011\roxio burn\RoxioBurnLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{230F5570-3E29-4F45-9DE6-CF0AEF757100} : DHCPNameServer = 10.10.0.1
TCP: Interfaces\{70308434-A702-49E4-87C9-4DC5AF4AC374} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{70308434-A702-49E4-87C9-4DC5AF4AC374}\E41647572716C696374756E647 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages =  EpePcNp32 DPPassFilter scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpePc;MfeEpePc;c:\windows\system32\drivers\MfeEpePc.sys [2011-2-9 118472]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2013-7-5 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2013-7-5 15856]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2013-7-5 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\app\SaibSVC.exe [2009-6-2 457200]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-6-27 81920]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-1-6 138400]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-1-6 56480]
R2 BOT4Service;BOT4Service;c:\program files\roxio\backontrack\app\BService.exe [2010-7-14 32240]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2011-1-26 131128]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp daystarter\HPDayStarterService.exe [2011-1-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2011-2-7 320000]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2011-1-28 281656]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-1-26 26168]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-6-27 13336]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2010-11-29 210896]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-30 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-30 701512]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\hewlett-packard\drive encryption\eeagent\MfeEpeHost.exe [2011-2-9 1318912]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-5-3 1127448]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-5-3 113264]
R2 uArcCapture;ArcCapture;c:\windows\system32\arcvcaprender\uArcCapture.exe [2011-6-27 502464]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-6-27 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-1-21 2708784]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\drivers\ArcSoftVCapture.sys [2011-6-27 29760]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-1-6 34976]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-1-6 258720]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-1-6 24736]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-1-6 175776]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-1-6 49312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-1-6 141088]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-1-6 241824]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2011-1-12 36864]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-4-5 1094712]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-15 269824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-30 22856]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-3 322664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McAPExe;McAfee AP Service;"c:\program files\mcafee\msc\mcapexe.exe" --> c:\program files\mcafee\msc\McAPExe.exe [?]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-8-30 638976]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatch13.exe [2010-7-16 354288]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2011-3-7 62184]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2011-2-7 51048]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2011-2-3 464480]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-9-22 49088]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-7-28 1511872]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-1-31 144472]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-7-9 288056]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-7-9 80656]
S3 RoxMediaDB13;RoxMediaDB13;c:\program files\common files\roxio shared\13.0\sharedcom\RoxMediaDB13.exe [2010-7-16 1099248]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-9-26 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-9 1343400]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia suite\totalmedia theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2013-08-31 01:48:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-31 01:48:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-30 11:18:32 54016 ----a-w- c:\windows\system32\drivers\vnpuwq.sys
2013-08-30 11:02:11 -------- d-----w- C:\Stinger_Quarantine
2013-08-30 11:02:10 -------- d-----w- c:\program files\stinger
2013-08-30 00:35:32 -------- d-----w- c:\users\herbert carty\appdata\roaming\Malwarebytes
2013-08-30 00:35:27 -------- d-----w- c:\programdata\Malwarebytes
2013-08-30 00:35:14 -------- d-----w- c:\users\herbert carty\appdata\local\Programs
2013-08-29 23:04:28 -------- d-----w- c:\program files\common files\McAfee
2013-08-29 13:08:17 -------- d-----w- c:\programdata\spD7pDg7
2013-08-29 00:03:27 -------- d-----w- c:\programdata\hst
2013-08-22 13:27:15 -------- d-----w- c:\program files\iPod
2013-08-22 13:27:06 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-22 13:27:06 -------- d-----w- c:\program files\iTunes
2013-08-22 13:21:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-22 13:21:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-22 13:21:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-22 13:21:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-22 13:21:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2013-08-21 18:21:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 18:21:33 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-09 11:34:20 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-07-09 11:34:12 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-07-09 11:34:04 288056 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-06-24 14:52:54 33958 ----a-w- c:\programdata\uninstaller.exe
2013-06-08 11:13:19 2706432 ----a-w- c:\windows\system32\mshtml.tlb
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: TOSHIBA_ rev.MH00 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8323A000]<< >>UNKNOWN [0x895B7000]<< >>UNKNOWN [0x895A6000]<< >>UNKNOWN [0x8956B000]<< >>UNKNOWN [0x83203000]<< >>UNKNOWN [0x897E2000]<< >>UNKNOWN [0x88EAE000]<< >>UNKNOWN [0x8901C000]<< >>UNKNOWN [0x89408000]<< >>UNKNOWN [0x90C28000]<< >>UNKNOWN [0x98F00000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x83270BBA] -> \Device\Harddisk0\DR0[0x87707030]
\Driver\Disk[0x87704B08] -> IRP_MJ_CREATE -> 0x895BB39F
3 [0x895BB59E] -> ntkrnlpa!IofCallDriver[0x83270BBA] -> [0x87706C48]
\Driver\hpdskflt[0x85F55F38] -> IRP_MJ_CREATE -> 0x8956D056
5 [0x8956D136] -> ntkrnlpa!IofCallDriver[0x83270BBA] -> [0x87706020]
\Driver\SahdIa32[0x876C7620] -> IRP_MJ_CREATE -> 0x897E39FC
7 [0x897E3939] -> ntkrnlpa!IofCallDriver[0x83270BBA] -> [0x85FC3958]
\Driver\ACPI[0x8529B1B8] -> IRP_MJ_CREATE -> 0x88EB74CC
9 [0x88EB73D4] -> ntkrnlpa!IofCallDriver[0x83270BBA] -> \Device\Ide\IAAStorageDevice-1[0x85FD3028]
\Driver\iaStor[0x85FA7EC0] -> IRP_MJ_CREATE -> 0x8903F0F8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:38:59.84 ===============
 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 02 September 2013 - 05:13 PM


Hello herbc0704

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 herbc0704

herbc0704
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 03 September 2013 - 09:18 PM

ThanksGringo...I followed your directions please see attached files. 

 

 

# AdwCleaner v3.002 - Report created 03/09/2013 at 21:35:26
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Admin-HP
# Running from : D:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\visualbee
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Vid-Saver
Folder Deleted : C:\Program Files\Vuze_Remote
Folder Deleted : C:\Users\Herbert \AppData\Local\apn
Folder Deleted : C:\Users\Herbert \AppData\Local\Conduit
Folder Deleted : C:\Users\Herbert \AppData\Local\TempDir
Folder Deleted : C:\Users\Herbert \AppData\Local\Vid-Saver
Folder Deleted : C:\Users\HERBER~1\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Herbert \AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Herbert \AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Herbert \AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Herbert \AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Herbert \AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Kourtni \AppData\Local\visualbeeexe
Folder Deleted : C:\Users\Kourtni \AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Kourtni \AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kourtni \AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Kourtni \AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Kourtni \AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Herbert \AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
File Deleted : C:\Users\HERBER~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\user.js
File Deleted : C:\Users\Herbert \AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Kourtni \AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Herbert \AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Kourtni \AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B82E4E07-0E3E-41EC-91FC-CC8C0381AA50}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B82E4E07-0E3E-41EC-91FC-CC8C0381AA50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKCU\Software\a55dd8dbd34e949
Key Deleted : HKLM\SOFTWARE\a55dd8dbd34e949
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_paradise-pet-salon (1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_paradise-pet-salon (1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_paradise-pet-salon (2)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_paradise-pet-salon (2)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_paradise-pet-salon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_paradise-pet-salon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A02F66D8-B699-40BC-B0FD-D31BCD06DF43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A02F66D8-B699-40BC-B0FD-D31BCD06DF43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14DE85D9-ED0E-4C2A-A184-E9B6B57AB1BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DCF190F-9730-4501-8D4D-BE6E3264C514}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29121598-75BC-4ABF-AA10-B3222787FC32}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Product Deleted : Google Update Helper
Product Deleted : Shockwave Game Bar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16611

-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Herbert \AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

[ File : C:\Users\Kourtni \AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [13894 octets] - [03/09/2013 21:33:47]
AdwCleaner[S0].txt - [12057 octets] - [03/09/2013 21:35:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12118 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Professional x86
Ran by Herbert  on Tue 09/03/2013 at 21:41:43.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3735968620-3498481103-2295922049-1002\Software\SweetIM

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Herbert \AppData\Roaming\pccustubinstaller"

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\Herbert \appdata\local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/03/2013 at 21:43:27.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 herbc0704

herbc0704
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 03 September 2013 - 09:36 PM

The computer seems to connect to internet faster.  I tried downloading and installing my AV to computer the error message did show up  for .exe containing a virus.  I then downloaded it to a thumb drive and installed via the thumb drive. 



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 03 September 2013 - 09:49 PM


Hello herbc0704

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 herbc0704

herbc0704
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 04 September 2013 - 06:20 PM

ComboFix 13-09-04.04 - Herbert  09/04/2013  18:42:27.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1982.592 [GMT -4:00]
Running from: D:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{cd2f086c-6aeb-e44b-5cab-16eb34b17474}\9519~1\A535~1\E628~1\{cd2f086c-6aeb-e44b-5cab-16eb34b17474}\@
c:\programdata\uninstaller.exe
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-04 to 2013-09-04  )))))))))))))))))))))))))))))))
.
.
2013-09-04 22:58 . 2013-09-04 22:58 -------- d-----w- c:\users\Kourtni \AppData\Local\temp
2013-09-04 22:57 . 2013-09-04 22:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-04 22:57 . 2013-09-04 22:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-09-04 01:59 . 2013-09-04 01:59 -------- d-----w- c:\program files\McAfeeMOBK
2013-09-04 01:59 . 2010-04-14 00:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2013-09-04 01:59 . 2013-09-04 01:59 -------- d-----w- c:\program files\McAfee Online Backup
2013-09-04 01:59 . 2012-05-28 14:28 147472 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-09-04 01:59 . 2013-07-30 15:28 66296 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2013-09-04 01:59 . 2013-09-04 01:59 -------- d-----w- c:\users\Herbert \AppData\Local\McAfee File Lock
2013-09-04 01:58 . 2013-09-04 01:58 -------- d-----w- c:\program files\McAfee.com
2013-09-04 01:51 . 2013-08-07 16:59 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-09-04 01:41 . 2013-09-04 01:41 -------- d-----w- c:\windows\ERUNT
2013-09-04 01:33 . 2013-09-04 01:36 -------- d-----w- C:\AdwCleaner
2013-08-31 01:48 . 2013-08-31 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-31 01:48 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-30 11:32 . 2013-08-30 11:32 -------- d-----w- c:\users\Kourtni \AppData\Roaming\Malwarebytes
2013-08-30 11:18 . 2013-08-30 11:18 54016 ----a-w- c:\windows\system32\drivers\vnpuwq.sys
2013-08-30 11:02 . 2013-08-30 11:02 -------- d-----w- C:\Stinger_Quarantine
2013-08-30 11:02 . 2013-08-30 11:02 -------- d-----w- c:\program files\stinger
2013-08-30 00:35 . 2013-08-30 00:35 -------- d-----w- c:\users\Herbert \AppData\Roaming\Malwarebytes
2013-08-30 00:35 . 2013-08-30 00:35 -------- d-----w- c:\programdata\Malwarebytes
2013-08-30 00:35 . 2013-08-30 00:35 -------- d-----w- c:\users\Herbert \AppData\Local\Programs
2013-08-29 23:04 . 2013-09-04 02:13 -------- d-----w- c:\program files\Common Files\McAfee
2013-08-29 13:08 . 2013-08-30 01:05 -------- d-----w- c:\programdata\spD7pDg7
2013-08-29 00:03 . 2013-08-29 00:26 -------- d-----w- c:\programdata\hst
2013-08-22 13:27 . 2013-08-22 13:27 -------- d-----w- c:\program files\iPod
2013-08-22 13:27 . 2013-08-22 13:28 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-22 13:27 . 2013-08-22 13:28 -------- d-----w- c:\program files\iTunes
2013-08-22 13:21 . 2013-08-22 13:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-08-22 13:21 . 2013-08-22 13:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-08-22 13:21 . 2013-08-22 13:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-08-22 13:21 . 2013-08-22 13:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-08-22 13:21 . 2013-08-22 13:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-08-22 13:21 . 2013-08-22 13:21 -------- d-----w- c:\program files\QuickTime
2013-08-07 17:02 . 2013-08-07 17:02 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-08-07 16:59 . 2013-08-07 16:59 213232 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-08-07 16:56 . 2013-08-07 16:56 568632 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-08-07 16:55 . 2013-08-07 16:55 365224 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-08-07 16:55 . 2013-08-07 16:55 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-08-07 16:54 . 2013-08-07 16:54 235520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-08-07 16:53 . 2013-08-07 16:53 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 18:21 . 2012-04-04 01:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 18:21 . 2011-10-14 16:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-09 11:34 . 2013-07-09 11:34 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-07-09 11:34 . 2013-07-09 11:34 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-07-09 11:34 . 2013-07-09 11:34 288056 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-06-12 04:18 . 2013-07-10 15:27 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18E874BB-28B1-4BA0-935A-E60F835A0D25}\mpengine.dll
2013-06-08 11:13 . 2013-06-21 02:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files\Origin\Origin.exe" [2013-08-30 3549528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-02-04 2184488]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-01-07 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-01-07 302240]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 178200]
"DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-27 843868]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-02-09 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
"CPMonitor"="c:\program files\Roxio 2011\5.0\CPMonitor.exe" [2010-07-14 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-08-06 516912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-26 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.



#7 herbc0704

herbc0704
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 04 September 2013 - 06:31 PM

I still get themessage stating a virus is found in an .exe file when downloading



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 04 September 2013 - 10:08 PM


Hello herbc0704



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 herbc0704

herbc0704
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 05 September 2013 - 06:21 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2013
Ran by Herbert  (administrator) on HERBERT-HP on 05-09-2013 19:12:10
Running from D:\
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
() C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(ArcSoft, Inc.) C:\windows\system32\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Roxio 2011\5.0\CPMonitor.exe
() C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
() C:\Program Files\Roxio 2011\Roxio Burn\Roxio Burn.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(Portrait Displays, Inc) C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Hewlett-Packard Development Company L.P.) c:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2184488 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [QLBController] - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company)
HKLM\...\Run: [File Sanitizer] - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM\...\Run: [DTRun] - c:\Program Files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM\...\Run: [HPConnectionManager] - c:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM\...\Run: [HPQuickWebProxy] - c:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [76344 2011-02-10] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [843868 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [307184 2010-07-16] (Sonic Solutions)
HKLM\...\Run: [CPMonitor] - C:\Program Files\Roxio 2011\5.0\CPMonitor.exe [84464 2010-07-13] ()
HKLM\...\Run: [Desktop Disc Tool] - C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe [477680 2010-06-30] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-08-06] (McAfee, Inc.)
Winlogon\Notify\DeviceNP: DeviceNP.dll (Hewlett-Packard Company)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [3549528 2013-08-29] (Electronic Arts)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Guest\...\Run: [Facebook Update] - C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-12] (Facebook Inc.)
HKU\Guest\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2012-09-06] (Google Inc.)
HKU\Kourtni \...\Run: [Speech Recognition] - C:\windows\Speech\Common\sapisvr.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Kourtni \...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [ 2012-10-17] (Hewlett-Packard Co.)
HKU\Kourtni \...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2012-09-06] (Google Inc.)
HKU\Kourtni \...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-05-01] (Apple Inc.)
HKU\Kourtni \...\Run: [AS2014] - C:\ProgramData\spD7pDg7\spD7pDg7.exe [x]
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Kourtni \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Kourtni \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU -No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/webhp?source=search_app"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Herbert \AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.123.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (YouTube) - C:\Users\HERBER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (The Avengers) - C:\Users\HERBER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckfllifdbmfjehnombllbaojfdkmnpdm\1.7_0
CHR Extension: (Google Search) - C:\Users\HERBER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\HERBER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\HERBER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_3
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx

========================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 BOT4Service; C:\Program Files\Roxio\BackOnTrack\App\BService.exe [32240 2010-07-14] ()
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [313680 2011-02-11] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [246520 2010-09-30] (WildTangent, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [126520 2010-12-09] (Hewlett-Packard Company)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [131128 2011-01-26] (Hewlett-Packard Company)
R3 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard)
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [210896 2010-11-29] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145600 2013-08-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [638976 2013-08-05] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [172416 2013-08-07] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264 2011-01-18] (Portrait Displays, Inc.)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 RoxMediaDB13; C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [354288 2010-07-16] (Sonic Solutions)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-27] (IDT, Inc.)
R2 uArcCapture; C:\windows\system32\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 vcsFPService; C:\windows\system32\vcsFPService.exe [2708784 2011-01-21] (Validity Sensors, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] ()
S2 XobniService; C:\Program Files\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [29760 2010-11-11] (ArcSoft, Inc.)
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-01-06] (Atheros)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [258720 2011-01-06] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-01-06] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-01-06] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-01-06] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-01-06] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [241824 2011-01-06] (Atheros)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-08-07] (McAfee, Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [51048 2011-02-07] (Hewlett-Packard Company)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147472 2012-05-28] (McAfee, Inc.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [66296 2013-07-30] (McAfee, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133992 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235520 2013-08-07] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-08-07] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [118472 2011-02-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [365224 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [568632 2013-08-07] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [288056 2013-07-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80656 2013-07-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213232 2013-08-07] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1784192 2010-12-21] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\HERBER~1\AppData\Local\Temp\catchme.sys [x]
S3 MFE_RR; \??\C:\Users\HERBER~1\AppData\Local\Temp\mfe_rr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-04 19:15 - 2013-09-04 19:15 - 00023156 _____ C:\ComboFix.txt
2013-09-04 18:39 - 2010-11-07 13:20 - 00208896 _____ C:\windows\MBR.exe
2013-09-04 18:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-09-04 18:38 - 2013-09-04 19:15 - 00000000 ____D C:\ComboFix
2013-09-04 18:38 - 2011-06-26 02:45 - 00256000 _____ C:\windows\PEV.exe
2013-09-04 18:38 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-09-04 18:38 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-09-04 18:38 - 2000-08-30 20:00 - 00098816 _____ C:\windows\sed.exe
2013-09-04 18:38 - 2000-08-30 20:00 - 00080412 _____ C:\windows\grep.exe
2013-09-04 18:38 - 2000-08-30 20:00 - 00068096 _____ C:\windows\zip.exe
2013-09-04 18:33 - 2013-09-04 19:15 - 00000000 ____D C:\Qoobox
2013-09-04 18:33 - 2013-09-04 19:11 - 00000000 ____D C:\windows\erdnt
2013-09-03 22:00 - 2013-09-04 19:09 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-09-03 21:59 - 2013-09-03 21:59 - 00000000 ____D C:\Users\HERBER~1\AppData\Local\McAfee File Lock
2013-09-03 21:59 - 2013-09-03 21:59 - 00000000 ____D C:\Program Files\McAfeeMOBK
2013-09-03 21:59 - 2013-09-03 21:59 - 00000000 ____D C:\Program Files\McAfee Online Backup
2013-09-03 21:59 - 2013-07-30 11:28 - 00066296 _____ (McAfee, Inc.) C:\windows\system32\Drivers\McPvDrv.sys
2013-09-03 21:59 - 2012-05-28 10:28 - 00147472 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2013-09-03 21:59 - 2010-04-13 20:10 - 00054776 _____ (Mozy, Inc.) C:\windows\system32\Drivers\MOBK.sys
2013-09-03 21:58 - 2013-09-03 21:58 - 00000000 ____D C:\Program Files\McAfee.com
2013-09-03 21:51 - 2013-08-07 12:59 - 00172416 _____ (McAfee, Inc.) C:\windows\system32\mfevtps.exe
2013-09-03 21:43 - 2013-09-03 21:43 - 00001225 _____ C:\Users\Herbert \Desktop\JRT.txt
2013-09-03 21:41 - 2013-09-03 21:41 - 00000000 ____D C:\windows\ERUNT
2013-09-03 21:33 - 2013-09-03 21:36 - 00000000 ____D C:\AdwCleaner
2013-09-02 17:39 - 2013-09-02 17:39 - 00043706 _____ C:\Users\Herbert \Desktop\attach.txt
2013-09-02 17:39 - 2013-09-02 17:38 - 00022156 _____ C:\Users\Herbert \Desktop\dds.txt
2013-09-02 17:12 - 2013-09-02 17:12 - 00000995 _____ C:\Users\Herbert \Documents\checkup.txt
2013-08-30 21:48 - 2013-08-30 21:48 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-30 21:48 - 2013-08-30 21:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-30 21:48 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-30 20:49 - 2013-08-30 09:12 - 00001205 _____ C:\Users\Kourtni \Documents\FixNCR.reg
2013-08-30 20:45 - 2013-08-30 09:12 - 00001205 _____ C:\Users\Herbert \Desktop\FixNCR.reg
2013-08-30 07:32 - 2013-08-30 07:32 - 00000000 ____D C:\Users\Kourtni \AppData\Roaming\Malwarebytes
2013-08-30 07:18 - 2013-08-30 07:18 - 00054016 _____ C:\windows\system32\Drivers\vnpuwq.sys
2013-08-30 07:02 - 2013-08-30 07:02 - 00000000 ____D C:\Stinger_Quarantine
2013-08-30 07:02 - 2013-08-30 07:02 - 00000000 ____D C:\Program Files\stinger
2013-08-29 20:35 - 2013-08-29 20:35 - 00000000 ____D C:\Users\Herbert \AppData\Roaming\Malwarebytes
2013-08-29 20:35 - 2013-08-29 20:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 19:04 - 2013-09-03 22:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-08-29 11:59 - 2013-08-29 18:46 - 00000004 _____ C:\Users\Kourtni \AppData\Roaming\cache.ini
2013-08-29 09:08 - 2013-08-29 21:05 - 00000000 ____D C:\ProgramData\spD7pDg7
2013-08-28 20:03 - 2013-08-28 20:26 - 00000000 ____D C:\ProgramData\hst
2013-08-22 09:28 - 2013-08-22 09:28 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-22 09:27 - 2013-08-22 09:28 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-22 09:27 - 2013-08-22 09:28 - 00000000 ____D C:\Program Files\iTunes
2013-08-22 09:27 - 2013-08-22 09:27 - 00000000 ____D C:\Program Files\iPod
2013-08-22 09:21 - 2013-08-22 09:21 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-22 09:21 - 2013-08-22 09:21 - 00000000 ____D C:\Program Files\QuickTime
2013-08-07 13:02 - 2013-08-07 13:02 - 00060920 _____ (McAfee, Inc.) C:\windows\system32\Drivers\cfwids.sys
2013-08-07 12:59 - 2013-08-07 12:59 - 00213232 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfewfpk.sys
2013-08-07 12:56 - 2013-08-07 12:56 - 00568632 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfehidk.sys
2013-08-07 12:55 - 2013-08-07 12:55 - 00365224 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfefirek.sys
2013-08-07 12:55 - 2013-08-07 12:55 - 00065928 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfebopk.sys
2013-08-07 12:54 - 2013-08-07 12:54 - 00235520 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfeavfk.sys
2013-08-07 12:53 - 2013-08-07 12:53 - 00133992 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfeapfk.sys

==================== One Month Modified Files and Folders =======

2013-09-05 19:12 - 2013-09-05 19:12 - 00000000 ____D C:\FRST
2013-09-05 19:08 - 2011-06-27 10:12 - 01449771 _____ C:\windows\WindowsUpdate.log
2013-09-05 18:57 - 2009-07-14 00:34 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 18:57 - 2009-07-14 00:34 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 18:52 - 2012-09-06 07:28 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 18:52 - 2012-09-06 07:28 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-05 18:43 - 2012-03-24 11:06 - 00000000 __RSD C:\Users\Herbert \Documents\McAfee Vaults
2013-09-05 18:42 - 2012-03-11 18:03 - 00000000 ____D C:\Program Files\Origin
2013-09-05 18:42 - 2011-06-27 10:24 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-09-05 18:42 - 2011-05-03 13:30 - 00000000 ____D C:\ProgramData\PDFC
2013-09-05 18:41 - 2011-05-03 13:27 - 00000000 ____D C:\ProgramData\HPQLOG
2013-09-05 18:41 - 2009-07-14 00:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-05 18:41 - 2009-07-14 00:39 - 00077786 _____ C:\windows\setupact.log
2013-09-05 17:21 - 2012-04-03 21:55 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 10:22 - 2012-03-24 11:36 - 00000000 __RSD C:\Users\Kourtni \Documents\McAfee Vaults
2013-09-04 19:15 - 2013-09-04 19:15 - 00023156 _____ C:\ComboFix.txt
2013-09-04 19:15 - 2013-09-04 18:38 - 00000000 ____D C:\ComboFix
2013-09-04 19:15 - 2013-09-04 18:33 - 00000000 ____D C:\Qoobox
2013-09-04 19:13 - 2011-07-18 22:55 - 00000000 ____D C:\Users\HERBER~1\AppData\Local\CrashDumps
2013-09-04 19:11 - 2013-09-04 18:33 - 00000000 ____D C:\windows\erdnt
2013-09-04 19:09 - 2013-09-03 22:00 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-09-04 19:04 - 2009-07-13 22:04 - 00000215 _____ C:\windows\system.ini
2013-09-04 19:03 - 2009-07-13 22:03 - 65011712 _____ C:\windows\system32\config\SOFTWARE.bak
2013-09-04 19:03 - 2009-07-13 22:03 - 22544384 _____ C:\windows\system32\config\SYSTEM.bak
2013-09-04 19:03 - 2009-07-13 22:03 - 01048576 _____ C:\windows\system32\config\DEFAULT.bak
2013-09-04 19:03 - 2009-07-13 22:03 - 00262144 _____ C:\windows\system32\config\SECURITY.bak
2013-09-04 19:03 - 2009-07-13 22:03 - 00262144 _____ C:\windows\system32\config\SAM.bak
2013-09-04 18:33 - 2009-07-14 00:53 - 00032570 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-09-04 18:15 - 2012-03-24 10:51 - 00000000 ____D C:\ProgramData\McAfee
2013-09-03 22:13 - 2013-08-29 19:04 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-09-03 21:59 - 2013-09-03 21:59 - 00000000 ____D C:\Users\HERBER~1\AppData\Local\McAfee File Lock
2013-09-03 21:59 - 2013-09-03 21:59 - 00000000 ____D C:\Program Files\McAfeeMOBK
2013-09-03 21:59 - 2013-09-03 21:59 - 00000000 ____D C:\Program Files\McAfee Online Backup
2013-09-03 21:59 - 2012-03-24 11:05 - 00000000 ____D C:\Program Files\McAfee
2013-09-03 21:58 - 2013-09-03 21:58 - 00000000 ____D C:\Program Files\McAfee.com
2013-09-03 21:43 - 2013-09-03 21:43 - 00001225 _____ C:\Users\Herbert \Desktop\JRT.txt
2013-09-03 21:41 - 2013-09-03 21:41 - 00000000 ____D C:\windows\ERUNT
2013-09-03 21:36 - 2013-09-03 21:33 - 00000000 ____D C:\AdwCleaner
2013-09-03 21:35 - 2012-11-26 22:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-03 21:34 - 2011-05-03 13:00 - 00778644 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-03 20:59 - 2011-07-18 22:00 - 00000000 ____D C:\Users\Herbert \Documents\Bluetooth Folder
2013-09-02 17:39 - 2013-09-02 17:39 - 00043706 _____ C:\Users\Herbert \Desktop\attach.txt
2013-09-02 17:38 - 2013-09-02 17:39 - 00022156 _____ C:\Users\Herbert \Desktop\dds.txt
2013-09-02 17:12 - 2013-09-02 17:12 - 00000995 _____ C:\Users\Herbert \Documents\checkup.txt
2013-08-30 22:01 - 2009-07-14 00:52 - 00000000 ____D C:\windows\addins
2013-08-30 21:48 - 2013-08-30 21:48 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-30 21:48 - 2013-08-30 21:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-30 20:02 - 2012-02-12 21:42 - 00000000 ____D C:\Users\Kourtni \AppData\Local\CrashDumps
2013-08-30 09:12 - 2013-08-30 20:49 - 00001205 _____ C:\Users\Kourtni \Documents\FixNCR.reg
2013-08-30 09:12 - 2013-08-30 20:45 - 00001205 _____ C:\Users\Herbert \Desktop\FixNCR.reg
2013-08-30 07:32 - 2013-08-30 07:32 - 00000000 ____D C:\Users\Kourtni \AppData\Roaming\Malwarebytes
2013-08-30 07:18 - 2013-08-30 07:18 - 00054016 _____ C:\windows\system32\Drivers\vnpuwq.sys
2013-08-30 07:18 - 2009-07-14 00:52 - 00000000 ____D C:\windows\Performance
2013-08-30 07:02 - 2013-08-30 07:02 - 00000000 ____D C:\Stinger_Quarantine
2013-08-30 07:02 - 2013-08-30 07:02 - 00000000 ____D C:\Program Files\stinger
2013-08-29 23:17 - 2009-07-13 22:37 - 00000000 ____D C:\windows\Help
2013-08-29 21:05 - 2013-08-29 09:08 - 00000000 ____D C:\ProgramData\spD7pDg7
2013-08-29 20:35 - 2013-08-29 20:35 - 00000000 ____D C:\Users\Herbert \AppData\Roaming\Malwarebytes
2013-08-29 20:35 - 2013-08-29 20:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 18:46 - 2013-08-29 11:59 - 00000004 _____ C:\Users\Kourtni \AppData\Roaming\cache.ini
2013-08-29 18:37 - 2011-07-18 21:57 - 00142320 _____ C:\Users\HERBER~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 09:08 - 2012-09-06 07:27 - 00000000 ____D C:\Program Files\Google
2013-08-28 20:26 - 2013-08-28 20:03 - 00000000 ____D C:\ProgramData\hst
2013-08-28 11:43 - 2013-07-05 21:50 - 00000000 ____D C:\ProgramData\Sonic
2013-08-22 09:28 - 2013-08-22 09:28 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-22 09:28 - 2013-08-22 09:27 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-22 09:28 - 2013-08-22 09:27 - 00000000 ____D C:\Program Files\iTunes
2013-08-22 09:27 - 2013-08-22 09:27 - 00000000 ____D C:\Program Files\iPod
2013-08-22 09:27 - 2012-06-24 19:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-22 09:21 - 2013-08-22 09:21 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-22 09:21 - 2013-08-22 09:21 - 00000000 ____D C:\Program Files\QuickTime
2013-08-21 14:21 - 2012-04-03 21:55 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-08-21 14:21 - 2011-10-14 12:19 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-12 11:15 - 2012-10-07 21:16 - 00000000 ____D C:\Users\Kourtni \Documents\4S cases
2013-08-07 13:02 - 2013-08-07 13:02 - 00060920 _____ (McAfee, Inc.) C:\windows\system32\Drivers\cfwids.sys
2013-08-07 12:59 - 2013-09-03 21:51 - 00172416 _____ (McAfee, Inc.) C:\windows\system32\mfevtps.exe
2013-08-07 12:59 - 2013-08-07 12:59 - 00213232 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfewfpk.sys
2013-08-07 12:56 - 2013-08-07 12:56 - 00568632 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfehidk.sys
2013-08-07 12:55 - 2013-08-07 12:55 - 00365224 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfefirek.sys
2013-08-07 12:55 - 2013-08-07 12:55 - 00065928 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfebopk.sys
2013-08-07 12:54 - 2013-08-07 12:54 - 00235520 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfeavfk.sys
2013-08-07 12:53 - 2013-08-07 12:53 - 00133992 _____ (McAfee, Inc.) C:\windows\system32\Drivers\mfeapfk.sys

Files to move or delete:
====================
C:\Users\HERBER~1\AppData\Local\Temp\catchme.dll
C:\Users\Kourtni \AppData\Roaming\cache.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-09-01 14:40

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-09-2013
Ran by Herbert  at 2013-09-05 19:13:27
Running from D:\
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
599CD Welcome
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft TotalMedia (Version: 1.0.48.25)
ArcSoft TotalMedia (Version: 2.0.39.12)
ArcSoft Webcam Sharing Manager (Version: 2.0.0.30)
Argazki Galeria (Version: 16.4.3503.0728)
Atheros Driver Installation Program (Version: 9.2)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blasterball 3 (Version: 2.2.0.95)
Bluetooth Win7 Suite (Version: 7.02.000.55)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Build-a-Lot - The Elizabethan Era (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
D3DX10 (Version: 15.4.2368.0902)
Device Access Manager for HP ProtectTools (Version: 6.0.0.9)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Drive Encryption For HP ProtectTools (Version: 6.0.33.24411)
Energy Star Digital Logo (Version: 1.0.1)
Evernote v. 4.2.2 (Version: 4.2.2.3979)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
File Sanitizer For HP ProtectTools (Version: 6.0.0.8)
Galeria de Fotos (Version: 16.4.3503.0728)
Galería de fotos (Version: 16.4.3503.0728)
Galeria fotogràfica (Version: 16.4.3503.0728)
Galerie de photos (Version: 16.4.3503.0728)
Google Chrome (Version: 29.0.1547.66)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
HP 3D DriveGuard (Version: 4.1.4.1)
HP Auto (Version: 1.0.12494.3472)
HP Connection Manager (Version: 4.1.10.1)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP DayStarter (Version: 2.0.0.12)
HP Documentation (Version: 1.2.0.0)
HP ESU for Microsoft Windows 7 (Version: 1.1.11.1)
HP Game Console
HP Games (Version: 1.0.1.5)
HP HotKey Support (Version: 4.0.10.1)
HP Officejet 6700 Basic Device Software (Version: 28.0.1315.0)
HP Power Assistant (Version: 2.0.2.0)
HP ProtectTools Security Manager (Version: 6.00.888)
HP QuickWeb (Version: 3.0.0.9057)
HP Setup (Version: 8.5.4526.3645)
HP SoftPaq Download Manager (Version: 3.2.0.0)
HP Software Framework (Version: 4.0.112.1)
HP Software Setup (Version: 8.2.1.1)
HP Support Assistant (Version: 5.2.3.4)
HP System Default Settings (Version: 2.1.2)
HP Wallpaper (Version: 2.00)
HP Webcam Driver (Version: 5.8.50058.0)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
iCloud (Version: 2.1.2.8)
IDT Audio (Version: 1.0.6325.0)
Insaniquarium Deluxe (Version: 2.2.0.95)
Intel® Identity Protection Technology 1.0.71.0 (Version: 1.0.71.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2342)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
iTunes (Version: 11.0.5.5)
Jewel Quest II (Version: 2.2.0.95)
Jewel Quest Solitaire (Version: 2.2.0.95)
JMicron Flash Media Controller Driver (Version: 1.0.57.2)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 16.4.3503.0728)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Online Backup
McAfee Online Backup (Version: 1.16.4.0)
McAfee Total Protection (Version: 12.8.750)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires Expansion
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC90_CRT_x86 (Version: 1.0.0)
Movie Maker (Version: 16.4.3503.0728)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
Norton Internet Security (Version: 18.1.0.37)
Origin (Version: 9.1.15.109)
PDF Complete Special Edition (Version: 4.0.33)
Penguins! (Version: 2.2.0.95)
Photo Common (Version: 16.4.3503.0728)
Photo Gallery (Version: 16.4.3503.0728)
Plants vs. Zombies (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Privacy Manager for HP ProtectTools (Version: 6.00.831)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 1.12.0016)
Registry Easy v5.6 (Version: 5.6)
Roxio BackOnTrack (Version: 4.0)
Roxio BackOnTrackPE (Version: 4.0)
Roxio Burn - Secure (Version: 1.6)
Roxio CinePlayer (Version: 5.6)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator 2011 Pro (Version: 1.3.166)
Roxio Creator 2011 Pro (Version: 13.0)
Roxio Creator 2011 Pro (Version: 6.0.0)
Roxio PhotoShow (Version: 6.0)
Roxio Video Capture USB (Version: 1.22.0000)
SDK (Version: 2.24.025)
Shared C Run-time for x86 (Version: 10.0.0)
Skype™ 5.10 (Version: 5.10.116)
Slingo Deluxe (Version: 2.2.0.95)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.7)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
The Sims™ 3 (Version: 1.55.4)
The Sims™ 3 Ambitions (Version: 4.0.87)
The Sims™ 3 Fast Lane Stuff (Version: 5.0.44)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 High-End Loft Stuff (Version: 3.0.38)
The Sims™ 3 Late Night (Version: 6.0.81)
The Sims™ 3 Master Suite Stuff (Version: 11.0.84)
The Sims™ 3 Pets (Version: 10.0.96)
The Sims™ 3 Seasons (Version: 16.0.136)
The Sims™ 3 Showtime (Version: 12.0.273)
The Sims™ 3 Town Life Stuff (Version: 9.0.73)
The Sims™ 3 University Life (Version: 18.0.126)
Theft Recovery for HP ProtectTools (Version: 6.0.0.30)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Validity Fingerprint Sensor Driver (Version: 4.3.117.0)
VIP Access SDK (1.0.0.50)  (Version: 1.0.0.50)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Vuze (Version: 4.7)
Wedding Dash (Version: 2.2.0.95)
Windows Live (Version: 16.4.3503.0728)
Windows Live Communications Platform (Version: 16.4.3503.0728)
Windows Live Essentials (Version: 16.4.3503.0728)
Windows Live Family Safety (Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3503.0728)
Windows Live Mail (Version: 16.4.3503.0728)
Windows Live Messenger (Version: 16.4.3503.0728)
Windows Live MIME IFilter (Version: 16.4.3503.0728)
Windows Live Photo Common (Version: 16.4.3503.0728)
Windows Live PIMT Platform (Version: 16.4.3503.0728)
Windows Live SOXE (Version: 16.4.3503.0728)
Windows Live SOXE Definitions (Version: 16.4.3503.0728)
Windows Live UX Platform (Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
Windows Live Writer (Version: 16.4.3503.0728)
Windows Live Writer Resources (Version: 16.4.3503.0728)
WinZip 15.0 (Version: 15.0.9411)
Xobni (Version: 1.9.5.13282)
Xobni Core (Version: 1.0.0)
Zuma Deluxe (Version: 2.2.0.95)
 

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-13 22:04 - 2013-09-04 19:04 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1648A57D-CFE2-4DE1-8F59-B8ADAF63A6AC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {1F285540-F143-4A4E-858B-770FA64888B2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] ()
Task: {372CFC38-F257-46C2-AA71-ED59A7313447} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5DCA2035-F19C-4F47-88D9-5B6C54DCD126} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {694535DC-D546-4A0A-849B-77CCE9E9FE60} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {7BC7E481-995B-4E42-98C0-D617251FD217} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)
Task: {8D67503D-EDD2-4666-A64D-2E181A9D470F} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {9113737E-1D27-4809-AF6A-66882F29A3A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-09] (Hewlett-Packard Company)
Task: {9F9C279A-0410-4112-BBF5-7AADEE7EF2CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-09] (Hewlett-Packard Company)
Task: {CB22137F-F112-442E-8B87-42A7BEAACC96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-06-30 09:10 - 2010-06-30 09:10 - 00678384 _____ () C:\Program Files\Roxio 2011\Roxio Burn\RBVirtualFolder.dll
2011-02-03 23:58 - 2011-02-03 23:58 - 00173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2011-02-03 23:58 - 2011-02-03 23:58 - 00173352 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2011-06-27 10:29 - 2011-06-27 10:29 - 00077368 _____ (Hewlett-Packard Development Company L.P.) C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
2011-06-27 10:29 - 2011-06-27 10:29 - 00092728 _____ (Hewlett-Packard Development Company L.P.) C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
2011-01-28 18:26 - 2011-01-28 18:26 - 00013368 _____ (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\HandlersStrings.dll
2011-01-28 18:26 - 2011-01-28 18:26 - 00025656 _____ (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\CaslHotkey.dll
2011-01-26 21:14 - 2011-01-26 21:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2011-03-28 20:06 - 2011-03-28 20:06 - 00533048 _____ (Hewlett-Packard Development Company L.P.) c:\Program Files\Hewlett-Packard\Shared\CaslWmi.dll
2011-03-28 20:07 - 2011-03-28 20:07 - 00015416 _____ ( ) c:\Program Files\Hewlett-Packard\Shared\Interop.HPQWMIEXLib.dll
2011-03-28 20:07 - 2011-03-28 20:07 - 00066104 _____ (Hewlett-Packard Development Company L.P.) c:\Program Files\Hewlett-Packard\Shared\CaslSmBios.dll
2011-01-28 18:26 - 2011-01-28 18:26 - 00011320 _____ (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\Win32ScreenRotate.dll
2011-01-28 18:25 - 2011-01-28 18:25 - 00230456 _____ (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP HotKey Support\GenericVideoRotation.dll
2013-03-28 03:45 - 2013-03-28 03:45 - 00475648 _____ (Intel Corporation) C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
2013-03-28 03:45 - 2013-03-28 03:45 - 00014336 _____ (Intel Corp.) C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
2011-03-25 23:33 - 2011-03-25 23:33 - 00283648 _____ (Intel Corporation) C:\windows\system32\igfxrENU.lrc
2011-03-25 23:28 - 2011-03-25 23:28 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2011-02-10 20:43 - 2011-02-10 20:43 - 00016952 _____ (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickWeb\HPSWManagedDLL.dll
2011-02-10 20:21 - 2011-02-10 20:21 - 00053816 _____ (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickWeb\HP.Mobile.Shared.dll
2011-05-03 13:19 - 2011-05-03 13:19 - 00868864 _____ (HP) C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
2011-06-27 10:32 - 2011-01-27 05:52 - 04644864 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang.dll
2011-06-27 10:32 - 2011-01-27 05:52 - 00532480 ____N (IDT, Inc.) C:\windows\system32\stapi32.dll
2010-07-08 06:08 - 2010-07-08 06:08 - 04495856 _____ (Sonic Solutions) C:\Program Files\Roxio 2011\5.0\AS_Storage_w32.dll
2010-04-06 12:32 - 2010-04-06 12:32 - 04491760 _____ (Sonic Solutions) C:\Program Files\Roxio 2011\Roxio Burn\AS_Storage_w32.dll
2012-11-27 18:04 - 2012-10-16 03:39 - 00561664 _____ (Microsoft Corporation) C:\windows\AppPatch\AcLayers.DLL
2010-05-10 01:01 - 2010-05-10 01:01 - 00100848 _____ (Sonic Solutions) C:\Program Files\Common Files\PX Storage Engine\vxblock.dll
2010-07-02 10:01 - 2010-07-02 10:01 - 00117232 _____ (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\13.0\DLLShared\cdral.DLL
2012-05-30 20:06 - 2012-05-30 20:06 - 00053608 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01292136 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00923496 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 16303976 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00073064 _____ (Apple Inc.) C:\windows\system32\dnssd.dll
2010-06-30 09:10 - 2010-06-30 09:10 - 00645616 _____ () C:\Program Files\Roxio 2011\Roxio Burn\BBEngineAS.dll
2010-04-12 16:05 - 2010-04-12 16:05 - 00694768 _____ (Sonic Solutions) C:\Program Files\Roxio 2011\Roxio Burn\AS_Archive.dll
2010-06-25 14:11 - 2010-06-25 14:11 - 00631792 _____ (Sonic Solutions) c:\program files\common files\roxio shared\dllshared\homepermitsconfig13.dll
2010-05-19 13:55 - 2010-05-19 13:55 - 00190960 _____ (Roxio, Inc.) c:\program files\common files\roxio shared\dllshared\rsl.dll
2010-06-25 14:11 - 2010-06-25 14:11 - 00394224 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll
2010-05-19 13:55 - 2010-05-19 13:55 - 00186864 _____ (Sonic Solutions) c:\program files\common files\roxio shared\dllshared\rcsl.dll
2010-06-25 14:11 - 2010-06-25 14:11 - 00961008 _____ (Sonic Solutions) c:\program files\common files\roxio shared\dllshared\SonicHTTPClient13.dll
2010-06-25 14:11 - 2010-06-25 14:11 - 00712688 _____ (Sonic Solutions) c:\program files\common files\roxio shared\dllshared\SonicLicenseManager13.dll
2011-01-26 21:14 - 2011-01-26 21:14 - 00262712 _____ (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.dll
2011-01-26 21:13 - 2011-01-26 21:13 - 00080440 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-01-26 21:14 - 2011-01-26 21:14 - 00028728 _____ (Root-Project) C:\Program Files\Hewlett-Packard\HP Power Assistant\LocalizeExtension.dll
2011-01-26 20:35 - 2011-01-26 20:35 - 00007168 _____ ( ) C:\Program Files\Hewlett-Packard\HP Power Assistant\SDKCOMServerLib.dll
2011-01-26 21:13 - 2011-01-26 21:13 - 00047160 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2011-05-03 13:32 - 2011-01-26 20:34 - 00886272 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-04-05 14:13 - 2011-04-05 14:13 - 00854584 _____ (Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\HP.Mobile.dll
2011-04-05 14:18 - 2011-04-05 14:18 - 01919032 _____ (Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\hpUIFramework.dll
2011-04-05 14:13 - 2011-04-05 14:13 - 00054840 _____ (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\HP.Mobile.Shared.dll
2011-04-05 14:09 - 2011-04-05 14:09 - 00257536 _____ (Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\HP.Mobile.Resource.dll
2011-04-05 14:13 - 2011-04-05 14:13 - 00087608 _____ (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Connection Manager\HP.Mobile.Data.dll
2011-04-05 14:18 - 2011-04-05 14:18 - 00067128 _____ ( ) C:\Program Files\Hewlett-Packard\HP Connection Manager\Interop.hpCMSrv.dll
2011-04-05 14:15 - 2011-04-05 14:15 - 00116280 _____ (Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\en\HP.Mobile.Resource.resources.dll
2013-03-28 03:48 - 2013-03-28 03:48 - 00497664 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\e83a0f67b05bfc2b76d16faa08fc4cf4\System.Data.SQLite.ni.dll
2011-05-03 13:31 - 2011-05-03 13:31 - 00904704 _____ () C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-06-24 06:21 - 2010-06-24 06:21 - 00174080 _____ (http://sqlite.phxsoftware.com) C:\Program Files\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.Linq.dll
2011-05-03 13:32 - 2011-01-18 16:42 - 00309872 _____ (Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\WrapI2C.dll
2011-05-03 13:32 - 2011-01-18 16:42 - 00105072 _____ (Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\null.dll
2011-05-03 13:32 - 2011-01-18 16:42 - 00133744 _____ (Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\smsc.dll
2011-05-03 13:32 - 2011-01-18 16:42 - 00252528 _____ (Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdi_nv2.dll
2011-05-03 13:32 - 2011-01-18 16:42 - 00133744 _____ (Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdi_intel.dll
2011-05-03 13:32 - 2011-01-18 16:42 - 00158320 _____ (Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdi_ati2.dll

==================== Alternate Data Streams (whitelisted) ==========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2013 06:44:15 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {db8cbef1-04b4-4dad-a6b4-dfc2789f8d95}

Error: (09/05/2013 06:41:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: BService.exe, version: 0.0.0.0, time stamp: 0x4c3d9d16
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x7f4
Faulting application start time: 0xBService.exe0
Faulting application path: BService.exe1
Faulting module path: BService.exe2
Report Id: BService.exe3

Error: (09/05/2013 00:57:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/05/2013 10:20:10 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bd6b00d6-280d-4815-a310-7da40213f702}

Error: (09/05/2013 10:16:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: BService.exe, version: 0.0.0.0, time stamp: 0x4c3d9d16
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x748
Faulting application start time: 0xBService.exe0
Faulting application path: BService.exe1
Faulting module path: BService.exe2
Report Id: BService.exe3

Error: (09/04/2013 10:49:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: mcshield.exe, version: 1.1.2.118, time stamp: 0x51ff8e81
Faulting module name: lua_lib.dll, version: 1.1.2.114, time stamp: 0x51d54aa9
Exception code: 0xc0000005
Fault offset: 0x00006b1d
Faulting process id: 0xab0
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3

Error: (09/04/2013 10:49:42 PM) (Source: AVLogEvent) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005

Error: (09/04/2013 08:11:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/04/2013 07:31:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {93bd730a-22d6-42cc-82c9-4ab62a71badb}

Error: (09/04/2013 07:28:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: BService.exe, version: 0.0.0.0, time stamp: 0x4c3d9d16
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x78
Faulting application start time: 0xBService.exe0
Faulting application path: BService.exe1
Faulting module path: BService.exe2
Report Id: BService.exe3

System errors:
=============
Error: (09/05/2013 06:48:37 PM) (Source: DCOM) (User: )
Description: {20966775-18A4-4299-B8E3-772C336B52A7}

Error: (09/05/2013 06:46:53 PM) (Source: DCOM) (User: )
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

Error: (09/05/2013 06:44:06 PM) (Source: DCOM) (User: )
Description: {20966775-18A4-4299-B8E3-772C336B52A7}

Error: (09/05/2013 06:43:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/05/2013 06:41:55 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error:
%%5

Error: (09/05/2013 06:41:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (09/05/2013 06:41:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BOT4Service service to connect.

Error: (09/05/2013 10:23:13 AM) (Source: DCOM) (User: )
Description: {20966775-18A4-4299-B8E3-772C336B52A7}

Error: (09/05/2013 10:22:15 AM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (09/05/2013 10:19:12 AM) (Source: DCOM) (User: )
Description: {20966775-18A4-4299-B8E3-772C336B52A7}

Microsoft Office Sessions:
=========================
Error: (05/19/2013 06:27:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16279 seconds with 4980 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 74%
Total physical RAM: 1982.37 MB
Available physical RAM: 505.73 MB
Total Pagefile: 3964.73 MB
Available Pagefile: 2181.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:277.36 GB) (Free:167.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (USB DISK) (Fixed) (Total:1.87 GB) (Free:1.83 GB) FAT
Drive e: (HP_RECOVERY) (Fixed) (Total:15.44 GB) (Free:2.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32
Drive g: (AOE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 3C07E996)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=277 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C46FBC2D)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 05 September 2013 - 07:29 PM

Hello herbc0704



I need you to download this script I have made for you --> Attached File  fixlist.txt   445bytes   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 herbc0704

herbc0704
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 08 September 2013 - 09:11 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-09-2013
Ran by Herbert  at 2013-09-08 09:41:28 Run:1
Running from D:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\Kourtni \...\Run: [AS2014] - C:\ProgramData\spD7pDg7\spD7pDg7.exe [x]
S3 MFE_RR; \??\C:\Users\HERBER~1\AppData\Local\Temp\mfe_rr.sys [x]
2013-08-29 09:08 - 2013-08-29 21:05 - 00000000 ____D C:\ProgramData\spD7pDg7
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s

*****************

HKU\Kourtni \Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value not found.
MFE_RR => Service deleted successfully.
C:\ProgramData\spD7pDg7 => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Not Found
"C:\Windows\system64" => Not Found

=========  Dir /b /a:l "C:\Program Files" /s =========

C:\Program Files\Evernote\Evernote3.5

========= End of CMD: =========

==== End of Fixlog ====



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 08 September 2013 - 09:25 PM


Hello herbc0704

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.

    Hello XXX

    These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

    -AdwCleaner-

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    -Junkware-Removal-Tool-

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    When they are complete let me have the two reports and let me know how things are running.

    Gringo
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
I want you to poste the FRST.txt report into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 12 September 2013 - 09:52 PM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 18 September 2013 - 01:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users