Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VuuPC installation infection


  • Please log in to reply
9 replies to this topic

#1 jimworzala

jimworzala

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 30 April 2014 - 07:29 PM

I have an infection that keeps popping back up every 20 mins or so even after I remove it using Malwarebytes. I have included the most recent Malwarebytes scan that was supposed to have removed everything and the files from a DDS scan. It keeps putting an icon on my desktop that says continue VuuPC installation even after Malwarebytes supposedly removes it and I delete the icon permanently. Then I get random popups that are for continuing the installation, even though I never click on the Icon. I know that it says to be patient, but I have to use this computer for work. I am unable to work until the infection is removed, so if I don't get a response soon, I may have to consult another source. Thanks in advance for any help you can give.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 05 May 2014 - 07:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/532883 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jimworzala

jimworzala
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 06 May 2014 - 11:38 AM

I had several programs infecting my computer including Mobogenie, OptimizerPro, PC Speed Maximizer, Block and Surf and VuuPC. While I was waiting for a response, I kept running Malwarebytes, SuperAntispyware and SpyBot Search and Destroy. Each was finding things and not removing everything at first, because when I would run the scan again, it would still find some of the same infections, even though I told it to remove them. At one point I got a popup when I started up that there were some startup programs blocked and I looked at the startup programs and blocked Mobogenie, Optimizer Pro and Block and Surf from startup to see if that would allow the malware scanners to remove them. I knew they were not things that I had purposely downloaded as their Icons started appearing on my desktop after all of the trouble started. After alternating several times with all of the scans, they started removing things and I was finally able to get all three to run and not find anything other than tracking cookies. I would like to verify that everything is removed now. If you need more details of what things were found, I can send copies of the log files, but, as I said, currently all three show the system as clean. Many, if not most of these scans were done in my main user account, but I have another user account that I set up for work. I tried to do all of the scans as administrator, so I hope that means they will be removed from both user accounts.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 07 May 2014 - 09:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#5 jimworzala

jimworzala
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 07 May 2014 - 10:18 PM

Here is the log from ADWCleaner:

 

# AdwCleaner v3.207 - Report created 07/05/2014 at 21:45:53
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Donna - JIMSPC
# Running from : C:\Users\Donna\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Service Deleted : SystemkService
[#] Service Deleted : vosr

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\Settings Manager
Folder Deleted : C:\Users\Workbooth\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Workbooth\AppData\Local\Temp\WiseEnhance
Folder Deleted : C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Workbooth\Documents\PC Speed Maximizer
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Workbooth\daemonprocess.txt
File Deleted : C:\Users\Workbooth\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\Users\Workbooth\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Workbooth\AppData\Roaming\Mozilla\Firefox\Profiles\fb45tffl.default\user.js
File Deleted : C:\Windows\System32\Tasks\PC Speed Maximizer Schedule

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3971509A-0559-40DB-AADC-49D263B9943E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3971509A-0559-40DB-AADC-49D263B9943E}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\FREE_SOFT_TODAY
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\linkey\ieexte~1\iedll.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\search~1\search~1\bin\spvc32~1.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\hv38l651.default\prefs.js ]

[ File : C:\Users\Workbooth\AppData\Roaming\Mozilla\Firefox\Profiles\fb45tffl.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "default-search.net");
Line Deleted : user_pref("browser.search.order.1", "default-search.net");
Line Deleted : user_pref("browser.search.selectedEngine", "default-search.net");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=492&aid=100&itype=n&ver=12283&tm=333&src=hmp");
Line Deleted : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=492&aid=100&itype=n&ver=12283&tm=333&src=ds&p=");

-\\ Google Chrome v

[ File : C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8313 octets] - [07/05/2014 21:34:19]
AdwCleaner[S0].txt - [8242 octets] - [07/05/2014 21:45:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8302 octets] ##########

 

FRST.txt from Farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by Donna (administrator) on JIMSPC on 07-05-2014 21:55:05
Running from C:\Users\Donna\Desktop\Farbar Recovery Scan Tool (32 bit)
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
() C:\Program Files\pcreg\pcreg.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\StorageSync\StrgSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Octoshape ApS) C:\Users\Donna\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-03-01] (Realtek Semiconductor)
HKLM\...\Run: [DPService] => C:\Program Files\HP\DVDPlay\DPService.exe [90112 2007-12-18] (CyberLink Corp.)
HKLM\...\Run: [StrgSync.exe] => C:\Program Files\StorageSync\StrgSync.exe [3032576 2005-10-07] ()
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3171153450-968238963-1521262733-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Donna\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)
HKU\S-1-5-21-3171153450-968238963-1521262733-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3171153450-968238963-1521262733-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-3171153450-968238963-1521262733-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3171153450-968238963-1521262733-1000\...\MountPoints2: {3de9ab81-8497-11df-b623-001bb95317a1} - F:\JDSecure\Windows\JDSecure31.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-mail - Shortcut.lnk
ShortcutTarget: E-mail - Shortcut.lnk ->  (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP51
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {02418729-5AA9-4E13-9D06-2D18A27B7C71} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HQDUS7
SearchScopes: HKLM - {697383E6-1408-42A8-8AD3-6B813E200BB0} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=n&ver=12283&tm=333&src=ds&p={searchTerms}
SearchScopes: HKLM - {FB2CC632-AF4C-462A-8DB7-DFF2AF55A01E} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - {02418729-5AA9-4E13-9D06-2D18A27B7C71} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HQDUS7
SearchScopes: HKCU - {3369635F-3BC4-4947-8CFE-4C9F6D13F8AA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_enUS417
SearchScopes: HKCU - {697383E6-1408-42A8-8AD3-6B813E200BB0} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKCU - {FB2CC632-AF4C-462A-8DB7-DFF2AF55A01E} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://usphx-portal2-a1.workbooth.com//SNX/CSHELL/extender.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10N_FR29-12649/training/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2012-03-09] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\hv38l651.default
FF Homepage: hxxp://www.rr.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Donna\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Donna\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\default-search.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\hv38l651.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-10-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-12-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.)
R2 cpextender; C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [368280 2014-02-19] (Check Point Software Technologies)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [644088 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [175480 2014-03-17] (McAfee, Inc.)
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
R2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [494192 2012-03-02] (VMware, Inc.)
R2 wsnm_usbctrl; C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [797296 2012-03-02] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

S3 1150; C:\Windows\System32\DRIVERS\1150 [9072 2011-06-01] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-03-17] (McAfee, Inc.)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-05] (DemoForge, LLC)
S3 ISWKLP; C:\Windows\System32\drivers\ISWKLP.sys [36200 2014-04-30] (Check Point Software Technologies)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236480 2014-03-17] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [573968 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [330248 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [214856 2014-03-17] (McAfee, Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2013-09-25] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [348160 2009-10-14] (NETGEAR Inc.                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-03-09] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2012-03-09] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 vmwvusb; C:\Windows\System32\Drivers\vmwvusb.sys [40048 2012-03-02] (VMware, Inc.)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [129304 2014-02-19] (Check Point Software Technologies)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-07 21:56 - 2014-05-07 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-07 21:54 - 2014-05-07 21:55 - 00000000 ____D () C:\FRST
2014-05-07 21:54 - 2014-05-07 21:54 - 00008382 _____ () C:\Users\Donna\Desktop\AdwCleaner[S0].txt
2014-05-07 21:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-07 21:31 - 2014-05-07 21:47 - 00000000 ____D () C:\AdwCleaner
2014-05-07 21:28 - 2014-05-07 21:55 - 00000000 ____D () C:\Users\Donna\Desktop\Farbar Recovery Scan Tool (32 bit)
2014-05-07 21:27 - 2014-05-07 21:27 - 01316991 _____ () C:\Users\Donna\Desktop\adwcleaner.exe
2014-05-06 14:32 - 2014-05-07 17:28 - 00001832 _____ () C:\Users\Workbooth\AppData\Local\SLC_Workbooth.prx
2014-05-06 11:38 - 2014-05-06 11:38 - 00003903 _____ () C:\Users\Donna\Desktop\attach.zip
2014-05-06 11:10 - 2014-05-06 11:10 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\SUPERAntiSpyware.com
2014-05-06 10:41 - 2014-05-06 10:41 - 00688992 ____R (Swearware) C:\Users\Donna\Desktop\dds.com
2014-05-02 00:57 - 2014-05-02 00:57 - 384012345 _____ () C:\Windows\MEMORY.DMP
2014-05-02 00:57 - 2014-05-02 00:57 - 00144256 _____ () C:\Windows\Minidump\Mini050214-01.dmp
2014-05-01 12:12 - 2014-05-01 12:12 - 00000000 ____D () C:\Users\Donna\Documents\ProcAlyzer Dumps
2014-05-01 10:19 - 2014-05-07 21:49 - 00005492 _____ () C:\Windows\PFRO.log
2014-04-30 19:11 - 2014-05-06 10:47 - 00020905 _____ () C:\Users\Donna\Desktop\dds.txt
2014-04-30 19:11 - 2014-05-06 10:47 - 00011683 _____ () C:\Users\Donna\Desktop\attach.txt
2014-04-30 17:16 - 2014-04-30 17:16 - 00036200 _____ (Check Point Software Technologies) C:\Windows\system32\Drivers\ISWKLP.sys
2014-04-30 17:16 - 2014-04-30 17:16 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Checkpoint
2014-04-30 17:12 - 2014-05-06 14:29 - 00000000 ____D () C:\Program Files\CheckPoint
2014-04-30 16:22 - 2014-05-07 21:58 - 00286370 _____ () C:\Windows\WindowsUpdate.log
2014-04-30 15:45 - 2014-04-30 15:45 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\PeerNetworking
2014-04-30 13:40 - 2014-04-30 13:40 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\Macromedia
2014-04-30 13:35 - 2014-04-30 13:36 - 00282960 _____ (Mozilla) C:\Users\Workbooth\Downloads\Firefox Setup Stub 29.0.exe
2014-04-30 13:33 - 2014-04-30 13:33 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Mozilla
2014-04-30 13:33 - 2014-04-30 13:33 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\Mozilla
2014-04-30 13:22 - 2014-04-30 13:22 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Malwarebytes
2014-04-30 13:02 - 2014-04-30 13:02 - 01745872 _____ (AnyProtect.com) C:\Users\Workbooth\AppData\Local\nsvEF0E.tmp
2014-04-30 13:01 - 2014-05-07 21:50 - 00000270 _____ () C:\Windows\Tasks\pcreg.job
2014-04-30 13:01 - 2014-05-07 20:18 - 00000354 _____ () C:\Windows\Tasks\At1.job
2014-04-30 13:01 - 2014-05-02 01:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-30 13:01 - 2014-04-30 13:01 - 00000000 ____D () C:\Program Files\pcreg
2014-04-30 13:00 - 2014-04-30 13:00 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-04-30 12:57 - 2014-04-30 12:58 - 00376288 _____ () C:\Users\Workbooth\Downloads\MediaPlayerClassic (1).exe
2014-04-30 12:57 - 2014-04-30 12:57 - 00376288 _____ () C:\Users\Workbooth\Downloads\MediaPlayerClassic.exe
2014-04-30 12:42 - 2014-04-30 12:42 - 00000000 ____D () C:\Program Files\TightVNC
2014-04-30 12:42 - 2014-04-30 12:42 - 00000000 ____D () C:\Program Files\DemoForge
2014-04-30 12:42 - 2008-03-05 00:00 - 00034128 _____ (DemoForge, LLC) C:\Windows\system32\Drivers\dfmirage.sys
2014-04-30 12:42 - 2008-03-05 00:00 - 00032976 _____ (DemoForge, LLC) C:\Windows\system32\dfmirage.dll
2014-04-30 12:41 - 2014-04-30 12:41 - 00001117 _____ () C:\Users\Public\Desktop\VMware View Client.lnk
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vmwvusb_01009.Wdf
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\VMware
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____D () C:\ProgramData\VMware
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____D () C:\Program Files\VMware
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-04-30 12:41 - 2012-03-02 16:49 - 00040048 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmwvusb.sys
2014-04-30 12:37 - 2014-04-30 12:37 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeleTech
2014-04-30 12:36 - 2014-04-30 12:36 - 00001035 _____ () C:\Users\Public\Desktop\TeleTech SIP.lnk
2014-04-30 12:36 - 2014-04-30 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeleTech SIP
2014-04-30 12:34 - 2014-04-30 12:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-30 12:29 - 2014-04-30 12:43 - 00000000 ____D () C:\Program Files\TeleTech
2014-04-30 12:29 - 2014-04-30 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeleTech
2014-04-30 12:22 - 2014-04-30 12:22 - 00000000 __SHD () C:\Users\Workbooth\Documents\cache
2014-04-30 12:22 - 2014-04-30 12:22 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\webex
2014-04-30 10:02 - 2014-04-30 16:05 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\Google
2014-04-30 10:02 - 2014-04-30 10:02 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Adobe
2014-04-30 09:45 - 2014-04-30 09:45 - 00000680 _____ () C:\Users\Workbooth\AppData\Local\d3d9caps.dat
2014-04-30 09:45 - 2014-04-30 09:45 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Hewlett-Packard
2014-04-30 09:45 - 2014-04-30 09:45 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\Hewlett-Packard
2014-04-30 09:44 - 2014-04-30 09:44 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\AMD
2014-04-30 09:43 - 2014-04-30 09:43 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-04-30 09:42 - 2014-04-30 09:42 - 00120328 _____ () C:\Users\Workbooth\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-30 09:42 - 2014-04-30 09:42 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\ATI
2014-04-30 09:42 - 2014-04-30 09:42 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\DVDPlay
2014-04-30 09:42 - 2014-04-30 09:42 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\ATI
2014-04-30 09:41 - 2014-04-30 13:16 - 00000950 _____ () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-30 09:41 - 2014-04-30 09:41 - 00000955 _____ () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-30 09:40 - 2014-04-30 09:45 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\VirtualStore
2014-04-30 09:40 - 2014-04-30 09:40 - 00000921 _____ () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-04-30 09:40 - 2014-04-30 09:40 - 00000020 ___SH () C:\Users\Workbooth\ntuser.ini
2014-04-30 09:39 - 2014-05-07 21:46 - 00000000 ____D () C:\Users\Workbooth
2014-04-30 09:39 - 2014-04-30 09:41 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Apple Computer
2014-04-30 09:39 - 2010-01-09 16:18 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Macromedia
2014-04-30 09:39 - 2009-11-14 11:55 - 00000000 ___RD () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-30 09:39 - 2009-11-14 11:55 - 00000000 ___RD () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-30 09:39 - 2009-11-04 09:42 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\Microsoft Help
2014-04-29 15:41 - 2014-04-29 15:41 - 00001614 _____ () C:\Users\Donna\Downloads\AutoWB2.zip
2014-04-25 01:11 - 2014-04-25 01:11 - 00000000 ____D () C:\Users\Donna\AppData\Local\Adobe
2014-04-24 18:35 - 2014-04-24 18:35 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-24 18:35 - 2014-04-24 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-24 18:34 - 2014-04-24 18:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-24 18:33 - 2014-04-24 18:34 - 04745984 _____ (Piriform Ltd) C:\Users\Donna\Downloads\ccsetup413.exe
2014-04-24 08:30 - 2014-05-07 21:50 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-24 08:30 - 2014-04-30 23:40 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-24 08:30 - 2014-04-30 00:53 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-24 08:29 - 2014-05-01 12:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-24 08:29 - 2014-04-24 08:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-24 08:29 - 2014-04-24 08:29 - 00001976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-24 08:29 - 2014-04-24 08:29 - 00001964 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-24 08:29 - 2014-04-24 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-24 08:29 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-04-24 08:25 - 2014-04-24 08:27 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Donna\Downloads\spybot-2.2.exe
2014-04-20 23:41 - 2014-04-20 23:41 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\Oracle
2014-04-20 23:40 - 2014-04-20 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 23:40 - 2014-04-20 23:40 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-20 23:40 - 2014-04-20 23:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-20 23:40 - 2014-04-20 23:38 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-20 23:40 - 2014-04-20 23:38 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-20 23:40 - 2014-04-20 23:38 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-20 23:30 - 2014-04-20 23:30 - 00921512 _____ (Oracle Corporation) C:\Users\Donna\Downloads\JavaSetup7u55.exe
2014-04-20 23:17 - 2014-04-20 23:18 - 00004157 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-09 00:08 - 2014-04-09 00:08 - 48058800 _____ () C:\Users\Donna\Downloads\cjr3300EN.exe
2014-04-08 23:36 - 2014-04-08 23:36 - 02816040 _____ (LionSea SoftWare ) C:\Users\Donna\Downloads\setup (2).exe
2014-04-08 23:25 - 2014-02-05 20:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 21:24 - 2014-04-08 21:24 - 48058800 _____ () C:\Users\Donna\Downloads\cjr3300EN (1).exe
2014-04-08 16:43 - 2014-04-09 00:13 - 00000000 ____D () C:\Program Files\Lx_cats
2014-04-08 16:41 - 2014-04-08 16:43 - 00000000 ____D () C:\Users\Donna\{2eb975fe-2f86-4167-a068-fec4614f613c}
2014-04-08 16:21 - 2014-04-08 21:22 - 00000294 _____ () C:\lxcc.log
2014-04-08 16:12 - 2005-12-06 11:47 - 02040331 _____ () C:\Users\Public\Desktop\Lexmark 3300 Series User's Guide.chm

==================== One Month Modified Files and Folders =======

2014-05-07 21:58 - 2014-04-30 16:22 - 00286370 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 21:56 - 2014-05-07 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-07 21:56 - 2006-11-02 05:33 - 00763670 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 21:55 - 2014-05-07 21:54 - 00000000 ____D () C:\FRST
2014-05-07 21:55 - 2014-05-07 21:28 - 00000000 ____D () C:\Users\Donna\Desktop\Farbar Recovery Scan Tool (32 bit)
2014-05-07 21:54 - 2014-05-07 21:54 - 00008382 _____ () C:\Users\Donna\Desktop\AdwCleaner[S0].txt
2014-05-07 21:50 - 2014-04-30 13:01 - 00000270 _____ () C:\Windows\Tasks\pcreg.job
2014-05-07 21:50 - 2014-04-24 08:30 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-07 21:50 - 2011-02-02 09:54 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 21:50 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-07 21:50 - 2006-11-02 07:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 21:50 - 2006-11-02 07:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 21:49 - 2014-05-01 10:19 - 00005492 _____ () C:\Windows\PFRO.log
2014-05-07 21:48 - 2006-11-02 07:58 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-07 21:47 - 2014-05-07 21:31 - 00000000 ____D () C:\AdwCleaner
2014-05-07 21:46 - 2014-04-30 09:39 - 00000000 ____D () C:\Users\Workbooth
2014-05-07 21:45 - 2011-02-02 09:54 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 21:28 - 2011-11-10 22:51 - 00000000 ____D () C:\Users\Donna\Documents\Outlook Files
2014-05-07 21:27 - 2014-05-07 21:27 - 01316991 _____ () C:\Users\Donna\Desktop\adwcleaner.exe
2014-05-07 21:05 - 2013-02-27 09:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 21:01 - 2011-05-28 21:04 - 00000256 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-05-07 20:18 - 2014-04-30 13:01 - 00000354 _____ () C:\Windows\Tasks\At1.job
2014-05-07 17:28 - 2014-05-06 14:32 - 00001832 _____ () C:\Users\Workbooth\AppData\Local\SLC_Workbooth.prx
2014-05-07 09:21 - 2011-03-27 16:41 - 00000000 ____D () C:\Users\Donna\AppData\Local\Unity
2014-05-07 09:20 - 2010-01-09 16:18 - 00000000 ____D () C:\Program Files\Adobe
2014-05-06 14:29 - 2014-04-30 17:12 - 00000000 ____D () C:\Program Files\CheckPoint
2014-05-06 11:38 - 2014-05-06 11:38 - 00003903 _____ () C:\Users\Donna\Desktop\attach.zip
2014-05-06 11:10 - 2014-05-06 11:10 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\SUPERAntiSpyware.com
2014-05-06 10:47 - 2014-04-30 19:11 - 00020905 _____ () C:\Users\Donna\Desktop\dds.txt
2014-05-06 10:47 - 2014-04-30 19:11 - 00011683 _____ () C:\Users\Donna\Desktop\attach.txt
2014-05-06 10:41 - 2014-05-06 10:41 - 00688992 ____R (Swearware) C:\Users\Donna\Desktop\dds.com
2014-05-05 10:14 - 2011-02-20 01:43 - 00001356 _____ () C:\Users\Donna\AppData\Local\d3d9caps.dat
2014-05-03 07:56 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-05-02 09:22 - 2006-11-02 06:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-05-02 01:02 - 2014-04-30 13:01 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-02 00:57 - 2014-05-02 00:57 - 384012345 _____ () C:\Windows\MEMORY.DMP
2014-05-02 00:57 - 2014-05-02 00:57 - 00144256 _____ () C:\Windows\Minidump\Mini050214-01.dmp
2014-05-02 00:57 - 2011-05-07 11:42 - 00000000 ____D () C:\Windows\Minidump
2014-05-01 12:12 - 2014-05-01 12:12 - 00000000 ____D () C:\Users\Donna\Documents\ProcAlyzer Dumps
2014-05-01 12:12 - 2014-04-24 08:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-01 11:28 - 2009-11-04 13:44 - 00000527 _____ () C:\Windows\wininit.ini
2014-05-01 10:19 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Help
2014-05-01 08:45 - 2011-05-07 11:32 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-04-30 23:40 - 2014-04-24 08:30 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-30 18:13 - 2006-11-02 07:40 - 00000000 ____D () C:\Windows\WindowsMobile
2014-04-30 17:16 - 2014-04-30 17:16 - 00036200 _____ (Check Point Software Technologies) C:\Windows\system32\Drivers\ISWKLP.sys
2014-04-30 17:16 - 2014-04-30 17:16 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Checkpoint
2014-04-30 16:49 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2014-04-30 16:17 - 2011-02-02 09:54 - 00000000 ____D () C:\Program Files\Google
2014-04-30 16:05 - 2014-04-30 10:02 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\Google
2014-04-30 16:05 - 2011-02-02 09:54 - 00000000 ____D () C:\ProgramData\Google
2014-04-30 15:45 - 2014-04-30 15:45 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\PeerNetworking
2014-04-30 14:25 - 2014-04-01 16:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-30 14:25 - 2011-03-08 00:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-30 13:40 - 2014-04-30 13:40 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\Macromedia
2014-04-30 13:37 - 2014-04-01 16:14 - 00000864 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-30 13:37 - 2014-04-01 16:14 - 00000852 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-30 13:36 - 2014-04-30 13:35 - 00282960 _____ (Mozilla) C:\Users\Workbooth\Downloads\Firefox Setup Stub 29.0.exe
2014-04-30 13:33 - 2014-04-30 13:33 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Mozilla
2014-04-30 13:33 - 2014-04-30 13:33 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\Mozilla
2014-04-30 13:22 - 2014-04-30 13:22 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Malwarebytes
2014-04-30 13:16 - 2014-04-30 09:41 - 00000950 _____ () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-30 13:02 - 2014-04-30 13:02 - 01745872 _____ (AnyProtect.com) C:\Users\Workbooth\AppData\Local\nsvEF0E.tmp
2014-04-30 13:01 - 2014-04-30 13:01 - 00000000 ____D () C:\Program Files\pcreg
2014-04-30 13:01 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-30 13:00 - 2014-04-30 13:00 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-04-30 12:58 - 2014-04-30 12:57 - 00376288 _____ () C:\Users\Workbooth\Downloads\MediaPlayerClassic (1).exe
2014-04-30 12:57 - 2014-04-30 12:57 - 00376288 _____ () C:\Users\Workbooth\Downloads\MediaPlayerClassic.exe
2014-04-30 12:43 - 2014-04-30 12:29 - 00000000 ____D () C:\Program Files\TeleTech
2014-04-30 12:42 - 2014-04-30 12:42 - 00000000 ____D () C:\Program Files\TightVNC
2014-04-30 12:42 - 2014-04-30 12:42 - 00000000 ____D () C:\Program Files\DemoForge
2014-04-30 12:41 - 2014-04-30 12:41 - 00001117 _____ () C:\Users\Public\Desktop\VMware View Client.lnk
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vmwvusb_01009.Wdf
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\VMware
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____D () C:\ProgramData\VMware
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____D () C:\Program Files\VMware
2014-04-30 12:41 - 2014-04-30 12:41 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-04-30 12:37 - 2014-04-30 12:37 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeleTech
2014-04-30 12:36 - 2014-04-30 12:36 - 00001035 _____ () C:\Users\Public\Desktop\TeleTech SIP.lnk
2014-04-30 12:36 - 2014-04-30 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeleTech SIP
2014-04-30 12:34 - 2014-04-30 12:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-30 12:32 - 2014-04-30 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeleTech
2014-04-30 12:22 - 2014-04-30 12:22 - 00000000 __SHD () C:\Users\Workbooth\Documents\cache
2014-04-30 12:22 - 2014-04-30 12:22 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\webex
2014-04-30 12:21 - 2011-10-27 16:16 - 00000000 ____D () C:\ProgramData\WebEx
2014-04-30 10:06 - 2009-10-30 19:57 - 00000950 _____ () C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-30 10:02 - 2014-04-30 10:02 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Adobe
2014-04-30 09:45 - 2014-04-30 09:45 - 00000680 _____ () C:\Users\Workbooth\AppData\Local\d3d9caps.dat
2014-04-30 09:45 - 2014-04-30 09:45 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Hewlett-Packard
2014-04-30 09:45 - 2014-04-30 09:45 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\Hewlett-Packard
2014-04-30 09:45 - 2014-04-30 09:40 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\VirtualStore
2014-04-30 09:44 - 2014-04-30 09:44 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\AMD
2014-04-30 09:43 - 2014-04-30 09:43 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-04-30 09:42 - 2014-04-30 09:42 - 00120328 _____ () C:\Users\Workbooth\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-30 09:42 - 2014-04-30 09:42 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\ATI
2014-04-30 09:42 - 2014-04-30 09:42 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\DVDPlay
2014-04-30 09:42 - 2014-04-30 09:42 - 00000000 ____D () C:\Users\Workbooth\AppData\Local\ATI
2014-04-30 09:41 - 2014-04-30 09:41 - 00000955 _____ () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-30 09:41 - 2014-04-30 09:39 - 00000000 ____D () C:\Users\Workbooth\AppData\Roaming\Apple Computer
2014-04-30 09:40 - 2014-04-30 09:40 - 00000921 _____ () C:\Users\Workbooth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-04-30 09:40 - 2014-04-30 09:40 - 00000020 ___SH () C:\Users\Workbooth\ntuser.ini
2014-04-30 00:53 - 2014-04-24 08:30 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-29 15:41 - 2014-04-29 15:41 - 00001614 _____ () C:\Users\Donna\Downloads\AutoWB2.zip
2014-04-29 14:05 - 2013-02-27 09:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 14:05 - 2013-02-27 09:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-28 19:06 - 2012-02-18 14:28 - 00000000 ____D () C:\Users\Donna\Documents\TurboTax
2014-04-25 01:11 - 2014-04-25 01:11 - 00000000 ____D () C:\Users\Donna\AppData\Local\Adobe
2014-04-24 19:09 - 2009-11-03 23:14 - 00000000 ____D () C:\Users\Donna\Tracing
2014-04-24 19:09 - 2009-10-30 17:41 - 00000000 ____D () C:\Windows\Panther
2014-04-24 18:35 - 2014-04-24 18:35 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-24 18:35 - 2014-04-24 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-24 18:35 - 2014-04-24 18:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-24 18:34 - 2014-04-24 18:33 - 04745984 _____ (Piriform Ltd) C:\Users\Donna\Downloads\ccsetup413.exe
2014-04-24 09:20 - 2011-02-28 22:23 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-24 08:44 - 2014-04-24 08:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-04-24 08:29 - 2014-04-24 08:29 - 00001976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-24 08:29 - 2014-04-24 08:29 - 00001964 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-24 08:29 - 2014-04-24 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-24 08:27 - 2014-04-24 08:25 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Donna\Downloads\spybot-2.2.exe
2014-04-23 10:04 - 2011-11-03 18:42 - 00000000 ____D () C:\Windows\rnapxs
2014-04-23 09:38 - 2012-03-31 11:40 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-04-23 09:27 - 2012-12-10 11:29 - 00000912 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-23 09:27 - 2012-12-10 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-23 09:27 - 2012-12-10 11:27 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-20 23:41 - 2014-04-20 23:41 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\Oracle
2014-04-20 23:40 - 2014-04-20 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-20 23:40 - 2014-04-20 23:40 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-20 23:40 - 2013-10-21 09:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 23:39 - 2014-04-20 23:40 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-20 23:38 - 2014-04-20 23:40 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-20 23:38 - 2014-04-20 23:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-20 23:38 - 2014-04-20 23:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-20 23:30 - 2014-04-20 23:30 - 00921512 _____ (Oracle Corporation) C:\Users\Donna\Downloads\JavaSetup7u55.exe
2014-04-20 23:18 - 2014-04-20 23:17 - 00004157 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-20 23:18 - 2011-11-03 08:05 - 00000000 ____D () C:\Program Files\Java
2014-04-09 01:32 - 2009-10-30 18:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 01:30 - 2013-08-14 01:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 01:15 - 2006-11-02 05:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-09 00:13 - 2014-04-08 16:43 - 00000000 ____D () C:\Program Files\Lx_cats
2014-04-09 00:12 - 2009-10-30 19:51 - 00000000 ____D () C:\Users\Donna
2014-04-09 00:08 - 2014-04-09 00:08 - 48058800 _____ () C:\Users\Donna\Downloads\cjr3300EN.exe
2014-04-08 23:36 - 2014-04-08 23:36 - 02816040 _____ (LionSea SoftWare ) C:\Users\Donna\Downloads\setup (2).exe
2014-04-08 21:24 - 2014-04-08 21:24 - 48058800 _____ () C:\Users\Donna\Downloads\cjr3300EN (1).exe
2014-04-08 21:22 - 2014-04-08 16:21 - 00000294 _____ () C:\lxcc.log
2014-04-08 16:43 - 2014-04-08 16:41 - 00000000 ____D () C:\Users\Donna\{2eb975fe-2f86-4167-a068-fec4614f613c}
2014-04-08 16:39 - 2006-11-02 07:35 - 00000000 ____D () C:\Windows\twain_32
2014-04-08 14:59 - 2012-02-18 14:22 - 00000899 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Windows\Tasks\At1.job

Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-07 21:56

==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 08 May 2014 - 07:37 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShortcutTarget: E-mail - Shortcut.lnk ->  (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {FB2CC632-AF4C-462A-8DB7-DFF2AF55A01E} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - {FB2CC632-AF4C-462A-8DB7-DFF2AF55A01E} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
Toolbar: HKCU - No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\default-search.xml
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
C:\Windows\Tasks\At1.job

End

Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what problem persists.

#7 jimworzala

jimworzala
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 08 May 2014 - 10:20 AM

There is a problem that I have that I am not sure whether or not it has anything to do with the Malware issue. It started happening several weeks before the incident that caused all of the Malware to be downloaded. When I boot up the computer, I get a message that it is checking the file system on D: and says it is a recovery drive. It then says there is a corrupt masterfile table, windows will attempt to recover Masterfile table from disk. After a few seconds it says can't recover masterfile table from disk, aborting chkdisk. Other than that, I am noticing no problems.

 

The log files from the last scans follow.

 

FRST fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:07-05-2014
Ran by Donna at 2014-05-08 09:41:27 Run:1
Running from C:\Users\Donna\Desktop\Farbar Recovery Scan Tool (32 bit)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShortcutTarget: E-mail - Shortcut.lnk ->  (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {FB2CC632-AF4C-462A-8DB7-DFF2AF55A01E} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - {FB2CC632-AF4C-462A-8DB7-DFF2AF55A01E} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
Toolbar: HKCU - No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\default-search.xml
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
C:\Windows\Tasks\At1.job

End
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => Key deleted successfully.
ShortcutTarget: E-mail - Shortcut.lnk ->  (No File) not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB2CC632-AF4C-462A-8DB7-DFF2AF55A01E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB2CC632-AF4C-462A-8DB7-DFF2AF55A01E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB2CC632-AF4C-462A-8DB7-DFF2AF55A01E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB2CC632-AF4C-462A-8DB7-DFF2AF55A01E} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} => Value deleted successfully.
HKCR\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Value deleted successfully.
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCR\PROTOCOLS\Handler\ms-itss => Key deleted successfully.
HKCR\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754} => Key deleted successfully.
C:\Program Files\mozilla firefox\searchplugins\default-search.xml => Moved successfully.
pcregservice => Service stopped successfully.
pcregservice => Service deleted successfully.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
PcdrNdisuio => Service deleted successfully.
C:\Windows\Tasks\At1.job => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

 

Checkup.text:

 

 Results of screen317's Security Check version 0.99.82 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 SUPERAntiSpyware    
 Secunia PSI (2.0.0.4003)  
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java 7 Update 55 
 Adobe Flash Player  13.0.0.206 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Mozilla Firefox (29.0)
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 Online Games Manager ogmservice.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 08 May 2014 - 01:21 PM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Let me check your Master Boot Record.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

#9 jimworzala

jimworzala
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 08 May 2014 - 09:01 PM

Adobe reader did not install. It started up then said the program is already installed and only option was finish. There was nothing there to remove old versions that I could see.

 

aswMBR log results:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-08 21:51:45
-----------------------------
21:51:45.326    OS Version: Windows 6.0.6002 Service Pack 2
21:51:45.326    Number of processors: 1 586 0x5F02
21:51:45.327    ComputerName: JIMSPC  UserName: Donna
21:51:49.555    Initialize success
21:52:16.503    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
21:52:16.514    Disk 0 Vendor: ST312021 3.AH Size: 114473MB BusType: 6
21:52:16.661    Disk 0 MBR read successfully
21:52:16.669    Disk 0 MBR scan
21:52:16.681    Disk 0 unknown MBR code
21:52:16.706    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       105881 MB offset 63
21:52:16.756    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         8589 MB offset 216845370
21:52:16.786    Disk 0 scanning sectors +234436545
21:52:16.977    Disk 0 scanning C:\Windows\system32\drivers
21:52:35.770    Service scanning
21:53:24.000    Modules scanning
21:53:43.108    Disk 0 trace - called modules:
21:53:43.147    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys tcpip.sys NETIO.SYS
21:53:43.153    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874462c8]
21:53:43.162    3 CLASSPNP.SYS[8cb9f8b3] -> nt!IofCallDriver -> [0x86828158]
21:53:43.169    5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\00000064[0x868c4718]
21:53:43.182    Scan finished successfully
21:54:40.127    Disk 0 MBR has been saved successfully to "C:\Users\Donna\Desktop\MBR.dat"
21:54:40.167    The log file has been saved successfully to "C:\Users\Donna\Desktop\aswMBR.txt"

 

MBR.dat is attached.
 

Attached Files

  • Attached File  MBR.zip   580bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 09 May 2014 - 08:51 AM


Your Master Boot record is good.

I get a message that it is checking the file system on D: and says it is a recovery drive


Not much you can do. Unless you want to start over.
Check this out.
http://h30434.www3.hp.com/t5/Notebook-Recovery/Recovery-Partition-Corrupted/td-p/1031541




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users