Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help. Infected with Aetemis virus. Can't get rid of it!


  • This topic is locked This topic is locked
44 replies to this topic

#1 latinausa2

latinausa2

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 28 June 2014 - 01:22 AM

Had to do a complete reinstall a month ago due to Artemis infection.  Must have infected my backup because it came back and McAfee detected it in the backup drive and fixed four files.  Know there's more, but everything I've tried hasn't been able to catch it all.  Any help would be greatly appreciated.  It's driving my nuts. 

 

I've tried:

 

Malwarebytes

Wisecare 365

Emisoft Anti-malware

Jetclean

Auslogics Registry Cleaner

Glarysoft Registry Repair

Spybot S&D

Purian Utilities

Microsoft Safety Scanner

Microsoft Virus Removal Tool

Sophos Virus Removal

TDSSK Killer

Microsoft Fit It

McAfee getsusp

McAfee root kit removr

McAfee stinger

avast anti-virus

Windows Defender

 

and a few more I can't uninstalled and can't remember.

 

Can anyone help me?

 

Latina



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 03 July 2014 - 01:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539271 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:04:36 AM

Posted 09 July 2014 - 12:05 PM

Hello latinausa2,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:04:36 AM

Posted 12 July 2014 - 02:00 PM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 latinausa2

latinausa2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 13 July 2014 - 03:35 AM

Apologize for delay in posting.  Computer had melt down and took days to get to do a system restore.  My backup is corrupted, so I'm really up the creek.    I do not want to do a full reinstall.

 

Since last post, I've run:

 

AVG antivirus

CCleaner

and a few others I don't recall just now.

 

GetSus gave me this:

 

Scan-Summary>
  <Identified-Files value="1166" />
  <Digitally-Signed value="1134" />
  <Artemis value="22" />
  <Known-Files-Database value="0" />
  <Suspicious-Files value="10" />
  <Not-Scanned value="0" />
 </Scan-Summary>
 <Preferences>
  <Online value="0" />
  <Silent value="0" />
  <Contains-Sample value="0" />
  <KFDB-Connected value="0" />
  <Proxy-Enabled value="0" />
  

I will follow your instruction and post ASAP.

 

I  truly appreciate your help.

 

Latina



#6 latinausa2

latinausa2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 13 July 2014 - 06:23 AM

As you requested, a bit of history: 

 

A few months ago my computer went nuts.  Tried everything I knew to get it to run properly to no avail.  McAfee finally caught an Artemis trojen and quarantined 4 files.

 

Could not get it to run properly and was able, with difficulty, do a complete factory reinstall.  This virus damaged my backup files in portable drive, including my docs and pics...I'm devastated!

 

I thought I got rid of it, but I didn't, as the system starting acting up again a couple of weeks ago.   I'd connected the backup thinking it was clean, but re-infected the system.

 

I have Windows 7 Ultimate 64-bit and have factory disks.   I've tried to do a system repair and system restore and after days of trying, by some miracle, I was able to do a system restore, but the system is slow and erratic even after I cut down on the start-up programs. The backup remains infected and it's difficult to catch the virus.  I need to clean up my backup drive so that I can access files that are not damaged and also get the computer free from this nasty virus.

 

I have tried the following:

 

Malwarebytes

Wisecare 365

Emisoft Anti-malware

Jetclean

Auslogics Registry Cleaner

Glarysoft Registry Repair

Spybot S&D

Purian Utilities

Microsoft Safety Scanner

Microsoft Virus Removal Tool

Sophos Virus Removal

TDSSK Killer

Microsoft Fit It - various

McAfee getsusp

McAfee root kit remover

McAfee stinger

avast anti-virus

Windows Defender

AVG Anti-virus

CCleaner

Spybot

McAfee Antivirus

and a other virus/registry cleaners that I don't recall names of.

 

         GetSusp gave me this:           <Artemis value="27" />

 

Here's the full Getsusp scan summary:

<?xml version="1.0" encoding="utf-8"?>

<?xml-stylesheet type="text/xsl" href="Logs\GetSusp.xsl"?>

<!-- GetSusp Results -->

<GetSusp>

               <Preamble>

                              <product_name value="GetSusp" />

                              <version value="3.0.0.373" />

                              <date_run value="Sun Jul 13 06:15:46 2014" />

               </Preamble>

               <SystemInfo>

                              <osversion value="Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64-bit" />

                              <windir value="C:\Windows" />

                              <sysdir value="C:\Windows\system32" />

                              <computername value="LATINA-PC" />

               </SystemInfo>

               <CustomerInfo>

               </CustomerInfo>

               <scan-end-time value="Sun Jul 13 06:19:47 2014" />

               <Scan-Summary>

                              <Identified-Files value="1082" />

                              <Digitally-Signed value="1043" />

                              <Artemis value="27" />

                              <Known-Files-Database value="0" />

                              <Suspicious-Files value="12" />

                              <Not-Scanned value="0" />

               </Scan-Summary>

               <Preferences>

                              <Online value="1" />

                              <Silent value="0" />

                              <Contains-Sample value="1" />

                              <KFDB-Connected value="0" />

                              <Proxy-Enabled value="0" />

                              <Execution-Path value="C:\Users\Latina\Desktop\Antivirus Tools" />

                              <Zip-Path value="C:\Users\Latina\Desktop\Antivirus Tools" />

               </Preferences>

</GetSusp>

 

I also ran hijack this which I will post result following this.



#7 latinausa2

latinausa2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 13 July 2014 - 06:25 AM

Hjack This Log File:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:16:19 AM, on 7/13/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17126)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: I.R.I.S. Desktop Search - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files (x86)\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~2\ZIPSCA~1\zs_ie.htm

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11146 bytes



#8 latinausa2

latinausa2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 13 July 2014 - 06:40 AM

Here's the DDS Log:  I can't post it in one post because it's too long, so I'm splitting it:  lst half appearing here; 2nd half next post.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 7/26/2013 9:43:08 PM

System Uptime: 7/13/2014 6:10:45 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. |  | Benicia

Processor: Intel® Core™2 Quad CPU    Q6700  @ 2.66GHz | CPU 1 | 2667/267mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 456 GiB total, 288.766 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 1.308 GiB free.

E: is FIXED (NTFS) - 466 GiB total, 459.361 GiB free.

F: is CDROM (UDF)

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP362: 7/5/2014 4:06:47 AM - Windows Backup

RP363: 7/5/2014 4:50:56 AM - Removed Sophos Virus Removal Tool.

RP364: 7/5/2014 4:52:56 AM - Removed Sophos Virus Removal Tool.

RP365: 7/5/2014 5:08:52 AM - Windows Update

RP366: 7/5/2014 5:16:59 AM - Manual after restoring from infected drive. No Artemis found

RP368: 7/5/2014 10:12:50 PM - Microsoft Antimalware Checkpoint

RP369: 7/5/2014 10:20:15 PM - McAfee Vulnerability Scanner

RP370: 7/7/2014 2:20:48 AM - Installed HiJackThis

RP371: 7/13/2014 3:17:20 AM - McAfee Vulnerability Scanner

RP372: 7/13/2014 3:27:21 AM - Windows Update

.

==== Installed Programs ======================

.

4660_4680_Help

64 Bit HP CIO Components Installer

7500_7600_7700_Help1

Adobe Community Help

Adobe Flash Player 14 ActiveX

Adobe Photoshop Elements 10

Adobe Photoshop.com Inspiration Browser

Adobe Reader XI (11.0.07)

Adobe Shockwave Player 12.0

Auslogics Registry Cleaner

Avery Wizard 5.0

bpd_scan

bpd_scan_Carrier

BPDSoftware

BPDSoftware_Ini

Brother Driver Deployment Wizard

BufferChm

Copy

Corel Applications

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DJ_AIO_03_F4200_Software_Min

DocMgr

DocProc

Elements 10 Organizer

Emsisoft Anti-Malware

Express Zip

F4200

Fax

Free Window Registry Repair

Free Word Excel PowerPoint to Pdf Converter 5.8

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Greeting Card Factory Photo Card Maker

HiJackThis

HP Customer Participation Program 14.0

HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3

HP Document Manager 2.0

HP Imaging Device Functions 14.0

HP OfficeJet J4600 All-In-One Series

HP OfficeJet L7300/L7500/7600/7700

HP Photosmart Essential 3.5

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

I.R.I.S. Desktop Search

Internet Explorer (Enable DEP)

J4680

JetClean

Junk Mail filter update

L7700

Malwarebytes Anti-Malware version 2.0.2.1012

MarketResearch

MC160 Scanner English Driver for 64 Bit Operating System

McAfee SecurityCenter

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Camera Codec Pack

Microsoft Corporation

Microsoft LifeCam

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft OneDrive

Microsoft Outlook Hotmail Connector 64-bit

Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

MotoHelper MergeModules

Movie Maker

MPM

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

NVIDIA 3D Vision Controller Driver 337.88

NVIDIA 3D Vision Driver 337.88

NVIDIA Control Panel 337.88

NVIDIA GeForce Experience 2.0.1

NVIDIA Graphics Driver 337.88

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.1220

NVIDIA ShadowPlay 12.4.67

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 12.4.67

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.23

OCR Software by I.R.I.S. 14.0

OKI MC160 User's Guide

OKI MC160n Scanner

OKI Scanner Utility for MC160n

OKI Setup Utility for MC160n

PDFill FREE PDF Tools

Photo Common

Photo Gallery

ProductContext

PSE10 STI Installer

Puran Utilities 3.0

Readiris Pro 11

Registry Repair 4.1.0.388

Scan

ScanSoft PaperPort 11

 



#9 latinausa2

latinausa2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 13 July 2014 - 06:41 AM

Here's the DDS Log:  2nd half

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Shared C Run-time for x64

SHIELD Streaming

Skype™ 6.16

SmartWebPrinting

SolutionCenter

Spybot - Search & Destroy

Status

SUPERAntiSpyware

swMSM

Toolbox

TrayApp

TurboTax 2010

TurboTax 2010 wiliper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

TurboTax 2012

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wrapper

UnloadSupport

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Movie Maker 2.6

Windows XP Mode

Wise Care 365 3.12

Wise Care 365 version 2.87

Yahoo! Toolbar

.

==== End Of File ============

 



#10 latinausa2

latinausa2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 13 July 2014 - 07:07 AM

Results from Farbar Scan:

 

 

FIRST Result:

 

LastRegBack: 2014-07-06 02:04

==================== End Of Log ============================



#11 latinausa2

latinausa2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 13 July 2014 - 07:08 AM

Results from Farbar Scan (Attach file)

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2014

Ran by Latina at 2014-07-13 06:57:13

Running from C:\Users\Latina\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

4660_4680_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

7500_7600_7700_Help1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)

Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)

Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)

Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)

Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.5.4.0 - Auslogics Labs Pty Ltd)

Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)

bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)

BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden

Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)

Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden

Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)

Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.28 - NCH Software)

F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )

Free Word Excel PowerPoint to Pdf Converter 5.8 (HKLM-x32\...\Free Word Excel PowerPoint to Pdf Converter_is1) (Version:  - Word-Pdf-Convert Software, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Greeting Card Factory Photo Card Maker (HKLM-x32\...\{9C627F78-DBB9-4293-AA89-E83119C39CE9}) (Version: 1.0.0.5 - Nova Development)

HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)

HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP OfficeJet J4600 All-In-One Series (HKLM\...\{4945F319-A24D-454C-A411-F3689987315D}) (Version: 14.0 - HP)

HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}) (Version: 14.0 - HP)

HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)

HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)

HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

I.R.I.S. Desktop Search (HKLM-x32\...\I.R.I.S. Desktop Search) (Version:  - I.R.I.S S.A)

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )

J4680 (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

L7700 (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden

MC160 Scanner English Driver for 64 Bit Operating System (HKLM-x32\...\{38BC5941-AF94-45F5-A0FB-257F1E3D4943}) (Version: 1.00.0000 - OKI® Printing Solutions)

McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)

Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden

Microsoft Corporation (x32 Version: 9.0.30729.1 - Microsoft Corporation) Hidden

Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)

Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-007A-0409-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MPM (HKLM-x32\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden

Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)

NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden

NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)

NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden

NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

OKI MC160 User's Guide (HKLM-x32\...\OKI MC160 User's Guide) (Version:  - )

OKI MC160n Scanner (HKLM-x32\...\InstallShield_{DC0F0A10-182E-43A9-AAA4-830C3C6701BF}) (Version:  - )

OKI MC160n Scanner (Version: 1.01.0000 - Okidata) Hidden

OKI Scanner Utility for MC160n (HKLM-x32\...\{6BD2E303-7B46-473B-A606-8DB028EB6490}) (Version: 1.1.3.28 - Okidata)

OKI Setup Utility for MC160n (HKLM-x32\...\{3734884D-BED6-4B4D-8946-5EEE4635C151}) (Version: 1.00.0000 - Okidata)

PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 11.0 - PlotSoft LLC)

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Puran Utilities 3.0 (HKLM\...\Puran Utilities_is1) (Version:  - Puran Software)

Readiris Pro 11 (HKLM-x32\...\{7C2B745A-E7F1-41F1-B9BB-3DDB8D52E4CE}) (Version: 11.00.4815 - I.R.I.S.)

Registry Repair 4.1.0.388 (HKLM-x32\...\Registry Repair) (Version: 4.1.0.388 - Glarysoft Ltd)

Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden

ScanSoft PaperPort 11 (HKLM-x32\...\{393A619D-23FC-483D-A4B1-49F177E8762F}) (Version: 11.2.0000 - Nuance Communications, Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)

Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)

TurboTax 2010 wiliper (x32 Version: 010.000.1836 - Intuit Inc.) Hidden

TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.5821 - Intuit Inc.) Hidden

TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0501 - Intuit Inc.) Hidden

TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0222 - Intuit Inc.) Hidden

TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden

TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)

TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.3351 - Intuit Inc.) Hidden

TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0496 - Intuit Inc.) Hidden

TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0222 - Intuit Inc.) Hidden

TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden

TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden

TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden

TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden

TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden

UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)

Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

Wise Care 365 3.12 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.12 - WiseCleaner.com, Inc.)

Wise Care 365 version 2.87 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.87 - WiseCleaner.com, Inc.)

Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

05-07-2014 09:06:47 Windows Backup

05-07-2014 09:50:56 Removed Sophos Virus Removal Tool.

05-07-2014 09:52:56 Removed Sophos Virus Removal Tool.

05-07-2014 10:08:52 Windows Update

05-07-2014 10:16:59 Manual after restoring from infected drive. No Artemis found

06-07-2014 03:12:50 Microsoft Antimalware Checkpoint

06-07-2014 03:20:15 McAfee Vulnerability Scanner

07-07-2014 07:20:48 Installed HiJackThis

13-07-2014 08:17:20 McAfee Vulnerability Scanner

13-07-2014 08:27:21 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {06D769F7-7A7F-4EF0-9F20-AFFA46B1261D} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3fdf5d62-bd74-4ccb-a669-92cca7673c3a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

Task: {13B629EB-07D0-49D7-94DD-ECD14C2FC6EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {18917E80-FF5B-48B7-B9B2-8AEFF4FEF2AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-27] (Adobe Systems Incorporated)

Task: {1C54FBC0-90BD-41AE-883E-F6BBC187FD53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30] (Google Inc.)

Task: {30003860-5134-42E6-811B-082A61774714} - System32\Tasks\Microsoft_Hardware_Launch_LifeExp_exe => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2010-05-20] (Microsoft Corporation)

Task: {71405C46-92B3-490B-8A8B-A9E81CA46E91} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {8C1FC453-7455-4742-8F03-2BCF172E27BE} - System32\Tasks\SUPERAntiSpyware Scheduled Task b8ece886-5383-4c5b-8f63-2cf1f9ded840 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

Task: {95B511CD-EBCC-4190-89DA-D8C9C44669B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {C0B13AC4-C2D8-42CC-8845-A7C27ABCC64C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30] (Google Inc.)

Task: {C361A39F-FDF1-4F89-9201-58AB00F24CCD} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)

Task: {D03BAD70-1F54-4060-9FF5-F6C87F6C69DD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3fdf5d62-bd74-4ccb-a669-92cca7673c3a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b8ece886-5383-4c5b-8f63-2cf1f9ded840.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-09-09 18:05 - 2013-09-09 18:05 - 00076800 _____ () C:\Windows\System32\OFAXMON.DLL

2013-09-09 18:17 - 2013-09-09 18:05 - 00089088 _____ () C:\Windows\system32\spool\PRTPROCS\x64\OFAXPPR.DLL

2009-11-11 06:28 - 2009-11-11 06:28 - 00079872 _____ () C:\Windows\system32\M160_WDV.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-07-13 04:19 - 2014-07-13 04:19 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: !SASCORE => 2

MSCONFIG\Services: a2AntiMalware => 2

MSCONFIG\Services: AdobeActiveFileMonitor10.0 => 2

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AeLookupSvc => 3

MSCONFIG\Services: BackupStack => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: IntuitUpdateService => 2

MSCONFIG\Services: IntuitUpdateServiceV4 => 2

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: MotoHelper => 2

MSCONFIG\Services: NvNetworkService => 2

MSCONFIG\Services: NvStreamSvc => 2

MSCONFIG\Services: nvsvc => 2

MSCONFIG\Services: SDScannerService => 2

MSCONFIG\Services: SDUpdateService => 2

MSCONFIG\Services: SDWSCService => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Stereo Service => 2

MSCONFIG\Services: WiseBootAssistant => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Latina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

MSCONFIG\startupreg: emsisoft anti-malware => "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

MSCONFIG\startupreg: ReminderApp => C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe

MSCONFIG\startupreg: Scanner Utility for MC160n => C:\Program Files (x86)\Okidata\Scanner Utility for MC160n\lm160n.exe -startup

MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

MSCONFIG\startupreg: SkyDrive => "C:\Users\Latina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (07/13/2014 04:01:13 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005

 

Error: (07/13/2014 03:14:38 AM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location L:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (07/07/2014 01:41:28 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

 

Error: (07/07/2014 00:27:06 AM) (Source: MsiInstaller) (EventID: 10005) (User: LATINA-PC)

Description: Product: Microsoft Fix it 50541 -- This Microsoft Fix it does not apply to your system.

 

Error: (07/07/2014 00:17:54 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: NvBackend.exe, version: 12.4.67.0, time stamp: 0x535fafd9

Faulting module name: nvapi.dll_unloaded, version: 0.0.0.0, time stamp: 0x537a8d9c

Exception code: 0xc0000005

Fault offset: 0x6e078080

Faulting process id: 0xd84

Faulting application start time: 0xNvBackend.exe0

Faulting application path: NvBackend.exe1

Faulting module path: NvBackend.exe2

Report Id: NvBackend.exe3

 

Error: (07/06/2014 07:31:12 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location L:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (07/06/2014 07:27:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: SHELL32.dll, version: 6.1.7601.18429, time stamp: 0x5330ecd9

Exception code: 0xc0000005

Fault offset: 0x0000000000050506

Faulting process id: 0x24a8

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

 

Error: (07/06/2014 07:23:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: SHELL32.dll, version: 6.1.7601.18429, time stamp: 0x5330ecd9

Exception code: 0xc0000005

Fault offset: 0x0000000000050506

Faulting process id: 0x8c8

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

 

Error: (07/05/2014 11:04:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: SHELL32.dll, version: 6.1.7601.18429, time stamp: 0x5330ecd9

Exception code: 0xc0000005

Fault offset: 0x0000000000050506

Faulting process id: 0xf28

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

 

Error: (07/05/2014 10:14:32 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location L:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

System errors:

=============

Error: (07/13/2014 06:15:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

 

Error: (07/13/2014 06:14:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

 

Error: (07/13/2014 06:14:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

 

Error: (07/13/2014 06:11:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

 

Error: (07/13/2014 06:11:53 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

 

Error: (07/13/2014 06:11:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

 

Error: (07/13/2014 06:11:14 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 6:08:47 AM on ‎7/‎13/‎2014 was unexpected.

 

Error: (07/13/2014 05:58:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

 

Error: (07/13/2014 05:57:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

 

Error: (07/13/2014 05:57:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error:

%%126

 

Microsoft Office Sessions:

=========================

Error: (07/13/2014 04:01:13 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005

 

Error: (07/13/2014 03:14:38 AM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: L:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

 

Error: (07/07/2014 01:41:28 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

 

Error: (07/07/2014 00:27:06 AM) (Source: MsiInstaller) (EventID: 10005) (User: LATINA-PC)

Description: Product: Microsoft Fix it 50541 -- This Microsoft Fix it does not apply to your system.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (07/07/2014 00:17:54 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: NvBackend.exe12.4.67.0535fafd9nvapi.dll_unloaded0.0.0.0537a8d9cc00000056e078080d8401cf997c9aa62180C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvapi.dll0c4310d8-0596-11e4-84c1-001fc62a8b69

 

Error: (07/06/2014 07:31:12 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: L:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

 

Error: (07/06/2014 07:27:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.184295330ecd9c0000005000000000005050624a801cf9979bf1c3442C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll84a061a7-056d-11e4-931f-0016449fbfa3

 

Error: (07/06/2014 07:23:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.184295330ecd9c000000500000000000505068c801cf997933a38d2aC:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dllf1e2f261-056c-11e4-931f-0016449fbfa3

 

Error: (07/05/2014 11:04:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.184295330ecd9c00000050000000000050506f2801cf98c71d95d447C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dlla8a922ec-04c2-11e4-a203-001fc62a8b69

 

Error: (07/05/2014 10:14:32 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: L:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

 

CodeIntegrity Errors:

===================================

  Date: 2014-06-24 14:50:18.546

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-24 14:50:18.024

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-24 14:50:17.689

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-24 14:41:37.813

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-24 14:41:37.588

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-24 14:41:37.325

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-24 14:30:40.003

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-24 14:30:39.786

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-24 14:30:39.468

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-06-24 14:29:06.407

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 65%

Total physical RAM: 4095.29 MB

Available physical RAM: 1423.29 MB

Total Pagefile: 8188.76 MB

Available Pagefile: 5541.38 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:455.85 GB) (Free:288.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.91 GB) (Free:1.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive e: (HP_Pavilion) (Fixed) (Total:465.76 GB) (Free:459.36 GB) NTFS

Drive f: (Jul 13 2014) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5AD93E96)

Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=10 GB) - (Type=0C)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 59B3588F)

Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#12 latinausa2

latinausa2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 13 July 2014 - 07:23 AM

Thank you for your time and consideration.  I sincerely appreciate any help and advice you can give.

 

Regards,

 

Latina



#13 latinausa2

latinausa2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 13 July 2014 - 08:05 AM

I accidentally ran combofix while trying to delete file as McAfee detected the Artemis virus in file.  Running DDS scans again in case It changed some data.  I couldn't stop it even with Task Manager...sorry.  Below are both the text and attach files.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.17126

Run by Latina at 7:45:38 on 2014-07-13

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2109 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\McAfee\MSC\McAPExe.exe

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe

C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe

C:\Program Files\McAfee\VirusScan\mcods.exe

C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.yahoo.com/

mStart Page = about:blank

mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: I.R.I.S. Desktop Search: {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files (x86)\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: I.R.I.S. Desktop Search: {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files (x86)\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll

EB: I.R.I.S. Desktop Search: {D5045198-55C2-46ED-87F4-17E31BE72A33} - C:\Program Files (x86)\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

dRunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

dRunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

dRunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

dRunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

uPolicies-Explorer: NoDriveTypeAutoRun = dword:221

uPolicies-Explorer: RestrictRun = dword:0

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: RestrictRun = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Open with &ZipScan - C:\PROGRA~2\ZIPSCA~1\zs_ie.htm

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{C2AD04C4-EBF8-41DD-9AFB-46A0782FA017} : DHCPNameServer = 192.168.1.254

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-mStart Page = about:blank

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-19 784760]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-19 346760]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-7-27 55856]

R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-6-27 26176]

R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-6-24 91352]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-8 328928]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-24 1809720]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-7-26 201304]

R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-11-8 178528]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-8 328928]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-8 328928]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-8 328928]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-8 328928]

R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-11-8 1041192]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-7-26 219752]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-7-26 189912]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-7-26 70592]

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-6-10 1192448]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-10 25816]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-24 122584]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-7-26 311856]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-7-26 522360]

R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-3-18 441264]

R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-19 40392]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-24 860472]

S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-6-27 71472]

S3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-6-27 57024]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-28 57840]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-6-19 197704]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-19 111616]

S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-24 63704]

S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-3-18 96592]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]

S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-19 18776]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-28 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-20 56832]

S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2013-7-27 16384]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-27 1255736]

S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]

S4 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-6-27 4725440]

S4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]

S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]

S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-19 1617696]

S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-19 21007192]

S4 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2013-11-12 292736]

S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-11 3921880]

S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-11 1042272]

S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-11 171416]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-19 413128]

S4 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2013-11-12 580232]

.

=============== Created Last 30 ================

.

2014-07-13 10:19:34       75888    ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2CCC385B-70B3-4792-851A-13DD32375AD1}\offreg.dll

2014-07-13 09:51:56       --------   d-----w- C:\FRST

2014-07-13 09:20:58       64           --s-a-w-               C:\Windows\ttyxa.sys

2014-07-13 09:19:17       --------   d-----w- C:\Program Files (x86)\NCH Software

2014-07-13 09:10:26       --------   d-----w- C:\Program Files (x86)\ZipScan Evaluation

2014-07-13 08:29:51       10779000            ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2CCC385B-70B3-4792-851A-13DD32375AD1}\mpengine.dll

2014-07-07 07:23:34       388096  ----a-r-               C:\Users\Latina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2014-07-07 07:23:34       --------   d-----w- C:\Program Files (x86)\Trend Micro

2014-07-07 05:28:56       10779000            ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-07-07 00:32:32       --------   d-sh--w-               C:\$RECYCLE.BIN

2014-07-05 12:12:13       --------   d-----w- C:\Windows\SysWow64\tempdir

2014-07-05 12:12:03       --------   d-----w- C:\Program Files (x86)\Free Word Excel PowerPoint to Pdf Converter

2014-07-05 12:11:12       --------   d-----w- C:\ProgramData\PlotSoft

2014-07-05 12:11:12       --------   d-----w- C:\Program Files (x86)\PlotSoft

2014-06-28 22:15:08       20312    ----a-w- C:\Windows\System32\roboot64.exe

2014-06-28 22:15:02       --------   d-----w- C:\Users\Latina\AppData\Roaming\systweak

2014-06-28 22:09:10       --------   d-----w- C:\ProgramData\Doctor Web

2014-06-28 22:09:06       --------   d-----w- C:\Users\Latina\Doctor Web

2014-06-28 22:02:49       --------   d-----w- C:\Program Files (x86)\Common Files\Bitdefender

2014-06-28 04:41:57       --------   d-----w- C:\ProgramData\Sophos

2014-06-28 04:23:26       --------   d-----w- C:\ProgramData\Emsisoft

2014-06-27 22:19:14       --------   d-----w- C:\ProgramData\Licenses

2014-06-27 22:18:57       129872  ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2014-06-24 08:38:41       122584  ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-06-24 08:38:25       91352    ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-06-24 08:38:25       63704    ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-06-24 08:38:15       --------   d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-24 08:18:12       --------   d-----w- C:\ProgramData\Kaspersky Lab

2014-06-20 23:19:45       53248    ----a-r-               C:\Users\Latina\AppData\Roaming\Microsoft\Installer\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}\ARPPRODUCTICON.exe

2014-06-20 17:08:15       6574592              ----a-w- C:\Windows\System32\mstscax.dll

2014-06-20 17:08:15       5694464              ----a-w- C:\Windows\SysWow64\mstscax.dll

2014-06-20 17:08:07       940032  ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-06-20 08:55:05       44544    ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

2014-06-20 08:45:24       1030144              ----a-w- C:\Windows\System32\TSWorkspace.dll

2014-06-20 08:45:23       792576  ----a-w- C:\Windows\SysWow64\TSWorkspace.dll

2014-06-20 03:16:50       511328  ----a-w- C:\Windows\System32\d3dx10_43.dll

2014-06-20 03:16:50       470880  ----a-w- C:\Windows\SysWow64\d3dx10_43.dll

2014-06-20 03:16:50       2401112              ----a-w- C:\Windows\System32\D3DX9_43.dll

2014-06-20 03:16:50       1998168              ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2014-06-20 03:16:32       1225920              ----a-w- C:\Windows\System32\nvspcap64.dll

2014-06-20 03:16:32       1081112              ----a-w- C:\Windows\SysWow64\nvspcap.dll

2014-06-20 03:16:22       --------   d-----w- C:\Users\Latina\AppData\Local\NVIDIA Corporation

2014-06-20 03:16:21       --------   d-----w- C:\Users\Latina\AppData\Local\NVIDIA

2014-06-20 03:14:55       601432  ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2014-06-20 03:14:42       --------   d-----w- C:\Program Files (x86)\NVIDIA Corporation

2014-06-20 03:14:09       3774821              ----a-w- C:\Windows\System32\nvcoproc.bin

2014-06-20 03:09:15       --------   d-----w- C:\NVIDIA

2014-06-20 02:11:20       --------   d-----w- C:\Program Files (x86)\Auslogics

2014-06-20 02:02:56       --------   d-----w- C:\Windows\en

2014-06-20 01:53:11       6081224              -c--a-w-               C:\Program Files (x86)\Common Files\Windows Live\.cache\644503201cf8c2a01\onedrivesetup.exe

2014-06-20 01:19:55       --------   d-----w- C:\Program Files (x86)\Movie Maker 2.6

2014-06-20 00:00:12       167424  ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2014-06-20 00:00:12       164864  ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2014-06-20 00:00:12       12625920            ----a-w- C:\Windows\System32\wmploc.DLL

2014-06-20 00:00:11       12625408            ----a-w- C:\Windows\SysWow64\wmploc.DLL

2014-06-19 23:54:04       --------   d-----w- C:\Windows\Migration

2014-06-19 22:05:15       497152  ----a-w- C:\Windows\System32\drivers\afd.sys

2014-06-19 22:05:09       335360  ----a-w- C:\Windows\System32\msieftp.dll

2014-06-19 22:05:09       301568  ----a-w- C:\Windows\SysWow64\msieftp.dll

2014-06-19 22:03:03       1474048              ----a-w- C:\Windows\System32\crypt32.dll

2014-06-19 22:03:01       1168384              ----a-w- C:\Windows\SysWow64\crypt32.dll

2014-06-19 22:01:27       2048      ----a-w- C:\Windows\SysWow64\tzres.dll

2014-06-19 22:01:27       2048      ----a-w- C:\Windows\System32\tzres.dll

2014-06-19 21:59:56       465920  ----a-w- C:\Windows\System32\WMPhoto.dll

2014-06-19 21:59:56       417792  ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2014-06-19 21:59:52       81408    ----a-w- C:\Windows\System32\imagehlp.dll

2014-06-19 21:59:51       159232  ----a-w- C:\Windows\SysWow64\imagehlp.dll

2014-06-19 21:59:32       228864  ----a-w- C:\Windows\System32\wwansvc.dll

2014-06-19 21:56:10       484864  ----a-w- C:\Windows\System32\wer.dll

2014-06-19 21:56:09       381440  ----a-w- C:\Windows\SysWow64\wer.dll

2014-06-19 21:28:47       1903552              ----a-w- C:\Windows\System32\drivers\tcpip.sys

2014-06-19 21:28:46       376768  ----a-w- C:\Windows\System32\drivers\netio.sys

2014-06-19 21:28:46       288192  ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2014-06-19 21:28:37       1882112              ----a-w- C:\Windows\System32\msxml3.dll

2014-06-19 21:28:36       2002432              ----a-w- C:\Windows\System32\msxml6.dll

2014-06-19 21:28:34       1237504              ----a-w- C:\Windows\SysWow64\msxml3.dll

2014-06-19 21:28:32       1389056              ----a-w- C:\Windows\SysWow64\msxml6.dll

2014-06-19 21:28:31       2048      ----a-w- C:\Windows\SysWow64\msxml6r.dll

2014-06-19 21:28:31       2048      ----a-w- C:\Windows\System32\msxml6r.dll

2014-06-19 21:28:30       2048      ----a-w- C:\Windows\SysWow64\msxml3r.dll

2014-06-19 21:28:30       2048      ----a-w- C:\Windows\System32\msxml3r.dll

2014-06-19 21:26:25       3156480              ----a-w- C:\Windows\System32\win32k.sys

2014-06-19 21:26:17       230400  ----a-w- C:\Windows\System32\drivers\portcls.sys

2014-06-19 21:26:17       116736  ----a-w- C:\Windows\System32\drivers\drmk.sys

2014-06-19 21:26:13       801280  ----a-w- C:\Windows\System32\usp10.dll

2014-06-19 21:26:13       626688  ----a-w- C:\Windows\SysWow64\usp10.dll

2014-06-19 21:21:33       1930752              ----a-w- C:\Windows\System32\authui.dll

2014-06-19 21:21:33       1796096              ----a-w- C:\Windows\SysWow64\authui.dll

2014-06-19 21:21:32       197120  ----a-w- C:\Windows\System32\credui.dll

2014-06-19 21:21:32       190464  ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2014-06-19 21:21:32       152576  ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2014-06-19 21:21:31       168960  ----a-w- C:\Windows\SysWow64\credui.dll

2014-06-19 21:20:20       53248    ----a-w- C:\Windows\System32\drivers\usbehci.sys

2014-06-19 21:20:20       325120  ----a-w- C:\Windows\System32\drivers\usbport.sys

2014-06-19 21:20:19       99840    ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2014-06-19 21:20:19       343040  ----a-w- C:\Windows\System32\drivers\usbhub.sys

2014-06-19 21:20:19       30720    ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2014-06-19 21:20:19       25600    ----a-w- C:\Windows\System32\drivers\usbohci.sys

2014-06-19 21:20:18       7808      ----a-w- C:\Windows\System32\drivers\usbd.sys

2014-06-19 21:20:12       3928064              ----a-w- C:\Windows\System32\d2d1.dll

2014-06-19 21:20:12       2565120              ----a-w- C:\Windows\System32\d3d10warp.dll

2014-06-19 21:20:12       1987584              ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2014-06-19 21:20:11       3419136              ----a-w- C:\Windows\SysWow64\d2d1.dll

2014-06-19 21:18:59       404480  ----a-w- C:\Windows\System32\gdi32.dll

2014-06-19 21:18:58       311808  ----a-w- C:\Windows\SysWow64\gdi32.dll

2014-06-19 21:18:41       274880  ----a-w- C:\Windows\System32\drivers\msiscsi.sys

2014-06-19 21:18:41       190912  ----a-w- C:\Windows\System32\drivers\storport.sys

2014-06-19 21:18:40       27584    ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2014-06-19 21:18:40       2048      ----a-w- C:\Windows\SysWow64\iologmsg.dll

2014-06-19 21:18:39       2048      ----a-w- C:\Windows\System32\iologmsg.dll

2014-06-19 21:17:57       16384    ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

2014-06-19 21:17:56       3178496              ----a-w- C:\Windows\System32\rdpcorets.dll

2014-06-19 21:17:45       1424384              ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-06-19 21:17:44       1230336              ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-06-19 21:17:17       859648  ----a-w- C:\Windows\System32\IKEEXT.DLL

2014-06-19 21:17:17       324096  ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2014-06-19 21:17:16       830464  ----a-w- C:\Windows\System32\nshwfp.dll

2014-06-19 21:17:12       216576  ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2014-06-19 21:17:11       656896  ----a-w- C:\Windows\SysWow64\nshwfp.dll

2014-06-19 21:07:32       506368  ----a-w- C:\Windows\System32\aepdu.dll

2014-06-19 21:07:31       424448  ----a-w- C:\Windows\System32\aeinv.dll

2014-06-19 21:05:02       197704  ----a-w- C:\Windows\System32\drivers\HipShieldK.sys

.

==================== Find3M  ====================

.

2014-06-27 23:47:26       699056  ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-06-27 23:47:25       71344    ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-05-20 02:44:03       9735256              ----a-w- C:\Windows\SysWow64\nvcuda.dll

2014-05-20 01:25:42       6769096              ----a-w- C:\Windows\System32\nvcpl.dll

2014-05-20 01:25:42       3514144              ----a-w- C:\Windows\System32\nvsvc64.dll

2014-05-20 01:25:39       927520  ----a-w- C:\Windows\System32\nvvsvc.exe

2014-05-20 01:25:38       62808    ----a-w- C:\Windows\System32\nvshext.dll

2014-05-20 01:25:38       387528  ----a-w- C:\Windows\System32\nvmctray.dll

2014-05-12 12:25:56       25816    ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-04-15 07:34:10       1070232              ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

.

============= FINISH:  7:50:57.97 ===============

 

 

DDS Attach File

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 7/26/2013 9:43:08 PM

System Uptime: 7/13/2014 6:10:45 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. |  | Benicia

Processor: Intel® Core™2 Quad CPU    Q6700  @ 2.66GHz | CPU 1 | 2667/267mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 456 GiB total, 288.73 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 1.308 GiB free.

E: is FIXED (NTFS) - 466 GiB total, 459.361 GiB free.

F: is CDROM (UDF)

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP362: 7/5/2014 4:06:47 AM - Windows Backup

RP363: 7/5/2014 4:50:56 AM - Removed Sophos Virus Removal Tool.

RP364: 7/5/2014 4:52:56 AM - Removed Sophos Virus Removal Tool.

RP365: 7/5/2014 5:08:52 AM - Windows Update

RP366: 7/5/2014 5:16:59 AM - Manual after restoring from infected drive. No Artemis found

RP368: 7/5/2014 10:12:50 PM - Microsoft Antimalware Checkpoint

RP369: 7/5/2014 10:20:15 PM - McAfee Vulnerability Scanner

RP370: 7/7/2014 2:20:48 AM - Installed HiJackThis

RP371: 7/13/2014 3:17:20 AM - McAfee Vulnerability Scanner

RP372: 7/13/2014 3:27:21 AM - Windows Update

.

==== Installed Programs ======================

.

4660_4680_Help

64 Bit HP CIO Components Installer

7500_7600_7700_Help1

Adobe Community Help

Adobe Flash Player 14 ActiveX

Adobe Photoshop Elements 10

Adobe Photoshop.com Inspiration Browser

Adobe Reader XI (11.0.07)

Adobe Shockwave Player 12.0

Auslogics Registry Cleaner

Avery Wizard 5.0

bpd_scan

bpd_scan_Carrier

BPDSoftware

BPDSoftware_Ini

Brother Driver Deployment Wizard

BufferChm

Copy

Corel Applications

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DJ_AIO_03_F4200_Software_Min

DocMgr

DocProc

Elements 10 Organizer

Emsisoft Anti-Malware

Express Zip

F4200

Fax

Free Window Registry Repair

Free Word Excel PowerPoint to Pdf Converter 5.8

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Greeting Card Factory Photo Card Maker

HiJackThis

HP Customer Participation Program 14.0

HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3

HP Document Manager 2.0

HP Imaging Device Functions 14.0

HP OfficeJet J4600 All-In-One Series

HP OfficeJet L7300/L7500/7600/7700

HP Photosmart Essential 3.5

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

I.R.I.S. Desktop Search

Internet Explorer (Enable DEP)

J4680

JetClean

Junk Mail filter update

L7700

Malwarebytes Anti-Malware version 2.0.2.1012

MarketResearch

MC160 Scanner English Driver for 64 Bit Operating System

McAfee SecurityCenter

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Camera Codec Pack

Microsoft Corporation

Microsoft LifeCam

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft OneDrive

Microsoft Outlook Hotmail Connector 64-bit

Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

MotoHelper MergeModules

Movie Maker

MPM

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

NVIDIA 3D Vision Controller Driver 337.88

NVIDIA 3D Vision Driver 337.88

NVIDIA Control Panel 337.88

NVIDIA GeForce Experience 2.0.1

NVIDIA Graphics Driver 337.88

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.1220

NVIDIA ShadowPlay 12.4.67

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 12.4.67

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.23

OCR Software by I.R.I.S. 14.0

OKI MC160 User's Guide

OKI MC160n Scanner

OKI Scanner Utility for MC160n

OKI Setup Utility for MC160n

PDFill FREE PDF Tools

Photo Common

Photo Gallery

ProductContext

PSE10 STI Installer

Puran Utilities 3.0

Readiris Pro 11

Registry Repair 4.1.0.388

Scan

ScanSoft PaperPort 11

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Shared C Run-time for x64

SHIELD Streaming

Skype™ 6.16

SmartWebPrinting

SolutionCenter

Spybot - Search & Destroy

Status

SUPERAntiSpyware

swMSM

Toolbox

TrayApp

TurboTax 2010

TurboTax 2010 wiliper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

TurboTax 2012

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wrapper

UnloadSupport

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Movie Maker 2.6

Windows XP Mode

Wise Care 365 3.12

Wise Care 365 version 2.87

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/13/2014 6:15:25 AM, Error: Service Control Manager [7023]  - The HP Network Devices Support service terminated with the following error:  The specified module could not be found.

.

==== End Of File ===========================



#14 latinausa2

latinausa2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 AM

Posted 13 July 2014 - 09:27 AM

And here's an updated getsusp log:

 

<?xml version="1.0" encoding="utf-8"?>

<?xml-stylesheet type="text/xsl" href="Logs\GetSusp.xsl"?>

<!-- GetSusp Results -->

<GetSusp>

               <Preamble>

                              <product_name value="GetSusp" />

                              <version value="3.0.0.373" />

                              <date_run value="Sun Jul 13 08:27:00 2014" />

               </Preamble>

               <SystemInfo>

                              <osversion value="Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64-bit" />

                              <windir value="C:\Windows" />

                              <sysdir value="C:\Windows\system32" />

                              <computername value="LATINA-PC" />

               </SystemInfo>

               <CustomerInfo>

               </CustomerInfo>

               <scan-end-time value="Sun Jul 13 08:34:21 2014" />

               <Scan-Summary>

                              <Identified-Files value="1148" />

                              <Digitally-Signed value="1106" />

                              <Artemis value="28" />

                              <Known-Files-Database value="0" />

                              <Suspicious-Files value="14" />

                              <Not-Scanned value="0" />

               </Scan-Summary>

               <Preferences>

                              <Online value="1" />

                              <Silent value="0" />

                              <Contains-Sample value="1" />

                              <KFDB-Connected value="0" />

                              <Proxy-Enabled value="0" />

                              <Execution-Path value="C:\Users\Latina\Desktop\Antivirus Tools" />

                              <Zip-Path value="C:\Users\Latina\Desktop\Antivirus Tools" />

               </Preferences>

</GetSusp>



#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:04:36 AM

Posted 13 July 2014 - 05:19 PM

Please run FRST again and include the contents of FRST.txt in your next post. It looks like the first one you gave is incomplete.

 

As for the rest of your logs I will be addressing those in my next post (needs to be approved by my instructor first). :)

 

------------

 

Also, please describe what symptoms you are currently experiencing.


Edited by TheShooter93, 13 July 2014 - 05:49 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users