HP Mini notebook runs slow with many popups. I've managed to clear most bad stuff but...

Solved
By Astronerd
Nov 29, 2013
  1. HP Mini notebook runs slow with many popups. I've managed to get most of the malware killed but there is still something that is interfering with the proper operation. Here are the log files:
    Malwarebytes:

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.11.29.07
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16736
    Brenda :: BRENDA-PC [administrator]
    Protection: Enabled
    11/29/2013 7:47:07 PM
    mbam-log-2013-11-29 (19-47-07).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 192471
    Time elapsed: 41 minute(s), 35 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 1
    HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32| (Hijack.SHELL32) -> Bad: (\\?\globalroot\Device\HarddiskVolume2\Users\Brenda\AppData\Local\Temp\smkiemp\sdpxwsi\wow.dll) Good: (SHELL32.dll) -> Quarantined and repaired successfully.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    DDS:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16736
    Run by Brenda at 20:40:05 on 2013-11-29
    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.261 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\McAfee\MSC\McAPExe.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Office Depot PC Support Agent\esService.exe
    C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
    C:\Program Files\Office Depot PC Support Agent\escont.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
    C:\Program Files\McAfee\MAT\McPvTray.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    uRun: [Google Update] "c:\users\brenda\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
    mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{25AB198E-188A-4EF6-920D-F299DF409BC3} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{25AB198E-188A-4EF6-920D-F299DF409BC3}\553405357457563747 : DHCPNameServer = 10.11.0.52 10.0.3.6 10.0.3.9
    TCP: Interfaces\{BE92BCF0-0F52-4851-9EDB-E179CABC7890} : DHCPNameServer = 198.6.1.1 204.117.214.10
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer"
    mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2013-11-28 66296]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-11-22 571608]
    R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-11-22 213200]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2010-12-26 81920]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
    R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-28 281560]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-4-9 26168]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-28 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-28 701512]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2013-11-22 167784]
    R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-11-28 145088]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-28 281560]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-28 281560]
    R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-28 281560]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-28 281560]
    R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-11-28 638976]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-11-22 169320]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-11-22 172416]
    R2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\office depot pc support agent\esService.exe [2013-10-8 1005144]
    R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2010-5-12 331512]
    R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-11-22 60920]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-28 22856]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-11-22 235488]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-11-22 365256]
    R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-9-20 301248]
    R3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\drivers\qcfilterhp2k.sys [2010-5-12 5248]
    R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [2010-5-12 372224]
    R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [2010-5-12 190592]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2010-12-26 228896]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-12-26 233472]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
    R3 XPSVCOM;XPSVCOM;c:\windows\system32\drivers\XPSVCOM.sys [2010-6-1 12416]
    S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-4-5 103992]
    S2 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2013-11-22 167784]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\downlo~1\DMService.exe [2011-5-14 487312]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-11-28 147912]
    S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2013-11-22 203080]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-11-22 65928]
    S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-9-20 80656]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    .
    =============== Created Last 30 ================
    .
    2013-11-28 23:04:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-11-28 23:04:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-11-28 22:17:45 -------- d-----w- c:\users\brenda\appdata\local\McAfee File Lock
    2013-11-28 22:00:31 66296 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
    2013-11-28 21:58:59 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    2013-11-23 01:43:31 -------- d-----w- c:\users\brenda\appdata\local\McAfee Anti-Theft
    2013-11-23 01:41:19 365256 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2013-11-23 01:41:18 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2013-11-23 01:41:18 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2013-11-23 01:41:18 235488 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2013-11-23 01:40:57 -------- d-----w- c:\program files\common files\Mcafee
    2013-11-23 01:40:28 -------- d-----w- c:\program files\McAfee.com
    2013-11-23 01:39:56 -------- d-----w- c:\program files\McAfee
    2013-11-23 00:59:45 172416 ----a-w- c:\windows\system32\mfevtps.exe
    2013-11-23 00:53:42 213200 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2013-11-23 00:53:40 571608 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2013-11-23 00:53:39 133928 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2013-11-23 00:19:14 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4a7da894-0a3e-481e-b209-6711e3c9d86d}\mpengine.dll
    2013-11-23 00:13:30 7772552 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
    2013-11-19 00:15:37 -------- d-----w- c:\users\brenda\appdata\roaming\QuickScan
    2013-11-19 00:15:04 -------- d-----w- c:\users\brenda\appdata\roaming\OpswatLogs
    2013-11-19 00:10:18 -------- d-----w- C:\temp
    2013-11-19 00:06:22 -------- d-----w- c:\program files\Office Depot PC Support Agent
    2013-11-19 00:06:22 -------- d-----w- c:\program files\common files\supportsoft
    2013-11-16 20:15:06 -------- d-----w- c:\users\brenda\appdata\roaming\Malwarebytes
    2013-11-16 20:14:41 -------- d-----w- c:\programdata\Malwarebytes
    2013-11-16 20:14:15 -------- d-----w- c:\users\brenda\appdata\local\Programs
    2013-11-16 07:11:32 -------- d-----w- c:\users\brenda\appdata\roaming\SUPERAntiSpyware.com
    2013-11-16 07:10:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-11-16 07:10:14 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-11-16 06:02:27 -------- d-----w- c:\programdata\McAfee Security Scan
    2013-11-16 06:02:08 -------- d-----w- c:\program files\McAfee Security Scan
    2013-11-16 05:54:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2013-11-16 05:09:25 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-11-16 05:09:24 168960 ----a-w- c:\windows\system32\credui.dll
    2013-11-16 05:09:24 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    .
    ==================== Find3M ====================
    .
    2013-11-16 06:01:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-11-16 06:01:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-11-11 10:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
    2013-10-14 17:30:03 0 ----a-w- c:\windows\system32\sho737A.tmp
    2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll
    2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
    2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
    2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
    2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
    2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
    2013-09-30 11:35:53 0 ----a-w- c:\windows\system32\sho781B.tmp
    2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
    2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
    2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
    2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
    2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2013-09-20 14:37:40 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
    2013-09-20 14:37:24 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
    2013-09-20 14:37:10 301248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
    2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
    .
    ============= FINISH: 20:41:51.70 ===============
    attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Starter
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/17/2011 9:39:49 AM
    System Uptime: 11/29/2013 7:29:54 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 148A
    Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU | 1666/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 134 GiB total, 100.522 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.053 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: McAfee Inc. mfeapfk
    Device ID: ROOT\LEGACY_MFEAPFK\0000
    Manufacturer:
    Name: McAfee Inc. mfeapfk
    PNP Device ID: ROOT\LEGACY_MFEAPFK\0000
    Service: mfeapfk
    .
    ==== System Restore Points ===================
    .
    RP94: 11/16/2013 12:51:09 AM - Installed Java(TM) 6 Update 20
    RP95: 11/16/2013 3:00:50 AM - Windows Update
    RP96: 11/22/2013 7:12:08 PM - Windows Update
    RP97: 11/29/2013 7:43:40 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.5 MUI
    Adobe Shockwave Player
    ArcSoft WebCam Companion 3
    Atheros Driver Installation Program
    Bejeweled 2 Deluxe
    Bing Bar
    Blasterball 3
    Chuzzle Deluxe
    Circuit Construction Kit (DC Only)
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CyberLink DVD Suite
    Diner Dash 2 Restaurant Rescue
    Dream Chronicles
    ESU for Microsoft Windows 7
    Faerie Solitaire
    FATE
    Gem Shop
    Google Chrome
    Hewlett-Packard ACLM.NET v1.1.1.0
    HP CloudDrive
    HP Customer Experience Enhancements
    HP Documentation
    HP Game Console
    HP Games
    HP HomeBase
    HP Navigator
    HP Product Detection
    HP Quick Launch
    HP QuickSync
    HP Setup
    HP Software Framework
    HP Support Assistant
    HP Update
    HP Wireless Assistant
    IDT Audio
    Insaniquarium Deluxe
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Java Auto Updater
    Java(TM) 6 Update 20
    Jewel Match 2
    Jewel Quest II
    Jewel Quest Solitaire
    JoJo's Fashion Show
    Junk Mail filter update
    Loki Browser Plugin
    Mahjongg Artifacts
    Malwarebytes Anti-Malware version 1.75.0.1300
    McAfee Security Scan Plus
    McAfee Total Protection
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Forefront UAG endpoint components v4.0.0
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    Office Depot PC Support Agent
    Penguins!
    Plants vs. Zombies
    Polar Bowler
    Power2Go
    Qualcomm Gobi 2000 Package for HP
    Realtek Ethernet Controller Driver For Windows 7
    Realtek PCIE Card Reader
    Recovery Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Shared C Run-time for x86
    Skyhook Wireless XPS Service
    Slingo Deluxe
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Times Reader
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Virtual Villagers - The Secret City
    VZAccess Manager
    Wedding Dash
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/29/2013 7:53:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.
    11/29/2013 7:42:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
    11/29/2013 7:42:31 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/29/2013 7:42:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
    11/29/2013 7:38:14 PM, Error: Service Control Manager [7034] - The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s).
    11/29/2013 7:37:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
    11/29/2013 7:37:14 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/29/2013 7:36:44 PM, Error: Service Control Manager [7022] - The McAfee Home Network service hung on starting.
    11/29/2013 7:31:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfeapfk
    11/29/2013 7:31:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    11/29/2013 7:31:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee Platform Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee Home Network service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/28/2013 6:46:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.
    11/28/2013 6:46:21 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/22/2013 9:31:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
    11/22/2013 7:16:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.163.326.0).
    11/22/2013 6:57:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
    11/22/2013 6:55:59 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    11/22/2013 6:53:03 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    11/22/2013 6:53:02 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
    11/22/2013 6:49:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/22/2013 6:49:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    11/22/2013 6:49:27 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    It's been a while since you've been to malware removal forum but none the less you abandoned three topics in the past:
    http://www.techspot.com/community/t...am-load-slow-shutdown-etc.154480/#post-941904
    http://www.techspot.com/community/t...nd-disables-mouse-buttons.146505/#post-881028
    http://www.techspot.com/community/t...he-said-it-had-a-redirect-problem-but.142509/
    If it happens again you won't be eligible to receive any more help in malware removal forum.

    =================================================

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================

    You're infected with Alueron rootkit.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  3. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    I apologize for the abandonment of those three topics. It will not happen again.

    Should the scan tool close by itself or do I do that? Should I click on the "Fix" button?
    When loading these log files, Copy/Paste froze up multiple times.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2013
    Ran by Brenda (administrator) on BRENDA-PC on 30-11-2013 14:38:16
    Running from C:\Users\Brenda\Desktop
    Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal
    ==================== Processes (Whitelisted) ===================
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Support.com, Inc.) C:\Program Files\Office Depot PC Support Agent\esService.exe
    (QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Skyhook Wireless) C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    (Support.com, Inc.) C:\Program Files\Office Depot PC Support Agent\escont.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    (Zecter Inc.) C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    (Google Inc.) C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
    (Google Inc.) C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
    (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
    (Google Inc.) C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\MSM\McSmtFwk.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
    (Google Inc.) C:\Users\Brenda\AppData\Local\Google\Update\Install\{1D2978BC-2936-496D-963F-7903BEB47AFD}\31.0.1650.57_30.0.1599.101_chrome_updater.exe
    (Google Inc.) C:\Users\Brenda\AppData\Local\Temp\CR_D4F90.tmp\setup.exe
    (Farbar) C:\Users\Brenda\Desktop\FRST32.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
    (Microsoft Corporation) C:\Windows\System32\WerFault.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-10-13] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
    HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-24] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-04-15] (Synaptics Incorporated)
    HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [601144 2010-04-09] (Hewlett-Packard Company)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [ZumoDrive] - C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2038 2010-08-27] ()
    HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
    HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM\...\Run: [] - [x]
    HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-09-24] (McAfee, Inc.)
    HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-09-24] (McAfee, Inc.)
    HKCU\...\Run: [Google Update] - C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-12] (Google Inc.)
    HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-11-05] (SUPERAntiSpyware)
    HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess/Alureon?
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {AB720E55-013E-45EC-94DA-7FC03E84DB46} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKCU - DefaultScope {74FFB162-7355-4478-A81D-D5C259DC2100} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    SearchScopes: HKCU - {74FFB162-7355-4478-A81D-D5C259DC2100} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    SearchScopes: HKCU - {AB720E55-013E-45EC-94DA-7FC03E84DB46} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR RestoreOnStartup: "hxxp://www.google.com/"
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (MSN\u00AE Toolbar) - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll No File
    CHR Plugin: (Loki Plugin) - C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll No File
    CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
    CHR Extension: (YouTube) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (SiteAdvisor) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
    CHR Extension: (Google Wallet) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
    CHR Extension: (Gmail) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx
    CHR StartMenuInternet: Google Chrome - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
    ========================== Services (Whitelisted) =================
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
    S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [487312 2011-05-14] (Microsoft Corporation)
    S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [238328 2010-01-04] (WildTangent, Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
    R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26168 2010-04-09] ()
    R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145088 2013-09-24] (McAfee, Inc.)
    S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [203080 2011-01-28] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
    S2 McOobeSv; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [638976 2013-09-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-09-24] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-09-24] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 Office Depot PC Support Agent; C:\Program Files\Office Depot PC Support Agent\esService.exe [1005144 2013-10-08] (Support.com, Inc.)
    R2 QDLService2kHP; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe [331512 2010-05-12] (QUALCOMM, Inc.)
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-24] (IDT, Inc.)
    R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)
    R2 xpssvc; C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe [707400 2010-06-28] (Skyhook Wireless)
    ==================== Drivers (Whitelisted) ====================
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-09-24] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [66296 2013-09-09] (McAfee, Inc.)
    R0 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133928 2013-09-24] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235488 2013-09-24] (McAfee, Inc.)
    S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-09-24] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [365256 2013-09-24] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [571608 2013-09-24] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [301248 2013-09-20] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80656 2013-09-20] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213200 2013-09-24] (McAfee, Inc.)
    R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [5248 2010-05-12] (QUALCOMM Incorporated)
    R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [372224 2010-05-12] (QUALCOMM Incorporated)
    R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [190592 2010-05-12] (QUALCOMM Incorporated)
    R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [228896 2010-04-20] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 XPSVCOM; C:\Windows\System32\DRIVERS\XPSVCOM.sys [12416 2010-06-01] (Skyhook Wireless)
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-11-30 14:38 - 2013-11-30 14:42 - 00017909 _____ C:\Users\Brenda\Desktop\FRST.txt
    2013-11-30 14:36 - 2013-11-30 14:36 - 00000000 ____D C:\FRST
    2013-11-30 14:33 - 2013-11-30 14:10 - 01959070 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
    2013-11-30 14:32 - 2013-11-30 14:07 - 01092069 _____ (Farbar) C:\Users\Brenda\Desktop\FRST32.exe
    2013-11-29 20:42 - 2013-11-29 20:42 - 00011531 _____ C:\Users\Brenda\Desktop\attach.txt
    2013-11-29 20:42 - 2013-11-29 20:41 - 00020636 _____ C:\Users\Brenda\Desktop\dds.txt
    2013-11-29 19:50 - 2013-11-29 23:00 - 00019963 _____ C:\Windows\IE11_main.log
    2013-11-28 18:05 - 2013-11-28 18:05 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-11-28 18:04 - 2013-11-28 18:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-11-28 18:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2013-11-28 17:17 - 2013-11-28 17:17 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee File Lock
    2013-11-28 17:00 - 2013-09-09 11:11 - 00066296 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
    2013-11-28 16:58 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
    2013-11-22 20:50 - 2013-11-22 20:50 - 00262144 _____ C:\Windows\system32\config\ELAM
    2013-11-22 20:46 - 2013-11-30 14:34 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
    2013-11-22 20:43 - 2013-11-30 14:30 - 00000000 __RSD C:\Users\Brenda\Documents\McAfee Vaults
    2013-11-22 20:43 - 2013-11-22 20:43 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee Anti-Theft
    2013-11-22 20:41 - 2013-09-24 20:53 - 00060920 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
    2013-11-22 20:41 - 2013-09-24 20:44 - 00365256 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
    2013-11-22 20:41 - 2013-09-24 20:44 - 00065928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
    2013-11-22 20:41 - 2013-09-24 20:43 - 00235488 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
    2013-11-22 20:40 - 2013-11-28 18:42 - 00000000 ____D C:\Program Files\Common Files\Mcafee
    2013-11-22 20:40 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\McAfee.com
    2013-11-22 20:39 - 2013-11-28 18:42 - 00000000 ____D C:\Program Files\McAfee
    2013-11-22 19:59 - 2013-09-24 20:49 - 00172416 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
    2013-11-22 19:53 - 2013-09-24 20:49 - 00213200 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
    2013-11-22 19:53 - 2013-09-24 20:45 - 00571608 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
    2013-11-22 19:53 - 2013-09-24 20:42 - 00133928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
    2013-11-22 18:54 - 2013-11-22 18:54 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2013-11-18 19:21 - 2013-11-18 19:21 - 00000000 ____D C:\Users\Brenda\Documents\Office Depot PC Support Agent
    2013-11-18 19:15 - 2013-11-18 19:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\QuickScan
    2013-11-18 19:07 - 2013-11-18 19:07 - 00002186 _____ C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
    2013-11-18 19:06 - 2013-11-18 19:42 - 00000000 ____D C:\Program Files\Office Depot PC Support Agent
    2013-11-18 19:06 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Common Files\supportsoft
    2013-11-18 19:04 - 2013-11-18 19:05 - 07892896 _____ C:\Users\Brenda\Downloads\Office_Depot_PC_SupportAgent.exe
    2013-11-16 15:15 - 2013-11-16 15:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Malwarebytes
    2013-11-16 15:14 - 2013-11-16 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-11-16 13:26 - 2013-11-16 13:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300 (1).exe
    2013-11-16 13:21 - 2013-11-16 13:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300.exe
    2013-11-16 03:14 - 2013-10-12 02:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-11-16 03:14 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-11-16 03:14 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-11-16 03:14 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-11-16 03:14 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2013-11-16 03:13 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-11-16 02:11 - 2013-11-16 02:11 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
    2013-11-16 02:10 - 2013-11-16 02:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-11-16 02:10 - 2013-11-16 02:10 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2013-11-16 02:10 - 2013-11-16 02:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2013-11-16 02:09 - 2013-11-16 02:09 - 28504328 _____ (SUPERAntiSpyware) C:\Users\Brenda\Downloads\SUPERAntiSpyware.exe
    2013-11-16 01:02 - 2013-11-29 19:43 - 00000000 ____D C:\ProgramData\McAfee
    2013-11-16 01:02 - 2013-11-22 18:53 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2013-11-16 01:02 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2013-11-16 00:54 - 2010-04-12 17:29 - 00411368 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
    2013-11-16 00:54 - 2010-04-12 17:29 - 00153376 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
    2013-11-16 00:54 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
    2013-11-16 00:54 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
    2013-11-16 00:52 - 2013-11-16 00:53 - 00003285 _____ C:\Windows\system32\jupdate-1.6.0_20-b02.log
    2013-11-16 00:09 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
    2013-11-16 00:09 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2013-11-16 00:09 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2013-11-16 00:08 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2013-11-16 00:08 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2013-11-16 00:08 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2013-11-16 00:08 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2013-11-16 00:08 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2013-11-16 00:08 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2013-11-16 00:08 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2013-11-16 00:08 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2013-11-16 00:08 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2013-11-16 00:08 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2013-11-16 00:08 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2013-11-16 00:08 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2013-11-16 00:08 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2013-11-16 00:08 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2013-11-16 00:08 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2013-11-15 23:23 - 2013-11-30 14:24 - 00000784 _____ C:\Windows\setupact.log
    2013-11-15 23:23 - 2013-11-15 23:23 - 00000000 _____ C:\Windows\setuperr.log
    2013-11-02 09:53 - 2013-11-02 09:54 - 00000000 ____D C:\Users\Brenda\Documents\my story
    ==================== One Month Modified Files and Folders =======
    2013-11-30 14:42 - 2013-11-30 14:38 - 00017909 _____ C:\Users\Brenda\Desktop\FRST.txt
    2013-11-30 14:42 - 2010-12-26 09:39 - 01967146 _____ C:\Windows\WindowsUpdate.log
    2013-11-30 14:37 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-11-30 14:37 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-11-30 14:36 - 2013-11-30 14:36 - 00000000 ____D C:\FRST
    2013-11-30 14:36 - 2013-07-17 19:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-11-30 14:34 - 2013-11-22 20:46 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
    2013-11-30 14:34 - 2009-09-06 18:02 - 00189418 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-11-30 14:30 - 2013-11-22 20:43 - 00000000 __RSD C:\Users\Brenda\Documents\McAfee Vaults
    2013-11-30 14:29 - 2011-02-17 09:50 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\ZumoDrive
    2013-11-30 14:24 - 2013-11-15 23:23 - 00000784 _____ C:\Windows\setupact.log
    2013-11-30 14:24 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-11-30 14:21 - 2012-04-12 16:14 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000UA.job
    2013-11-30 14:18 - 2011-02-22 07:22 - 00210556 _____ C:\Windows\PFRO.log
    2013-11-30 14:10 - 2013-11-30 14:33 - 01959070 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
    2013-11-30 14:07 - 2013-11-30 14:32 - 01092069 _____ (Farbar) C:\Users\Brenda\Desktop\FRST32.exe
    2013-11-29 23:00 - 2013-11-29 19:50 - 00019963 _____ C:\Windows\IE11_main.log
    2013-11-29 21:33 - 2011-06-29 22:04 - 00007597 _____ C:\Users\Brenda\AppData\Local\Resmon.ResmonCfg
    2013-11-29 21:06 - 2011-02-17 09:39 - 00000000 ____D C:\Users\Brenda\AppData\Local\VirtualStore
    2013-11-29 20:42 - 2013-11-29 20:42 - 00011531 _____ C:\Users\Brenda\Desktop\attach.txt
    2013-11-29 20:41 - 2013-11-29 20:42 - 00020636 _____ C:\Users\Brenda\Desktop\dds.txt
    2013-11-29 19:43 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee
    2013-11-28 18:42 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\Common Files\Mcafee
    2013-11-28 18:42 - 2013-11-22 20:39 - 00000000 ____D C:\Program Files\McAfee
    2013-11-28 18:40 - 2013-04-24 06:37 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForBrenda.job
    2013-11-28 18:05 - 2013-11-28 18:05 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-11-28 18:05 - 2013-11-28 18:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-11-28 17:17 - 2013-11-28 17:17 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee File Lock
    2013-11-22 21:59 - 2010-12-26 09:54 - 00000000 ____D C:\Program Files\Skyhook Wireless
    2013-11-22 20:50 - 2013-11-22 20:50 - 00262144 _____ C:\Windows\system32\config\ELAM
    2013-11-22 20:46 - 2009-07-13 21:04 - 00000435 _____ C:\Windows\win.ini
    2013-11-22 20:43 - 2013-11-22 20:43 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee Anti-Theft
    2013-11-22 20:40 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\McAfee.com
    2013-11-22 19:02 - 2010-12-26 09:55 - 00000000 ____D C:\ProgramData\Norton
    2013-11-22 18:54 - 2013-11-22 18:54 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2013-11-22 18:53 - 2013-11-16 01:02 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2013-11-18 19:42 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Office Depot PC Support Agent
    2013-11-18 19:21 - 2013-11-18 19:21 - 00000000 ____D C:\Users\Brenda\Documents\Office Depot PC Support Agent
    2013-11-18 19:15 - 2013-11-18 19:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\QuickScan
    2013-11-18 19:07 - 2013-11-18 19:07 - 00002186 _____ C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
    2013-11-18 19:06 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Common Files\supportsoft
    2013-11-18 19:05 - 2013-11-18 19:04 - 07892896 _____ C:\Users\Brenda\Downloads\Office_Depot_PC_SupportAgent.exe
    2013-11-16 15:21 - 2012-04-12 16:14 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000Core.job
    2013-11-16 15:15 - 2013-11-16 15:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Malwarebytes
    2013-11-16 15:14 - 2013-11-16 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-11-16 13:26 - 2013-11-16 13:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300 (1).exe
    2013-11-16 13:21 - 2013-11-16 13:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300.exe
    2013-11-16 09:51 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
    2013-11-16 03:12 - 2013-08-15 10:22 - 00000000 ____D C:\Windows\system32\MRT
    2013-11-16 03:02 - 2011-06-29 22:20 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2013-11-16 02:11 - 2013-11-16 02:11 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
    2013-11-16 02:11 - 2013-11-16 02:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-11-16 02:10 - 2013-11-16 02:10 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2013-11-16 02:10 - 2013-11-16 02:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2013-11-16 02:09 - 2013-11-16 02:09 - 28504328 _____ (SUPERAntiSpyware) C:\Users\Brenda\Downloads\SUPERAntiSpyware.exe
    2013-11-16 02:07 - 2011-06-15 12:28 - 00000000 ____D C:\Users\Brenda\AppData\Local\Adobe
    2013-11-16 01:02 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2013-11-16 01:01 - 2013-07-17 19:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2013-11-16 01:01 - 2013-07-17 19:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2013-11-16 00:53 - 2013-11-16 00:52 - 00003285 _____ C:\Windows\system32\jupdate-1.6.0_20-b02.log
    2013-11-16 00:53 - 2010-08-27 18:50 - 00000000 ____D C:\Program Files\Java
    2013-11-15 23:23 - 2013-11-15 23:23 - 00000000 _____ C:\Windows\setuperr.log
    2013-11-11 05:50 - 2011-04-18 22:07 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2013-11-02 09:54 - 2013-11-02 09:53 - 00000000 ____D C:\Users\Brenda\Documents\my story
    Some content of TEMP:
    ====================
    C:\Users\Brenda\AppData\Local\Temp\swt-gdip-win32-3448.dll
    C:\Users\Brenda\AppData\Local\Temp\swt-win32-3448.dll
    C:\Users\Brenda\AppData\Local\Temp\WindowsAPI.dll

    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2013-11-16 09:30
    ==================== End Of Log ============================
  4. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    (Continued)


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-11-2013
    Ran by Brenda at 2013-11-30 14:44:16
    Running from C:\Users\Brenda\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
    ==================== Installed Programs ======================
    Acrobat.com (Version: 1.6.65)
    Adobe AIR (Version: 1.5.3.9130)
    Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
    Adobe Reader 9.5.5 MUI (Version: 9.5.5)
    Adobe Shockwave Player (Version: 11.5.1.601)
    ArcSoft WebCam Companion 3 (Version: 3.0.189)
    Atheros Driver Installation Program (Version: 9.0)
    Bejeweled 2 Deluxe (Version: 2.2.0.82)
    Bing Bar (Version: 7.2.241.0)
    Blasterball 3 (Version: 2.2.0.82)
    Chuzzle Deluxe (Version: 2.2.0.82)
    Circuit Construction Kit (DC Only)
    Cisco EAP-FAST Module (Version: 2.2.14)
    Cisco LEAP Module (Version: 1.0.19)
    Cisco PEAP Module (Version: 1.1.6)
    CyberLink DVD Suite (Version: 7.0.2529)
    Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
    Dream Chronicles (Version: 2.2.0.82)
    ESU for Microsoft Windows 7 (Version: 1.0.0)
    Faerie Solitaire (Version: 2.2.0.82)
    FATE (Version: 2.2.0.82)
    Gem Shop (Version: 2.2.0.82)
    Google Chrome (HKCU Version: 30.0.1599.101)
    Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
    HP CloudDrive
    HP Customer Experience Enhancements (Version: 6.0.1.4)
    HP Documentation (Version: 1.1.1.0)
    HP Game Console
    HP Games (Version: 1.0.0.80)
    HP HomeBase (Version: 3.2.2.70)
    HP Navigator (Version: 2.3.32)
    HP Product Detection (Version: 11.14.0001)
    HP Quick Launch (Version: 2.0.10)
    HP QuickSync (Version: 6.2.620.9550)
    HP Setup (Version: 8.1.4186.3400)
    HP Software Framework (Version: 3.5.20.1)
    HP Support Assistant (Version: 6.0.5.4)
    HP Update (Version: 5.003.001.001)
    HP Wireless Assistant (Version: 4.0.6.0)
    IDT Audio (Version: 1.0.6276.0)
    Insaniquarium Deluxe (Version: 2.2.0.82)
    Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117)
    Intel® Matrix Storage Manager
    Java Auto Updater (Version: 2.0.2.1)
    Java(TM) 6 Update 20 (Version: 6.0.200)
    Jewel Match 2 (Version: 2.2.0.82)
    Jewel Quest II (Version: 2.2.0.82)
    Jewel Quest Solitaire (Version: 2.2.0.82)
    JoJo's Fashion Show (Version: 2.2.0.82)
    Junk Mail filter update (Version: 14.0.8089.726)
    Loki Browser Plugin (Version: 3.3.3.29)
    Mahjongg Artifacts (Version: 2.2.0.82)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    McAfee Security Scan Plus (Version: 3.8.130.10)
    McAfee Total Protection (Version: 12.8.856)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6012.5000)
    Microsoft Choice Guard (Version: 2.0.48.0)
    Microsoft Forefront UAG endpoint components v4.0.0
    Microsoft Office 2010 (Version: 14.0.4763.1000)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
    Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
    Microsoft Silverlight (Version: 5.1.20913.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    MSVCRT (Version: 14.0.1468.721)
    Office Depot PC Support Agent (Version: 59.0.15.1)
    Penguins! (Version: 2.2.0.82)
    Plants vs. Zombies (Version: 2.2.0.82)
    Polar Bowler (Version: 2.2.0.82)
    Power2Go (Version: 6.1.3802)
    Qualcomm Gobi 2000 Package for HP (Version: 1.1.150)
    Realtek Ethernet Controller Driver For Windows 7 (Version: 7.11.1127.2009)
    Realtek PCIE Card Reader (Version: 6.1.7600.00046)
    Recovery Manager (Version: 5.5.2725)
    Shared C Run-time for x86 (Version: 10.0.0)
    Skyhook Wireless XPS Service (Version: 3.4.3.10)
    Slingo Deluxe (Version: 2.2.0.82)
    SUPERAntiSpyware (Version: 5.6.1042)
    Synaptics Pointing Device Driver (Version: 15.0.17.0)
    Times Reader (Version: 2.055)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
    Virtual Villagers - The Secret City (Version: 2.2.0.82)
    VZAccess Manager (Version: 7.3.10.1)
    Wedding Dash (Version: 2.2.0.82)
    Windows Live Call (Version: 14.0.8064.0206)
    Windows Live Communications Platform (Version: 14.0.8064.206)
    Windows Live Essentials (Version: 14.0.8089.0726)
    Windows Live Essentials (Version: 14.0.8089.726)
    Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
    Windows Live Mail (Version: 14.0.8089.0726)
    Windows Live Messenger (Version: 14.0.8089.0726)
    Windows Live Photo Gallery (Version: 14.0.8081.709)
    Windows Live Sync (Version: 14.0.8089.726)
    Windows Live Upload Tool (Version: 14.0.8014.1029)
    Windows Live Writer (Version: 14.0.8089.0726)
    Zuma Deluxe (Version: 2.2.0.82)
    ==================== Restore Points =========================
    16-11-2013 05:51:09 Installed Java(TM) 6 Update 20
    16-11-2013 08:00:50 Windows Update
    23-11-2013 00:12:08 Windows Update
    30-11-2013 00:43:40 Windows Update
    30-11-2013 01:46:49 Windows Update
    30-11-2013 03:54:47 Windows Update
    ==================== Hosts content: ==========================
    2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    Task: {00FB119A-83A2-4E8C-8184-51A9A00A6637} - System32\Tasks\JavaUpdateSched => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18] (Sun Microsystems, Inc.)
    Task: {09A62F01-D0E9-4A12-AF31-972AC8A46395} - System32\Tasks\HPCeeScheduleForBrenda => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
    Task: {4943C760-9574-40DC-8965-896D6836A9CA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {5841DE3C-5C07-47F8-BA81-05B34B7605C2} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
    Task: {6148BC8B-B30D-4E8C-99BB-5A6A60DF5022} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000UA => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
    Task: {6BF8A66C-D035-4691-8C81-902EBCB3EDAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
    Task: {B31A7428-1142-478F-AECE-F64CEDA38F7E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-16] (Adobe Systems Incorporated)
    Task: {B59373E8-D33F-44E6-98B6-597B66161259} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
    Task: {C7B98E9B-40C3-4175-BC1E-1DF0792500F0} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-23] ()
    Task: {E7B3C6B9-44D7-40D5-BB02-D7D50924E58C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
    Task: {F1E9F4B5-425D-4DDA-8D4E-2FF685C1E76D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000Core => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
    Task: {F4B0D189-3022-404E-9B5C-93967215A8D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
    Task: {F64C6905-92C2-4015-833E-06E793DC787A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000Core.job => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000UA.job => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForBrenda.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
    ==================== Loaded Modules (whitelisted) =============
    2013-11-15 23:54 - 2013-11-30 14:28 - 00198144 _____ () C:\Users\Brenda\AppData\Local\Temp\WindowsAPI.dll
    2013-11-30 14:29 - 2013-11-30 14:29 - 00379904 _____ () C:\Users\Brenda\AppData\Local\Temp\libsqlitejdbc-4691950578996762076.lib
    2010-04-05 13:11 - 2010-04-05 13:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
    2010-04-05 13:12 - 2010-04-05 13:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
    ==================== Alternate Data Streams (whitelisted) =========

    ==================== Safe Mode (whitelisted) ===================
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent => ""="Office Depot PC Support Agent"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Office Depot PC Support Agent => ""="Office Depot PC Support Agent"
    ==================== Faulty Device Manager Devices =============
    Name: McAfee Inc. mfeapfk
    Description: McAfee Inc. mfeapfk
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: mfeapfk
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (11/30/2013 02:37:20 PM) (Source: Application Error) (User: )
    Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7de31
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0067006f
    Faulting process id: 0xb18
    Faulting application start time: 0xMcSvHost.exe0
    Faulting application path: McSvHost.exe1
    Faulting module path: McSvHost.exe2
    Report Id: McSvHost.exe3
    Error: (11/30/2013 02:34:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
    Error: (11/30/2013 02:34:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
    Error: (11/29/2013 11:00:48 PM) (Source: uagqecsvc) (User: )
    Description: The Microsoft Forefront UAG Quarantine Enforcement Client component cannot retrieve the status of the Network Access Protection (NAP) Agent service.
    System error 1115: A system shutdown is in progress. (0x45b).
    When the Microsoft Forefront UAG Quarantine Enforcement Client component starts, it attempts to query settings for the NAP agent service.
    Error: (11/29/2013 09:03:27 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
    Error: (11/29/2013 09:03:27 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
    Error: (11/29/2013 08:55:21 PM) (Source: uagqecsvc) (User: )
    Description: The Microsoft Forefront UAG Quarantine Enforcement Client component cannot retrieve the status of the Network Access Protection (NAP) Agent service.
    System error 1115: A system shutdown is in progress. (0x45b).
    When the Microsoft Forefront UAG Quarantine Enforcement Client component starts, it attempts to query settings for the NAP agent service.
    Error: (11/29/2013 07:41:26 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
    Error: (11/29/2013 07:41:26 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
    Error: (11/29/2013 07:38:14 PM) (Source: Service1) (User: )
    Description: Service cannot be started. The service process could not connect to the service controller

    System errors:
    =============
    Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
    Description: The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
    Description: The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
    Description: The McAfee Platform Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
    Description: The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
    Description: The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
    Description: The McAfee Home Network service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Error: (11/30/2013 02:29:49 PM) (Source: DCOM) (User: )
    Description: {209500FC-6B45-4693-8871-6296C4843751}
    Error: (11/30/2013 02:29:39 PM) (Source: Service Control Manager) (User: )
    Description: The HP Wireless Assistant Service service failed to start due to the following error:
    %%1053
    Error: (11/30/2013 02:29:39 PM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.
    Error: (11/30/2013 02:28:40 PM) (Source: Service Control Manager) (User: )
    Description: The HP Support Assistant Service service failed to start due to the following error:
    %%1053

    Microsoft Office Sessions:
    =========================
    Error: (11/30/2013 02:37:20 PM) (Source: Application Error)(User: )
    Description: McSvHost.exe3.8.703.051f7de31unknown0.0.0.000000000c00000050067006fb1801ceee01df1235d3C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exeunknownd37057d9-59f6-11e3-aadb-00a0c6000000
    Error: (11/30/2013 02:34:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000
    Error: (11/30/2013 02:34:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: Performance16370700000E3500000000000009030000
    Error: (11/29/2013 11:00:48 PM) (Source: uagqecsvc)(User: )
    Description: 1115A system shutdown is in progress. (0x45b)
    Error: (11/29/2013 09:03:27 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000
    Error: (11/29/2013 09:03:27 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: Performance16370700005A3400000000000009030000
    Error: (11/29/2013 08:55:21 PM) (Source: uagqecsvc)(User: )
    Description: 1115A system shutdown is in progress. (0x45b)
    Error: (11/29/2013 07:41:26 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000
    Error: (11/29/2013 07:41:26 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: Performance1637070000A63300000000000009030000
    Error: (11/29/2013 07:38:14 PM) (Source: Service1)(User: )
    Description: Service cannot be started. The service process could not connect to the service controller

    ==================== Memory info ===========================
    Percentage of memory in use: 86%
    Total physical RAM: 1011.9 MB
    Available physical RAM: 136.04 MB
    Total Pagefile: 2035.9 MB
    Available Pagefile: 510.42 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1899.27 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:134.45 GB) (Free:100 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.3 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 149 GB) (Disk ID: C3EFE556)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=134 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
    ==================== End Of Log ============================
  5. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    IMPORTANT! Restart computer.

    Re-run FRST "Scan" one more time and post fresh log.

    Attached Files:

  6. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    Downloaded the txt file. Clicked the fix button. Accidentally ran the FIRST scan before restart. Restarted. Ran the FIRST scan but saw that there was a first.txt still in existence (thought I forgot to delete it so I deleted it while FIRTS was running). Knew I made a mistake. Re-ran FIRST. Here are the log files:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-11-2013
    Ran by Brenda at 2013-11-30 16:57:27 Run:1
    Running from C:\Users\Brenda\Desktop
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKLM\...\Run: [] - [x]
    HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess/Alureon?
    CHR Plugin: (Shockwave Flash) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
    CHR Plugin: (MSN\u00AE Toolbar) - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll No File
    CHR Plugin: (Loki Plugin) - C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll No File
    CHR Plugin: (Google Update) - C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
    *****************
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
    C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll not found.
    C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll not found.
    C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll not found.
    C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
    c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll not found.
    ==== End of Fixlog ====

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2013
    Ran by Brenda (administrator) on BRENDA-PC on 30-11-2013 17:42:08
    Running from C:\Users\Brenda\Desktop
    Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal
    ==================== Processes (Whitelisted) ===================
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Support.com, Inc.) C:\Program Files\Office Depot PC Support Agent\esService.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    (Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    (Zecter Inc.) C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Support.com, Inc.) C:\Program Files\Office Depot PC Support Agent\escont.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
    (Skyhook Wireless) C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    (Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Farbar) C:\Users\Brenda\Desktop\FRST32.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-10-13] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
    HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-24] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-04-15] (Synaptics Incorporated)
    HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [601144 2010-04-09] (Hewlett-Packard Company)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [ZumoDrive] - C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2038 2010-08-27] ()
    HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
    HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-09-24] (McAfee, Inc.)
    HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-09-24] (McAfee, Inc.)
    HKCU\...\Run: [Google Update] - C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-12] (Google Inc.)
    HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-11-05] (SUPERAntiSpyware)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {AB720E55-013E-45EC-94DA-7FC03E84DB46} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKCU - DefaultScope {74FFB162-7355-4478-A81D-D5C259DC2100} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    SearchScopes: HKCU - {74FFB162-7355-4478-A81D-D5C259DC2100} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    SearchScopes: HKCU - {AB720E55-013E-45EC-94DA-7FC03E84DB46} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR RestoreOnStartup: "hxxp://www.google.com/"
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (MSN\u00AE Toolbar) - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll No File
    CHR Plugin: (Loki Plugin) - C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll No File
    CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
    CHR Extension: (YouTube) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (SiteAdvisor) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
    CHR Extension: (Google Wallet) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
    CHR Extension: (Gmail) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx
    CHR StartMenuInternet: Google Chrome - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
    ========================== Services (Whitelisted) =================
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
    S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [487312 2011-05-14] (Microsoft Corporation)
    S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [238328 2010-01-04] (WildTangent, Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
    R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26168 2010-04-09] ()
    R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145088 2013-09-24] (McAfee, Inc.)
    S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [203080 2011-01-28] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
    S2 McOobeSv; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [638976 2013-09-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-09-24] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-09-24] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 Office Depot PC Support Agent; C:\Program Files\Office Depot PC Support Agent\esService.exe [1005144 2013-10-08] (Support.com, Inc.)
    R2 QDLService2kHP; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe [331512 2010-05-12] (QUALCOMM, Inc.)
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-24] (IDT, Inc.)
    R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)
    R2 xpssvc; C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe [707400 2010-06-28] (Skyhook Wireless)
    ==================== Drivers (Whitelisted) ====================
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-09-24] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [66296 2013-09-09] (McAfee, Inc.)
    R0 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133928 2013-09-24] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235488 2013-09-24] (McAfee, Inc.)
    S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-09-24] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [365256 2013-09-24] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [571608 2013-09-24] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [301248 2013-09-20] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80656 2013-09-20] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213200 2013-09-24] (McAfee, Inc.)
    R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [5248 2010-05-12] (QUALCOMM Incorporated)
    R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [372224 2010-05-12] (QUALCOMM Incorporated)
    R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [190592 2010-05-12] (QUALCOMM Incorporated)
    R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [228896 2010-04-20] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 XPSVCOM; C:\Windows\System32\DRIVERS\XPSVCOM.sys [12416 2010-06-01] (Skyhook Wireless)
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-11-30 14:38 - 2013-11-30 17:42 - 00017374 _____ C:\Users\Brenda\Desktop\FRST.txt
    2013-11-30 14:36 - 2013-11-30 14:36 - 00000000 ____D C:\FRST
    2013-11-30 14:33 - 2013-11-30 14:10 - 01959070 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
    2013-11-30 14:32 - 2013-11-30 14:07 - 01092069 _____ (Farbar) C:\Users\Brenda\Desktop\FRST32.exe
    2013-11-29 19:50 - 2013-11-29 23:00 - 00019963 _____ C:\Windows\IE11_main.log
    2013-11-28 18:05 - 2013-11-28 18:05 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-11-28 18:04 - 2013-11-28 18:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-11-28 18:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2013-11-28 17:17 - 2013-11-28 17:17 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee File Lock
    2013-11-28 17:00 - 2013-09-09 11:11 - 00066296 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
    2013-11-28 16:58 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
    2013-11-22 20:50 - 2013-11-22 20:50 - 00262144 _____ C:\Windows\system32\config\ELAM
    2013-11-22 20:46 - 2013-11-30 17:33 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
    2013-11-22 20:43 - 2013-11-30 17:30 - 00000000 __RSD C:\Users\Brenda\Documents\McAfee Vaults
    2013-11-22 20:43 - 2013-11-22 20:43 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee Anti-Theft
    2013-11-22 20:41 - 2013-09-24 20:53 - 00060920 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
    2013-11-22 20:41 - 2013-09-24 20:44 - 00365256 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
    2013-11-22 20:41 - 2013-09-24 20:44 - 00065928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
    2013-11-22 20:41 - 2013-09-24 20:43 - 00235488 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
    2013-11-22 20:40 - 2013-11-28 18:42 - 00000000 ____D C:\Program Files\Common Files\Mcafee
    2013-11-22 20:40 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\McAfee.com
    2013-11-22 20:39 - 2013-11-28 18:42 - 00000000 ____D C:\Program Files\McAfee
    2013-11-22 19:59 - 2013-09-24 20:49 - 00172416 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
    2013-11-22 19:53 - 2013-09-24 20:49 - 00213200 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
    2013-11-22 19:53 - 2013-09-24 20:45 - 00571608 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
    2013-11-22 19:53 - 2013-09-24 20:42 - 00133928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
    2013-11-22 18:54 - 2013-11-22 18:54 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2013-11-18 19:21 - 2013-11-18 19:21 - 00000000 ____D C:\Users\Brenda\Documents\Office Depot PC Support Agent
    2013-11-18 19:15 - 2013-11-18 19:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\QuickScan
    2013-11-18 19:07 - 2013-11-18 19:07 - 00002186 _____ C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
    2013-11-18 19:06 - 2013-11-18 19:42 - 00000000 ____D C:\Program Files\Office Depot PC Support Agent
    2013-11-18 19:06 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Common Files\supportsoft
    2013-11-18 19:04 - 2013-11-18 19:05 - 07892896 _____ C:\Users\Brenda\Downloads\Office_Depot_PC_SupportAgent.exe
    2013-11-16 15:15 - 2013-11-16 15:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Malwarebytes
    2013-11-16 15:14 - 2013-11-16 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-11-16 13:26 - 2013-11-16 13:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300 (1).exe
    2013-11-16 13:21 - 2013-11-16 13:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300.exe
    2013-11-16 03:14 - 2013-10-12 02:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-11-16 03:14 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-11-16 03:14 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-11-16 03:14 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-11-16 03:14 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-11-16 03:14 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2013-11-16 03:13 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-11-16 02:11 - 2013-11-16 02:11 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
    2013-11-16 02:10 - 2013-11-16 02:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-11-16 02:10 - 2013-11-16 02:10 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2013-11-16 02:10 - 2013-11-16 02:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2013-11-16 02:09 - 2013-11-16 02:09 - 28504328 _____ (SUPERAntiSpyware) C:\Users\Brenda\Downloads\SUPERAntiSpyware.exe
    2013-11-16 01:02 - 2013-11-30 14:55 - 00000000 ____D C:\ProgramData\McAfee
    2013-11-16 01:02 - 2013-11-22 18:53 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2013-11-16 01:02 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2013-11-16 00:54 - 2010-04-12 17:29 - 00411368 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
    2013-11-16 00:54 - 2010-04-12 17:29 - 00153376 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
    2013-11-16 00:54 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
    2013-11-16 00:54 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
    2013-11-16 00:52 - 2013-11-16 00:53 - 00003285 _____ C:\Windows\system32\jupdate-1.6.0_20-b02.log
    2013-11-16 00:09 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
    2013-11-16 00:09 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2013-11-16 00:09 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2013-11-16 00:08 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2013-11-16 00:08 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2013-11-16 00:08 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2013-11-16 00:08 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2013-11-16 00:08 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2013-11-16 00:08 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2013-11-16 00:08 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2013-11-16 00:08 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2013-11-16 00:08 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2013-11-16 00:08 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2013-11-16 00:08 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2013-11-16 00:08 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2013-11-16 00:08 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2013-11-16 00:08 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2013-11-16 00:08 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2013-11-15 23:23 - 2013-11-30 17:28 - 00000840 _____ C:\Windows\setupact.log
    2013-11-15 23:23 - 2013-11-15 23:23 - 00000000 _____ C:\Windows\setuperr.log
    2013-11-02 09:53 - 2013-11-02 09:54 - 00000000 ____D C:\Users\Brenda\Documents\my story
    ==================== One Month Modified Files and Folders =======
    2013-11-30 17:43 - 2013-11-30 14:38 - 00017374 _____ C:\Users\Brenda\Desktop\FRST.txt
    2013-11-30 17:38 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-11-30 17:38 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-11-30 17:36 - 2009-09-06 18:02 - 00194002 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-11-30 17:35 - 2010-12-26 09:39 - 01997770 _____ C:\Windows\WindowsUpdate.log
    2013-11-30 17:34 - 2013-07-17 19:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-11-30 17:33 - 2013-11-22 20:46 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
    2013-11-30 17:30 - 2013-11-22 20:43 - 00000000 __RSD C:\Users\Brenda\Documents\McAfee Vaults
    2013-11-30 17:29 - 2011-02-17 09:50 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\ZumoDrive
    2013-11-30 17:28 - 2013-11-15 23:23 - 00000840 _____ C:\Windows\setupact.log
    2013-11-30 17:28 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-11-30 17:21 - 2012-04-12 16:14 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000UA.job
    2013-11-30 15:21 - 2012-04-12 16:14 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000Core.job
    2013-11-30 14:55 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee
    2013-11-30 14:36 - 2013-11-30 14:36 - 00000000 ____D C:\FRST
    2013-11-30 14:18 - 2011-02-22 07:22 - 00210556 _____ C:\Windows\PFRO.log
    2013-11-30 14:10 - 2013-11-30 14:33 - 01959070 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
    2013-11-30 14:07 - 2013-11-30 14:32 - 01092069 _____ (Farbar) C:\Users\Brenda\Desktop\FRST32.exe
    2013-11-29 23:00 - 2013-11-29 19:50 - 00019963 _____ C:\Windows\IE11_main.log
    2013-11-29 21:33 - 2011-06-29 22:04 - 00007597 _____ C:\Users\Brenda\AppData\Local\Resmon.ResmonCfg
    2013-11-29 21:06 - 2011-02-17 09:39 - 00000000 ____D C:\Users\Brenda\AppData\Local\VirtualStore
    2013-11-28 18:42 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\Common Files\Mcafee
    2013-11-28 18:42 - 2013-11-22 20:39 - 00000000 ____D C:\Program Files\McAfee
    2013-11-28 18:40 - 2013-04-24 06:37 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForBrenda.job
    2013-11-28 18:05 - 2013-11-28 18:05 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-11-28 18:05 - 2013-11-28 18:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-11-28 17:17 - 2013-11-28 17:17 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee File Lock
    2013-11-22 21:59 - 2010-12-26 09:54 - 00000000 ____D C:\Program Files\Skyhook Wireless
    2013-11-22 20:50 - 2013-11-22 20:50 - 00262144 _____ C:\Windows\system32\config\ELAM
    2013-11-22 20:46 - 2009-07-13 21:04 - 00000435 _____ C:\Windows\win.ini
    2013-11-22 20:43 - 2013-11-22 20:43 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee Anti-Theft
    2013-11-22 20:40 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\McAfee.com
    2013-11-22 19:02 - 2010-12-26 09:55 - 00000000 ____D C:\ProgramData\Norton
    2013-11-22 18:54 - 2013-11-22 18:54 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2013-11-22 18:53 - 2013-11-16 01:02 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2013-11-18 19:42 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Office Depot PC Support Agent
    2013-11-18 19:21 - 2013-11-18 19:21 - 00000000 ____D C:\Users\Brenda\Documents\Office Depot PC Support Agent
    2013-11-18 19:15 - 2013-11-18 19:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\QuickScan
    2013-11-18 19:07 - 2013-11-18 19:07 - 00002186 _____ C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
    2013-11-18 19:06 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Common Files\supportsoft
    2013-11-18 19:05 - 2013-11-18 19:04 - 07892896 _____ C:\Users\Brenda\Downloads\Office_Depot_PC_SupportAgent.exe
    2013-11-16 15:15 - 2013-11-16 15:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Malwarebytes
    2013-11-16 15:14 - 2013-11-16 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-11-16 13:26 - 2013-11-16 13:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300 (1).exe
    2013-11-16 13:21 - 2013-11-16 13:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300.exe
    2013-11-16 09:51 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
    2013-11-16 03:12 - 2013-08-15 10:22 - 00000000 ____D C:\Windows\system32\MRT
    2013-11-16 03:02 - 2011-06-29 22:20 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2013-11-16 02:11 - 2013-11-16 02:11 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
    2013-11-16 02:11 - 2013-11-16 02:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-11-16 02:10 - 2013-11-16 02:10 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2013-11-16 02:10 - 2013-11-16 02:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2013-11-16 02:09 - 2013-11-16 02:09 - 28504328 _____ (SUPERAntiSpyware) C:\Users\Brenda\Downloads\SUPERAntiSpyware.exe
    2013-11-16 02:07 - 2011-06-15 12:28 - 00000000 ____D C:\Users\Brenda\AppData\Local\Adobe
    2013-11-16 01:02 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2013-11-16 01:01 - 2013-07-17 19:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2013-11-16 01:01 - 2013-07-17 19:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2013-11-16 00:53 - 2013-11-16 00:52 - 00003285 _____ C:\Windows\system32\jupdate-1.6.0_20-b02.log
    2013-11-16 00:53 - 2010-08-27 18:50 - 00000000 ____D C:\Program Files\Java
    2013-11-15 23:23 - 2013-11-15 23:23 - 00000000 _____ C:\Windows\setuperr.log
    2013-11-11 05:50 - 2011-04-18 22:07 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2013-11-02 09:54 - 2013-11-02 09:53 - 00000000 ____D C:\Users\Brenda\Documents\my story
    Some content of TEMP:
    ====================
    C:\Users\Brenda\AppData\Local\Temp\swt-gdip-win32-3448.dll
    C:\Users\Brenda\AppData\Local\Temp\swt-win32-3448.dll
    C:\Users\Brenda\AppData\Local\Temp\WindowsAPI.dll

    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2013-11-16 09:30
    ==================== End Of Log ============================
  7. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Looks good :)

    Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  8. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Brenda [Admin rights]
    Mode : Scan -- Date : 11/30/2013 21:23:06
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> FOUND
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160314AS +++++
    --- User ---
    [MBR] 0eed7a97c7198f81f5d0d9432c6d1fa3
    [BSP] 5064a89c86100fa7431e112b902044a3 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 137677 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 282372096 | Size: 14647 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[0]_S_11302013_212306.txt >>

    -


    RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Brenda [Admin rights]
    Mode : Remove -- Date : 11/30/2013 21:23:44
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> DELETED
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160314AS +++++
    --- User ---
    [MBR] 0eed7a97c7198f81f5d0d9432c6d1fa3
    [BSP] 5064a89c86100fa7431e112b902044a3 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 137677 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 282372096 | Size: 14647 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[0]_D_11302013_212344.txt >>
    RKreport[0]_S_11302013_212306.txt
  9. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  10. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    Your process produced three logs:

    RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Brenda [Admin rights]
    Mode : Scan -- Date : 11/30/2013 21:23:06
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> FOUND
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160314AS +++++
    --- User ---
    [MBR] 0eed7a97c7198f81f5d0d9432c6d1fa3
    [BSP] 5064a89c86100fa7431e112b902044a3 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 137677 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 282372096 | Size: 14647 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[0]_S_11302013_212306.txt >>

    RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Brenda [Admin rights]
    Mode : Remove -- Date : 11/30/2013 21:23:44
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> DELETED
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160314AS +++++
    --- User ---
    [MBR] 0eed7a97c7198f81f5d0d9432c6d1fa3
    [BSP] 5064a89c86100fa7431e112b902044a3 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 137677 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 282372096 | Size: 14647 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[0]_D_11302013_212344.txt >>
    RKreport[0]_S_11302013_212306.txt

    ComboFix 13-12-01.01 - Brenda 12/02/2013 12:49:04.1.2 - x86
    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.200 [GMT -5:00]
    Running from: c:\users\Brenda\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\FlashPlayerApp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-11-02 to 2013-12-02 )))))))))))))))))))))))))))))))
    .
    .
    2013-12-02 18:08 . 2013-12-02 18:08 -------- d-----w- c:\users\Brenda\AppData\Local\temp
    2013-12-02 18:08 . 2013-12-02 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-12-02 17:27 . 2013-12-02 17:27 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2013-12-02 17:27 . 2013-12-02 17:27 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2013-12-02 17:27 . 2013-12-02 17:27 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2013-12-02 17:27 . 2013-12-02 17:27 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2013-11-30 19:36 . 2013-11-30 19:36 -------- d-----w- C:\FRST
    2013-11-28 22:17 . 2013-11-28 22:17 -------- d-----w- c:\users\Brenda\AppData\Local\McAfee File Lock
    2013-11-28 22:00 . 2013-09-09 16:11 66296 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
    2013-11-28 21:58 . 2013-09-23 18:48 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    2013-11-23 01:43 . 2013-11-23 01:43 -------- d-----w- c:\users\Brenda\AppData\Local\McAfee Anti-Theft
    2013-11-23 01:41 . 2013-09-25 01:44 365256 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2013-11-23 01:41 . 2013-09-25 01:53 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2013-11-23 01:41 . 2013-09-25 01:44 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2013-11-23 01:41 . 2013-09-25 01:43 235488 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2013-11-23 01:40 . 2013-11-28 23:42 -------- d-----w- c:\program files\Common Files\Mcafee
    2013-11-23 01:39 . 2013-11-28 23:42 -------- d-----w- c:\program files\McAfee
    2013-11-23 00:59 . 2013-09-25 01:49 172416 ----a-w- c:\windows\system32\mfevtps.exe
    2013-11-23 00:53 . 2013-09-25 01:49 213200 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2013-11-23 00:53 . 2013-09-25 01:45 571608 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2013-11-23 00:53 . 2013-09-25 01:42 133928 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2013-11-23 00:19 . 2013-11-18 06:28 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A7DA894-0A3E-481E-B209-6711E3C9D86D}\mpengine.dll
    2013-11-19 00:15 . 2013-11-19 00:15 -------- d-----w- c:\users\Brenda\AppData\Roaming\QuickScan
    2013-11-19 00:15 . 2013-11-19 00:35 -------- d-----w- c:\users\Brenda\AppData\Roaming\OpswatLogs
    2013-11-19 00:10 . 2013-11-19 00:10 -------- d-----w- C:\temp
    2013-11-19 00:06 . 2013-11-19 00:42 -------- d-----w- c:\program files\Office Depot PC Support Agent
    2013-11-19 00:06 . 2013-11-19 00:06 -------- d-----w- c:\program files\Common Files\supportsoft
    2013-11-16 20:15 . 2013-11-16 20:15 -------- d-----w- c:\users\Brenda\AppData\Roaming\Malwarebytes
    2013-11-16 20:14 . 2013-11-16 20:14 -------- d-----w- c:\programdata\Malwarebytes
    2013-11-16 20:14 . 2013-11-16 20:14 -------- d-----w- c:\users\Brenda\AppData\Local\Programs
    2013-11-16 07:11 . 2013-11-16 07:11 -------- d-----w- c:\users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
    2013-11-16 07:10 . 2013-11-16 07:11 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-11-16 07:10 . 2013-11-16 07:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-11-16 06:02 . 2013-11-16 06:02 -------- d-----w- c:\programdata\McAfee Security Scan
    2013-11-16 06:02 . 2013-11-30 19:55 -------- d-----w- c:\programdata\McAfee
    2013-11-16 06:02 . 2013-11-22 23:53 -------- d-----w- c:\program files\McAfee Security Scan
    2013-11-16 05:54 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2013-11-16 05:09 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-11-16 05:09 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2013-11-16 05:09 . 2013-10-04 01:56 168960 ----a-w- c:\windows\system32\credui.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-11-16 06:01 . 2013-07-18 00:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-11-11 10:50 . 2011-04-19 03:07 230048 ------w- c:\windows\system32\MpSigStub.exe
    2013-10-14 17:30 . 2013-10-14 17:30 0 ----a-w- c:\windows\system32\sho737A.tmp
    2013-09-30 11:35 . 2013-09-30 11:35 0 ----a-w- c:\windows\system32\sho781B.tmp
    2013-09-20 14:37 . 2013-09-20 14:37 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
    2013-09-20 14:37 . 2013-09-20 14:37 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
    2013-09-20 14:37 . 2013-09-20 14:37 301248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
    2013-09-14 00:48 . 2013-10-12 23:10 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-08 02:07 . 2013-10-12 23:11 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-09-08 02:03 . 2013-10-12 23:10 231424 ----a-w- c:\windows\system32\mswsock.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-05 5717272]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-24 495708]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-16 1721640]
    "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-04-09 601144]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
    "ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-08-28 2038]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent]
    @="Office Depot PC Support Agent"
    .
    R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.241.0\BBSvc.exe [2013-07-23 193696]
    R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
    R2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\Office Depot PC Support Agent\esService.exe [2013-10-08 1005144]
    R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-05-15 487312]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-09-23 147912]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 203080]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
    R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2013-09-20 80656]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2013-09-09 66296]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-09-25 213200]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-03 81920]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
    S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-09 26168]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
    S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [2013-09-24 145088]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
    S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
    S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2013-09-20 638976]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-09-25 169320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-09-25 172416]
    S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [2010-05-12 331512]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
    S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928]
    S2 xpssvc;Skyhook Wireless XPS Service;c:\program files\Skyhook Wireless\XPS\xpssvc.exe [2010-06-28 707400]
    S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.241.0\SeaPort.exe [2013-07-23 240288]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-09-25 60920]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-09-25 365256]
    S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2013-09-20 301248]
    S3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2010-05-12 5248]
    S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2010-05-12 372224]
    S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2010-05-12 190592]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-04-20 228896]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-28 233472]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
    S3 XPSVCOM;XPSVCOM;c:\windows\system32\DRIVERS\XPSVCOM.sys [2010-06-02 12416]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
    2010-04-19 03:47 702464 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
    2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18 06:01]
    .
    2013-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000Core.job
    - c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 21:14]
    .
    2013-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000UA.job
    - c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 21:14]
    .
    2013-11-28 c:\windows\Tasks\HPCeeScheduleForBrenda.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-12-02 13:12:57
    ComboFix-quarantined-files.txt 2013-12-02 18:12
    .
    Pre-Run: 111,468,675,072 bytes free
    Post-Run: 111,531,094,016 bytes free
    .
    - - End Of File - - 4A1497A36742A76A1BCA30991AC77F16
    0B8F13CA41821C8A4D645FFCFD0DC92F
  11. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  12. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    Here are the results of the AdwCleaner. It also created a quarantine file.
    Awd log:

    # AdwCleaner v3.014 - Report created 02/12/2013 at 19:35:31
    # Updated 01/12/2013 by Xplode
    # Operating System : Windows 7 Starter Service Pack 1 (32 bits)
    # Username : Brenda - BRENDA-PC
    # Running from : C:\Users\Brenda\Desktop\adwcleaner.exe
    # Option : Scan
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    ***** [ Browsers ] *****
    -\\ Internet Explorer v10.0.9200.16736

    -\\ Google Chrome v
    [ File : C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    *************************
    AdwCleaner[R0].txt - [1090 octets] - [02/12/2013 19:35:31]
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1150 octets] ##########
    # AdwCleaner v3.014 - Report created 02/12/2013 at 19:38:07
    # Updated 01/12/2013 by Xplode
    # Operating System : Windows 7 Starter Service Pack 1 (32 bits)
    # Username : Brenda - BRENDA-PC
    # Running from : C:\Users\Brenda\Desktop\adwcleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    ***** [ Browsers ] *****
    -\\ Internet Explorer v10.0.9200.16736

    -\\ Google Chrome v
    [ File : C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    *************************
    AdwCleaner[R0].txt - [1230 octets] - [02/12/2013 19:35:31]
    AdwCleaner[S0].txt - [1163 octets] - [02/12/2013 19:38:07]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1223 octets] ##########
  13. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    Junkware tool results:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Starter x86
    Ran by Brenda on Mon 12/02/2013 at 20:04:35.14
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys

    ~~~ Files
    Successfully deleted: [File] C:\Windows\system32\sho27EA.tmp
    Successfully deleted: [File] C:\Windows\system32\sho36A.tmp
    Successfully deleted: [File] C:\Windows\system32\sho5CC7.tmp
    Successfully deleted: [File] C:\Windows\system32\sho737A.tmp
    Successfully deleted: [File] C:\Windows\system32\sho781B.tmp
    Successfully deleted: [File] C:\Windows\system32\sho863F.tmp
    Successfully deleted: [File] C:\Windows\system32\shoDC7B.tmp

    ~~~ Folders

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 12/02/2013 at 20:13:16.69
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  14. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    OTL log:

    OTL logfile created on: 12/2/2013 8:29:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brenda\Desktop
    Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1011.90 Mb Total Physical Memory | 220.75 Mb Available Physical Memory | 21.82% Memory free
    1.99 Gb Paging File | 0.93 Gb Available in Paging File | 46.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 134.45 Gb Total Space | 103.86 Gb Free Space | 77.25% Space Free | Partition Type: NTFS
    Drive D: | 14.30 Gb Total Space | 2.05 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
    Drive E: | 98.84 Mb Total Space | 92.56 Mb Free Space | 93.65% Space Free | Partition Type: FAT32

    Computer Name: BRENDA-PC | User Name: Brenda | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/02 19:23:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
    PRC - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/09/24 20:49:04 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2013/09/24 20:44:16 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    PRC - [2013/09/24 16:00:04 | 000,145,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
    PRC - [2013/09/20 09:47:54 | 000,638,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
    PRC - [2013/09/11 11:55:58 | 000,499,384 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
    PRC - [2013/09/09 11:10:14 | 000,517,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
    PRC - [2013/09/06 12:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    PRC - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
    PRC - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
    PRC - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    PRC - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/28 16:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/25 05:05:00 | 000,150,928 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
    PRC - [2010/06/28 06:03:14 | 000,707,400 | ---- | M] (Skyhook Wireless) -- C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
    PRC - [2010/05/12 13:28:08 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
    PRC - [2010/04/09 17:43:38 | 000,026,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2010/04/09 17:42:00 | 000,601,144 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2010/04/05 13:12:02 | 000,363,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    PRC - [2010/04/05 13:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    PRC - [2010/03/28 17:22:20 | 000,154,304 | ---- | M] (Zecter Inc.) -- C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    PRC - [2010/03/24 01:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2010/03/24 01:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
    PRC - [2009/10/13 13:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/03/03 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/02 20:17:00 | 000,379,904 | ---- | M] () -- C:\Users\Brenda\AppData\Local\temp\libsqlitejdbc-66376067507847092.lib
    MOD - [2013/12/02 20:16:55 | 000,198,144 | ---- | M] () -- C:\Users\Brenda\AppData\Local\temp\WindowsAPI.dll
    MOD - [2013/10/14 12:46:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
    MOD - [2013/10/14 12:39:41 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
    MOD - [2013/10/14 12:38:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
    MOD - [2013/10/14 12:37:24 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
    MOD - [2013/10/14 12:36:07 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
    MOD - [2013/10/14 12:35:40 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
    MOD - [2013/09/13 06:22:38 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
    MOD - [2013/09/13 06:21:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/15 10:46:24 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
    MOD - [2013/08/15 10:44:16 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
    MOD - [2013/08/15 10:43:49 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
    MOD - [2013/07/17 19:44:48 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
    MOD - [2013/07/17 19:34:57 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
    MOD - [2010/08/27 17:08:12 | 000,237,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
    MOD - [2010/04/05 13:12:06 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
    MOD - [2010/04/05 13:12:00 | 000,267,832 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
    MOD - [2010/04/05 13:11:58 | 000,030,264 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll


    ========== Services (SafeList) ==========

    SRV - [2013/11/16 01:01:59 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/10/08 02:47:20 | 001,005,144 | ---- | M] (Support.com, Inc.) [Auto | Stopped] -- C:\Program Files\Office Depot PC Support Agent\esService.exe -- (Office Depot PC Support Agent)
    SRV - [2013/09/24 20:49:04 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2013/09/24 20:44:16 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV - [2013/09/24 16:00:04 | 000,145,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
    SRV - [2013/09/20 09:47:54 | 000,638,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
    SRV - [2013/09/06 12:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
    SRV - [2013/08/02 17:50:58 | 000,471,592 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
    SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
    SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
    SRV - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
    SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/05/14 20:37:12 | 000,487,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Downloaded Program Files\DMService.exe -- (DMService)
    SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/01/28 12:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
    SRV - [2010/11/25 05:05:00 | 000,150,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
    SRV - [2010/06/28 06:03:14 | 000,707,400 | ---- | M] (Skyhook Wireless) [Auto | Running] -- C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe -- (xpssvc)
    SRV - [2010/05/12 13:28:08 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe -- (QDLService2kHP)
    SRV - [2010/04/09 17:43:38 | 000,026,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2010/04/05 13:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV - [2010/03/24 01:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
    SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2009/03/03 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
    SRV - [2009/02/06 19:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Brenda\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2013/09/24 20:53:24 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2013/09/24 20:49:20 | 000,213,200 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2013/09/24 20:45:46 | 000,571,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2013/09/24 20:44:30 | 000,365,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2013/09/24 20:44:00 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2013/09/24 20:43:30 | 000,235,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2013/09/24 20:42:44 | 000,133,928 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2013/09/23 13:48:38 | 000,147,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
    DRV - [2013/09/20 09:37:24 | 000,080,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
    DRV - [2013/09/20 09:37:10 | 000,301,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
    DRV - [2013/09/09 11:11:52 | 000,066,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\McPvDrv.sys -- (McPvDrv)
    DRV - [2013/06/26 18:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
    DRV - [2013/06/26 18:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
    DRV - [2013/06/26 18:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
    DRV - [2013/06/26 18:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/06/01 22:35:26 | 000,012,416 | ---- | M] (Skyhook Wireless) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\XPSVCOM.sys -- (XPSVCOM)
    DRV - [2010/05/12 12:18:02 | 000,372,224 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbnethp2k.sys -- (qcusbnethp2k)
    DRV - [2010/05/12 12:18:02 | 000,190,592 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbserhp2k.sys -- (qcusbserhp2k)
    DRV - [2010/05/12 12:18:02 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcfilterhp2k.sys -- (qcfilterhp2k)
    DRV - [2010/04/20 13:04:24 | 000,228,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV - [2010/03/24 01:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2010/03/02 19:43:20 | 001,263,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{AB720E55-013E-45EC-94DA-7FC03E84DB46}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{EB0A2DBB-CB4A-49D0-9056-D300742A1E41}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051
    IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\..\SearchScopes\{74FFB162-7355-4478-A81D-D5C259DC2100}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\..\SearchScopes\{AB720E55-013E-45EC-94DA-7FC03E84DB46}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\..\SearchScopes\{EB0A2DBB-CB4A-49D0-9056-D300742A1E41}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/11/30 14:18:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/11/29 20:54:56 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: McAfee (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
    CHR - default_search_provider: suggest_url = ,
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Brenda\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brenda\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brenda\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
    CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: SiteAdvisor = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
    CHR - Extension: SiteAdvisor = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_0\
    CHR - Extension: Google Wallet = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\
    CHR - Extension: Gmail = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/12/02 13:08:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
    O4 - HKU\S-1-5-21-326676488-864963984-2190722416-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-326676488-864963984-2190722416-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-326676488-864963984-2190722416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25AB198E-188A-4EF6-920D-F299DF409BC3}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE92BCF0-0F52-4851-9EDB-E179CABC7890}: DhcpNameServer = 198.6.1.1 204.117.214.10
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/02 20:27:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
    [2013/12/02 20:04:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/12/02 19:35:19 | 000,000,000 | ---D | C] -- C:\Users\Brenda\Desktop\Quarantine
    [2013/12/02 19:35:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/12/02 13:13:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/12/02 13:13:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/12/02 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\temp
    [2013/12/02 12:44:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/12/02 12:44:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/12/02 12:44:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/12/02 12:43:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/12/02 12:42:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/11/30 14:36:34 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/11/28 17:17:45 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\McAfee File Lock
    [2013/11/28 17:00:31 | 000,066,296 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\McPvDrv.sys
    [2013/11/28 16:58:59 | 000,147,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
    [2013/11/22 20:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2013/11/22 20:43:31 | 000,000,000 | R-SD | C] -- C:\Users\Brenda\Documents\McAfee Vaults
    [2013/11/22 20:43:31 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\McAfee Anti-Theft
    [2013/11/22 20:41:19 | 000,365,256 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
    [2013/11/22 20:41:18 | 000,235,488 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
    [2013/11/22 20:41:18 | 000,065,928 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
    [2013/11/22 20:41:18 | 000,060,920 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
    [2013/11/22 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
    [2013/11/22 20:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2013/11/22 20:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2013/11/22 19:59:45 | 000,172,416 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    [2013/11/22 19:53:42 | 000,213,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
    [2013/11/22 19:53:40 | 000,571,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
    [2013/11/22 19:53:39 | 000,133,928 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
    [2013/11/22 18:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [2013/11/18 19:21:11 | 000,000,000 | ---D | C] -- C:\Users\Brenda\Documents\Office Depot PC Support Agent
    [2013/11/18 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\QuickScan
    [2013/11/18 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\OpswatLogs
    [2013/11/18 19:10:18 | 000,000,000 | ---D | C] -- C:\temp
    [2013/11/18 19:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
    [2013/11/18 19:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Office Depot PC Support Agent
    [2013/11/16 15:15:06 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\Malwarebytes
    [2013/11/16 15:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/11/16 15:14:15 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\Programs
    [2013/11/16 02:11:32 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
    [2013/11/16 02:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/11/16 02:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/11/16 02:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/11/16 01:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
    [2013/11/16 01:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2013/11/16 01:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

    ========== Files - Modified Within 30 Days ==========

    [2013/12/02 20:34:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/12/02 20:28:33 | 000,965,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/12/02 20:28:33 | 000,225,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/12/02 20:26:38 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/02 20:26:38 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/02 20:21:54 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
    [2013/12/02 20:16:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/12/02 20:16:18 | 795,787,264 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/02 19:23:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
    [2013/12/02 13:08:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/11/29 21:33:27 | 000,007,597 | ---- | M] () -- C:\Users\Brenda\AppData\Local\Resmon.ResmonCfg
    [2013/11/28 18:40:35 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrenda.job
    [2013/11/22 18:54:04 | 000,002,012 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2013/11/22 18:54:03 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2013/11/18 19:07:36 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
    [2013/11/16 02:10:32 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

    ========== Files Created - No Company Name ==========

    [2013/12/02 12:44:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/12/02 12:44:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/12/02 12:44:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/12/02 12:44:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/12/02 12:44:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/11/28 16:57:42 | 000,002,641 | ---- | C] () -- C:\Windows\System32\drivers\mfencrk.inf
    [2013/11/28 16:57:41 | 000,002,951 | ---- | C] () -- C:\Windows\System32\drivers\mfencbdc.inf
    [2013/11/22 20:46:44 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
    [2013/11/22 18:54:03 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2013/11/18 19:07:36 | 000,002,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office Depot PC Support Agent.lnk
    [2013/11/18 19:07:35 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
    [2013/11/16 02:10:32 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    [2013/11/16 01:02:15 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2011/06/29 22:04:44 | 000,007,597 | ---- | C] () -- C:\Users\Brenda\AppData\Local\Resmon.ResmonCfg

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/02/17 10:37:09 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
    [2013/11/18 19:35:34 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\OpswatLogs
    [2013/11/18 19:15:38 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\QuickScan
    [2013/09/09 19:37:29 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\SoftGrid Client
    [2011/08/26 17:51:03 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\TP
    [2011/02/17 10:41:22 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\WildTangent
    [2013/12/02 20:16:55 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\ZumoDrive

    ========== Purity Check ==========


    < End of report >
  15. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    Extras log:

    OTL Extras logfile created on: 12/2/2013 8:29:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brenda\Desktop
    Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1011.90 Mb Total Physical Memory | 220.75 Mb Available Physical Memory | 21.82% Memory free
    1.99 Gb Paging File | 0.93 Gb Available in Paging File | 46.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 134.45 Gb Total Space | 103.86 Gb Free Space | 77.25% Space Free | Partition Type: NTFS
    Drive D: | 14.30 Gb Total Space | 2.05 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
    Drive E: | 98.84 Mb Total Space | 92.56 Mb Free Space | 93.65% Space Free | Partition Type: FAT32

    Computer Name: BRENDA-PC | User Name: Brenda | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09B5505B-4B9A-41DB-9BC8-98B1CD3970EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{0CF22207-4B17-4E34-9A5A-C7539EE6FC08}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{15ABF673-1FC1-4716-A481-768994B74256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{221B72FB-39EC-46A4-AAF0-0F50C1BFB1C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{2EB89B8F-083D-4B65-A217-B235D9293277}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
    "{33844EC0-A492-4BAA-8EDA-FE59815BFAA3}" = lport=137 | protocol=17 | dir=in | app=system |
    "{4E6DE267-4F3D-44A1-A801-9C84C948080D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5C5A7C08-E3AE-4858-9C40-D136EDB7BCEF}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7D2F5F0E-DF39-45FA-A91F-E4E75B87BB80}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
    "{810C5FF4-1934-47D2-B4CB-A2D5DCC09721}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{873246D4-F9FE-47FF-8FFD-122D674F2FC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B0F39071-9B68-4B42-A607-FA083A01978C}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B4DE1687-D8B2-4ED3-9E20-0879E52D6477}" = rport=139 | protocol=6 | dir=out | app=system |
    "{E6AC9393-F9B6-463A-BF0B-3730A03DAADE}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F2D0852E-791C-4C29-9AA0-13E8C0425CA9}" = lport=445 | protocol=6 | dir=in | app=system |
    "{F5BDF2E8-35D0-48BA-B8CB-8154F781F234}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00A4DC97-6340-4B2E-B10B-D01648162B90}" = protocol=6 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\video\hpvideo.exe |
    "{0BD69F47-02A8-4E48-A4DD-0BBB8ECC547A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{19E752A8-FB29-4436-84CB-DE8EE442EFBF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{36EBC98F-C63C-43C8-A005-ED117B53A927}" = protocol=6 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\music\hpmusic.exe |
    "{3C63C0E7-A504-4B61-A5EF-606DA1284A9A}" = protocol=17 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\video\hpvideo.exe |
    "{410E893A-CDBB-4A13-AD76-E82EF69FC0BE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{44C35245-08A9-457C-9E7A-1765A9BF6CEA}" = dir=out | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe |
    "{503C131B-DDAF-419B-92FC-448887C774C6}" = protocol=17 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\music\hpmusic.exe |
    "{52667481-AEED-4BF5-915C-0BA4391772CB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{69B7AA6B-98C9-4772-9C60-170B37AF8A6C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{85CF09FB-5ECA-4A28-9722-A6C22B184509}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{89CE38E3-285A-4E98-9AB2-02F05364B20F}" = protocol=17 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\photo\hpphoto.exe |
    "{99115C4C-638E-4E2D-84FD-F5A2C1E695EC}" = protocol=6 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\photo\hpphoto.exe |
    "{A2DAA051-9B7A-476E-86B7-9DA8359AAC71}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{B68734A8-DEB5-4442-B929-D4A832AEECA3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C715E19D-F02F-428F-A33A-B1AD16BB3764}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{D90D1320-F2FF-4384-A07E-0148678E005F}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
    "{E221FBED-DC53-4763-8433-67CE83C275CF}" = dir=in | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe |
    "{E340A80F-58C5-4784-A4CC-4541D9F54A21}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{E94D0DB3-17D3-48BD-8B4B-49DCD127504D}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
    "{FCDB1FD5-73DE-4A68-9A37-67983EEAD611}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0AEE22A8-6430-4CD0-917A-F0EB49F4E814}" = Skyhook Wireless XPS Service
    "{10BFDC04-317E-4DF2-8773-ACC02155B055}" = HP Navigator
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40C915B0-F2A0-423D-BEDF-04D3CE4D4DC5}" = HP Quick Launch
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{458328FB-0D19-43D9-854D-2EA404CF5BBE}" = Qualcomm Gobi 2000 Package for HP
    "{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F22707C-C8E4-4BC8-881C-FAAB2EF5914B}" = HP HomeBase
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{60C58642-B64D-43E6-B7EF-7928019AA012}" = Loki Browser Plugin
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79EFF05C-D148-4A2E-AEF2-24720B6A76EC}" = VZAccess Manager
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FCE3C61-B789-4A62-8B85-1C2B5F5D9575}" = HP Documentation
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
    "{DA200FDD-DE3D-4958-8465-C4FBC869544B}" = HP Software Framework
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EF627ABB-E970-4C3E-9ABB-097BE46F55CB}" = HP QuickSync
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
    "MSC" = McAfee Total Protection
    "My HP Game Console" = HP Game Console
    "Office Depot PC Support Agent" = Office Depot PC Support Agent
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT082124" = Blasterball 3
    "WT082141" = FATE
    "WT082168" = Penguins!
    "WT082170" = Plants vs. Zombies
    "WT082172" = Polar Bowler
    "WT082192" = Bejeweled 2 Deluxe
    "WT082200" = Chuzzle Deluxe
    "WT082222" = Insaniquarium Deluxe
    "WT082241" = Virtual Villagers - The Secret City
    "WT082246" = Zuma Deluxe
    "WT082396" = Diner Dash 2 Restaurant Rescue
    "WT082409" = Mahjongg Artifacts
    "WT082422" = Wedding Dash
    "WT082427" = Slingo Deluxe
    "WT082442" = Faerie Solitaire
    "WT083489" = JoJo's Fashion Show
    "WT083503" = Jewel Match 2
    "WT083510" = Jewel Quest Solitaire
    "WT083514" = Jewel Quest II
    "WT083521" = Dream Chronicles
    "WT083529" = Gem Shop
    "ZumoDrive" = HP CloudDrive

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-326676488-864963984-2190722416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Circuit Construction Kit (DC Only)" = Circuit Construction Kit (DC Only)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/2/2013 9:24:49 PM | Computer Name = Brenda-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 12/2/2013 9:24:49 PM | Computer Name = Brenda-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 12/2/2013 9:27:36 PM | Computer Name = Brenda-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error - 12/2/2013 9:28:29 PM | Computer Name = Brenda-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 12/2/2013 9:28:29 PM | Computer Name = Brenda-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    [ Hewlett-Packard Events ]
    Error - 9/22/2013 5:58:39 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

    Error - 9/22/2013 6:00:16 PM | Computer Name = Brenda-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 9/22/2013 6:00:16 PM | Computer Name = Brenda-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 9/29/2013 6:35:09 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

    Error - 10/6/2013 8:51:00 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 1011 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

    Error - 10/12/2013 9:34:23 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 1011 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

    Error - 10/18/2013 8:44:34 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

    Error - 10/27/2013 12:47:34 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 1011 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

    Error - 10/31/2013 3:36:37 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

    Error - 11/7/2013 9:12:17 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

    [ HP Wireless Assistant Events ]
    Error - 10/14/2013 1:36:05 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    Error - 10/14/2013 5:48:22 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    Error - 10/15/2013 3:01:23 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    Error - 10/15/2013 8:09:25 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    Error - 10/15/2013 8:48:20 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    Error - 10/15/2013 9:46:56 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    Error - 10/18/2013 4:17:44 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    Error - 10/22/2013 7:53:14 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    Error - 10/23/2013 7:15:57 AM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    Error - 10/27/2013 12:31:06 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    [ System Events ]
    Error - 12/2/2013 9:15:20 PM | Computer Name = Brenda-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the mfecore service.

    Error - 12/2/2013 9:17:33 PM | Computer Name = Brenda-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    mfeapfk

    Error - 12/2/2013 9:19:44 PM | Computer Name = Brenda-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    OTL logs are clean.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  17. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    Security Check results:

    Results of screen317's Security Check version 0.99.77
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Java(TM) 6 Update 20
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
  18. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    FSS results:

    Farbar Service Scanner Version: 23-11-2013
    Ran by Brenda (administrator) on 02-12-2013 at 21:59:12
    Running from "C:\Users\Brenda\Desktop"
    Microsoft Windows 7 Starter Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys
    [2013-10-12 18:10] - [2013-09-13 19:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2013-10-12 18:11] - [2013-09-07 21:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2013-08-14 10:57] - [2013-07-08 23:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9
    C:\Program Files\Windows Defender\MpSvc.dll
    [2013-07-10 06:57] - [2013-05-26 23:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47
    C:\Windows\system32\ipnathlp.dll => MD5 is legit
    C:\Windows\system32\iphlpsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
  19. Broni

    Broni Malware Annihilator Posts: 45,316   +243

  20. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    Still trudging along.. Been running for 20 Hrs 30 Min and is about 19% complete.
  21. Broni

    Broni Malware Annihilator Posts: 45,316   +243

  22. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    Should I let ESET continue to run?
  23. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Absolutely. No rush.
  24. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

  25. Astronerd

    Astronerd Newcomer, in training Topic Starter Posts: 64

    ESET found nothing.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.