Solved HP Mini notebook runs slow with many popups. I've managed to clear most bad stuff but...

Astronerd

Posts: 61   +0
HP Mini notebook runs slow with many popups. I've managed to get most of the malware killed but there is still something that is interfering with the proper operation. Here are the log files:
Malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.29.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
Brenda :: BRENDA-PC [administrator]
Protection: Enabled
11/29/2013 7:47:07 PM
mbam-log-2013-11-29 (19-47-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192471
Time elapsed: 41 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32| (Hijack.SHELL32) -> Bad: (\\?\globalroot\Device\HarddiskVolume2\Users\Brenda\AppData\Local\Temp\smkiemp\sdpxwsi\wow.dll) Good: (SHELL32.dll) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736
Run by Brenda at 20:40:05 on 2013-11-29
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.261 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Office Depot PC Support Agent\esService.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Program Files\Office Depot PC Support Agent\escont.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [Google Update] "c:\users\brenda\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{25AB198E-188A-4EF6-920D-F299DF409BC3} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{25AB198E-188A-4EF6-920D-F299DF409BC3}\553405357457563747 : DHCPNameServer = 10.11.0.52 10.0.3.6 10.0.3.9
TCP: Interfaces\{BE92BCF0-0F52-4851-9EDB-E179CABC7890} : DHCPNameServer = 198.6.1.1 204.117.214.10
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer"
mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs"
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2013-11-28 66296]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-11-22 571608]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-11-22 213200]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2010-12-26 81920]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-28 281560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-4-9 26168]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-28 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-28 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2013-11-22 167784]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-11-28 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-28 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-28 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-28 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-28 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-11-28 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-11-22 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-11-22 172416]
R2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\office depot pc support agent\esService.exe [2013-10-8 1005144]
R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2010-5-12 331512]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-11-22 60920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-28 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-11-22 235488]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-11-22 365256]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-9-20 301248]
R3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\drivers\qcfilterhp2k.sys [2010-5-12 5248]
R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [2010-5-12 372224]
R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [2010-5-12 190592]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2010-12-26 228896]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-12-26 233472]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 XPSVCOM;XPSVCOM;c:\windows\system32\drivers\XPSVCOM.sys [2010-6-1 12416]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-4-5 103992]
S2 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2013-11-22 167784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\downlo~1\DMService.exe [2011-5-14 487312]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-11-28 147912]
S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2013-11-22 203080]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-11-22 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-9-20 80656]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
.
=============== Created Last 30 ================
.
2013-11-28 23:04:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-28 23:04:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-28 22:17:45 -------- d-----w- c:\users\brenda\appdata\local\McAfee File Lock
2013-11-28 22:00:31 66296 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2013-11-28 21:58:59 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-11-23 01:43:31 -------- d-----w- c:\users\brenda\appdata\local\McAfee Anti-Theft
2013-11-23 01:41:19 365256 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-23 01:41:18 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-11-23 01:41:18 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-23 01:41:18 235488 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-23 01:40:57 -------- d-----w- c:\program files\common files\Mcafee
2013-11-23 01:40:28 -------- d-----w- c:\program files\McAfee.com
2013-11-23 01:39:56 -------- d-----w- c:\program files\McAfee
2013-11-23 00:59:45 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-11-23 00:53:42 213200 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-11-23 00:53:40 571608 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-23 00:53:39 133928 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-11-23 00:19:14 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4a7da894-0a3e-481e-b209-6711e3c9d86d}\mpengine.dll
2013-11-23 00:13:30 7772552 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2013-11-19 00:15:37 -------- d-----w- c:\users\brenda\appdata\roaming\QuickScan
2013-11-19 00:15:04 -------- d-----w- c:\users\brenda\appdata\roaming\OpswatLogs
2013-11-19 00:10:18 -------- d-----w- C:\temp
2013-11-19 00:06:22 -------- d-----w- c:\program files\Office Depot PC Support Agent
2013-11-19 00:06:22 -------- d-----w- c:\program files\common files\supportsoft
2013-11-16 20:15:06 -------- d-----w- c:\users\brenda\appdata\roaming\Malwarebytes
2013-11-16 20:14:41 -------- d-----w- c:\programdata\Malwarebytes
2013-11-16 20:14:15 -------- d-----w- c:\users\brenda\appdata\local\Programs
2013-11-16 07:11:32 -------- d-----w- c:\users\brenda\appdata\roaming\SUPERAntiSpyware.com
2013-11-16 07:10:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-11-16 07:10:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-11-16 06:02:27 -------- d-----w- c:\programdata\McAfee Security Scan
2013-11-16 06:02:08 -------- d-----w- c:\program files\McAfee Security Scan
2013-11-16 05:54:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2013-11-16 05:09:25 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-16 05:09:24 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-16 05:09:24 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
.
==================== Find3M ====================
.
2013-11-16 06:01:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-16 06:01:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-11 10:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-14 17:30:03 0 ----a-w- c:\windows\system32\sho737A.tmp
2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-09-30 11:35:53 0 ----a-w- c:\windows\system32\sho781B.tmp
2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-20 14:37:40 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 14:37:24 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 14:37:10 301248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
.
============= FINISH: 20:41:51.70 ===============
attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 2/17/2011 9:39:49 AM
System Uptime: 11/29/2013 7:29:54 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 148A
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU | 1666/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 100.522 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.053 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfeapfk
Device ID: ROOT\LEGACY_MFEAPFK\0000
Manufacturer:
Name: McAfee Inc. mfeapfk
PNP Device ID: ROOT\LEGACY_MFEAPFK\0000
Service: mfeapfk
.
==== System Restore Points ===================
.
RP94: 11/16/2013 12:51:09 AM - Installed Java(TM) 6 Update 20
RP95: 11/16/2013 3:00:50 AM - Windows Update
RP96: 11/22/2013 7:12:08 PM - Windows Update
RP97: 11/29/2013 7:43:40 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.5 MUI
Adobe Shockwave Player
ArcSoft WebCam Companion 3
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Bing Bar
Blasterball 3
Chuzzle Deluxe
Circuit Construction Kit (DC Only)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink DVD Suite
Diner Dash 2 Restaurant Rescue
Dream Chronicles
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
Gem Shop
Google Chrome
Hewlett-Packard ACLM.NET v1.1.1.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP HomeBase
HP Navigator
HP Product Detection
HP Quick Launch
HP QuickSync
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP Wireless Assistant
IDT Audio
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 20
Jewel Match 2
Jewel Quest II
Jewel Quest Solitaire
JoJo's Fashion Show
Junk Mail filter update
Loki Browser Plugin
Mahjongg Artifacts
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
McAfee Total Protection
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
Office Depot PC Support Agent
Penguins!
Plants vs. Zombies
Polar Bowler
Power2Go
Qualcomm Gobi 2000 Package for HP
Realtek Ethernet Controller Driver For Windows 7
Realtek PCIE Card Reader
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Shared C Run-time for x86
Skyhook Wireless XPS Service
Slingo Deluxe
SUPERAntiSpyware
Synaptics Pointing Device Driver
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Virtual Villagers - The Secret City
VZAccess Manager
Wedding Dash
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/29/2013 7:53:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.
11/29/2013 7:42:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
11/29/2013 7:42:31 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/29/2013 7:42:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
11/29/2013 7:38:14 PM, Error: Service Control Manager [7034] - The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2013 7:37:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
11/29/2013 7:37:14 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/29/2013 7:36:44 PM, Error: Service Control Manager [7022] - The McAfee Home Network service hung on starting.
11/29/2013 7:31:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfeapfk
11/29/2013 7:31:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/29/2013 7:31:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee Platform Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee Home Network service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2013 6:57:34 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2013 6:46:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.
11/28/2013 6:46:21 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2013 9:31:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
11/22/2013 7:16:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.163.326.0).
11/22/2013 6:57:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
11/22/2013 6:55:59 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/22/2013 6:53:03 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
11/22/2013 6:53:02 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
11/22/2013 6:49:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/22/2013 6:49:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/22/2013 6:49:27 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
It's been a while since you've been to malware removal forum but none the less you abandoned three topics in the past:
https://www.techspot.com/community/...am-load-slow-shutdown-etc.154480/#post-941904
https://www.techspot.com/community/...nd-disables-mouse-buttons.146505/#post-881028
https://www.techspot.com/community/...he-said-it-had-a-redirect-problem-but.142509/
If it happens again you won't be eligible to receive any more help in malware removal forum.

=================================================

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

You're infected with Alueron rootkit.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
I apologize for the abandonment of those three topics. It will not happen again.

Should the scan tool close by itself or do I do that? Should I click on the "Fix" button?
When loading these log files, Copy/Paste froze up multiple times.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2013
Ran by Brenda (administrator) on BRENDA-PC on 30-11-2013 14:38:16
Running from C:\Users\Brenda\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Support.com, Inc.) C:\Program Files\Office Depot PC Support Agent\esService.exe
(QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Skyhook Wireless) C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Support.com, Inc.) C:\Program Files\Office Depot PC Support Agent\escont.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Zecter Inc.) C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
(Google Inc.) C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Google Inc.) C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Google Inc.) C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Google Inc.) C:\Users\Brenda\AppData\Local\Google\Update\Install\{1D2978BC-2936-496D-963F-7903BEB47AFD}\31.0.1650.57_30.0.1599.101_chrome_updater.exe
(Google Inc.) C:\Users\Brenda\AppData\Local\Temp\CR_D4F90.tmp\setup.exe
(Farbar) C:\Users\Brenda\Desktop\FRST32.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-04-15] (Synaptics Incorporated)
HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [601144 2010-04-09] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ZumoDrive] - C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2038 2010-08-27] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-09-24] (McAfee, Inc.)
HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-09-24] (McAfee, Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-12] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-11-05] (SUPERAntiSpyware)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess/Alureon?
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {AB720E55-013E-45EC-94DA-7FC03E84DB46} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {74FFB162-7355-4478-A81D-D5C259DC2100} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {74FFB162-7355-4478-A81D-D5C259DC2100} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {AB720E55-013E-45EC-94DA-7FC03E84DB46} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (MSN\u00AE Toolbar) - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll No File
CHR Plugin: (Loki Plugin) - C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
CHR Extension: (Google Wallet) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR Extension: (Gmail) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [487312 2011-05-14] (Microsoft Corporation)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [238328 2010-01-04] (WildTangent, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26168 2010-04-09] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145088 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [203080 2011-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [638976 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-09-24] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 Office Depot PC Support Agent; C:\Program Files\Office Depot PC Support Agent\esService.exe [1005144 2013-10-08] (Support.com, Inc.)
R2 QDLService2kHP; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe [331512 2010-05-12] (QUALCOMM, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-24] (IDT, Inc.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)
R2 xpssvc; C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe [707400 2010-06-28] (Skyhook Wireless)
==================== Drivers (Whitelisted) ====================
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [66296 2013-09-09] (McAfee, Inc.)
R0 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133928 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235488 2013-09-24] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [365256 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [571608 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [301248 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80656 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213200 2013-09-24] (McAfee, Inc.)
R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [5248 2010-05-12] (QUALCOMM Incorporated)
R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [372224 2010-05-12] (QUALCOMM Incorporated)
R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [190592 2010-05-12] (QUALCOMM Incorporated)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [228896 2010-04-20] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 XPSVCOM; C:\Windows\System32\DRIVERS\XPSVCOM.sys [12416 2010-06-01] (Skyhook Wireless)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-11-30 14:38 - 2013-11-30 14:42 - 00017909 _____ C:\Users\Brenda\Desktop\FRST.txt
2013-11-30 14:36 - 2013-11-30 14:36 - 00000000 ____D C:\FRST
2013-11-30 14:33 - 2013-11-30 14:10 - 01959070 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
2013-11-30 14:32 - 2013-11-30 14:07 - 01092069 _____ (Farbar) C:\Users\Brenda\Desktop\FRST32.exe
2013-11-29 20:42 - 2013-11-29 20:42 - 00011531 _____ C:\Users\Brenda\Desktop\attach.txt
2013-11-29 20:42 - 2013-11-29 20:41 - 00020636 _____ C:\Users\Brenda\Desktop\dds.txt
2013-11-29 19:50 - 2013-11-29 23:00 - 00019963 _____ C:\Windows\IE11_main.log
2013-11-28 18:05 - 2013-11-28 18:05 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-28 18:04 - 2013-11-28 18:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-28 18:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-28 17:17 - 2013-11-28 17:17 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee File Lock
2013-11-28 17:00 - 2013-09-09 11:11 - 00066296 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2013-11-28 16:58 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2013-11-22 20:50 - 2013-11-22 20:50 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-11-22 20:46 - 2013-11-30 14:34 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-11-22 20:43 - 2013-11-30 14:30 - 00000000 __RSD C:\Users\Brenda\Documents\McAfee Vaults
2013-11-22 20:43 - 2013-11-22 20:43 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee Anti-Theft
2013-11-22 20:41 - 2013-09-24 20:53 - 00060920 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2013-11-22 20:41 - 2013-09-24 20:44 - 00365256 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2013-11-22 20:41 - 2013-09-24 20:44 - 00065928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2013-11-22 20:41 - 2013-09-24 20:43 - 00235488 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2013-11-22 20:40 - 2013-11-28 18:42 - 00000000 ____D C:\Program Files\Common Files\Mcafee
2013-11-22 20:40 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\McAfee.com
2013-11-22 20:39 - 2013-11-28 18:42 - 00000000 ____D C:\Program Files\McAfee
2013-11-22 19:59 - 2013-09-24 20:49 - 00172416 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2013-11-22 19:53 - 2013-09-24 20:49 - 00213200 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2013-11-22 19:53 - 2013-09-24 20:45 - 00571608 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2013-11-22 19:53 - 2013-09-24 20:42 - 00133928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2013-11-22 18:54 - 2013-11-22 18:54 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-18 19:21 - 2013-11-18 19:21 - 00000000 ____D C:\Users\Brenda\Documents\Office Depot PC Support Agent
2013-11-18 19:15 - 2013-11-18 19:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\QuickScan
2013-11-18 19:07 - 2013-11-18 19:07 - 00002186 _____ C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
2013-11-18 19:06 - 2013-11-18 19:42 - 00000000 ____D C:\Program Files\Office Depot PC Support Agent
2013-11-18 19:06 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Common Files\supportsoft
2013-11-18 19:04 - 2013-11-18 19:05 - 07892896 _____ C:\Users\Brenda\Downloads\Office_Depot_PC_SupportAgent.exe
2013-11-16 15:15 - 2013-11-16 15:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Malwarebytes
2013-11-16 15:14 - 2013-11-16 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 13:26 - 2013-11-16 13:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-11-16 13:21 - 2013-11-16 13:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-16 03:14 - 2013-10-12 02:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-16 03:14 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-16 03:14 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-16 03:14 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-16 03:14 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-16 03:13 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-16 02:11 - 2013-11-16 02:11 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
2013-11-16 02:10 - 2013-11-16 02:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-16 02:10 - 2013-11-16 02:10 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-11-16 02:10 - 2013-11-16 02:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-16 02:09 - 2013-11-16 02:09 - 28504328 _____ (SUPERAntiSpyware) C:\Users\Brenda\Downloads\SUPERAntiSpyware.exe
2013-11-16 01:02 - 2013-11-29 19:43 - 00000000 ____D C:\ProgramData\McAfee
2013-11-16 01:02 - 2013-11-22 18:53 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-16 01:02 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-16 00:54 - 2010-04-12 17:29 - 00411368 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
2013-11-16 00:54 - 2010-04-12 17:29 - 00153376 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2013-11-16 00:54 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2013-11-16 00:54 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2013-11-16 00:52 - 2013-11-16 00:53 - 00003285 _____ C:\Windows\system32\jupdate-1.6.0_20-b02.log
2013-11-16 00:09 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-16 00:09 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-16 00:09 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-16 00:08 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-16 00:08 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-16 00:08 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-16 00:08 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-16 00:08 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-16 00:08 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-16 00:08 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-16 00:08 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-16 00:08 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-16 00:08 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-16 00:08 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-16 00:08 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-16 00:08 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-16 00:08 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-16 00:08 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-15 23:23 - 2013-11-30 14:24 - 00000784 _____ C:\Windows\setupact.log
2013-11-15 23:23 - 2013-11-15 23:23 - 00000000 _____ C:\Windows\setuperr.log
2013-11-02 09:53 - 2013-11-02 09:54 - 00000000 ____D C:\Users\Brenda\Documents\my story
==================== One Month Modified Files and Folders =======
2013-11-30 14:42 - 2013-11-30 14:38 - 00017909 _____ C:\Users\Brenda\Desktop\FRST.txt
2013-11-30 14:42 - 2010-12-26 09:39 - 01967146 _____ C:\Windows\WindowsUpdate.log
2013-11-30 14:37 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-30 14:37 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-30 14:36 - 2013-11-30 14:36 - 00000000 ____D C:\FRST
2013-11-30 14:36 - 2013-07-17 19:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-30 14:34 - 2013-11-22 20:46 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-11-30 14:34 - 2009-09-06 18:02 - 00189418 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-30 14:30 - 2013-11-22 20:43 - 00000000 __RSD C:\Users\Brenda\Documents\McAfee Vaults
2013-11-30 14:29 - 2011-02-17 09:50 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\ZumoDrive
2013-11-30 14:24 - 2013-11-15 23:23 - 00000784 _____ C:\Windows\setupact.log
2013-11-30 14:24 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-30 14:21 - 2012-04-12 16:14 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000UA.job
2013-11-30 14:18 - 2011-02-22 07:22 - 00210556 _____ C:\Windows\PFRO.log
2013-11-30 14:10 - 2013-11-30 14:33 - 01959070 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
2013-11-30 14:07 - 2013-11-30 14:32 - 01092069 _____ (Farbar) C:\Users\Brenda\Desktop\FRST32.exe
2013-11-29 23:00 - 2013-11-29 19:50 - 00019963 _____ C:\Windows\IE11_main.log
2013-11-29 21:33 - 2011-06-29 22:04 - 00007597 _____ C:\Users\Brenda\AppData\Local\Resmon.ResmonCfg
2013-11-29 21:06 - 2011-02-17 09:39 - 00000000 ____D C:\Users\Brenda\AppData\Local\VirtualStore
2013-11-29 20:42 - 2013-11-29 20:42 - 00011531 _____ C:\Users\Brenda\Desktop\attach.txt
2013-11-29 20:41 - 2013-11-29 20:42 - 00020636 _____ C:\Users\Brenda\Desktop\dds.txt
2013-11-29 19:43 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee
2013-11-28 18:42 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\Common Files\Mcafee
2013-11-28 18:42 - 2013-11-22 20:39 - 00000000 ____D C:\Program Files\McAfee
2013-11-28 18:40 - 2013-04-24 06:37 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForBrenda.job
2013-11-28 18:05 - 2013-11-28 18:05 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-28 18:05 - 2013-11-28 18:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-28 17:17 - 2013-11-28 17:17 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee File Lock
2013-11-22 21:59 - 2010-12-26 09:54 - 00000000 ____D C:\Program Files\Skyhook Wireless
2013-11-22 20:50 - 2013-11-22 20:50 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-11-22 20:46 - 2009-07-13 21:04 - 00000435 _____ C:\Windows\win.ini
2013-11-22 20:43 - 2013-11-22 20:43 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee Anti-Theft
2013-11-22 20:40 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\McAfee.com
2013-11-22 19:02 - 2010-12-26 09:55 - 00000000 ____D C:\ProgramData\Norton
2013-11-22 18:54 - 2013-11-22 18:54 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-22 18:53 - 2013-11-16 01:02 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-18 19:42 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Office Depot PC Support Agent
2013-11-18 19:21 - 2013-11-18 19:21 - 00000000 ____D C:\Users\Brenda\Documents\Office Depot PC Support Agent
2013-11-18 19:15 - 2013-11-18 19:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\QuickScan
2013-11-18 19:07 - 2013-11-18 19:07 - 00002186 _____ C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
2013-11-18 19:06 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Common Files\supportsoft
2013-11-18 19:05 - 2013-11-18 19:04 - 07892896 _____ C:\Users\Brenda\Downloads\Office_Depot_PC_SupportAgent.exe
2013-11-16 15:21 - 2012-04-12 16:14 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000Core.job
2013-11-16 15:15 - 2013-11-16 15:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Malwarebytes
2013-11-16 15:14 - 2013-11-16 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 13:26 - 2013-11-16 13:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-11-16 13:21 - 2013-11-16 13:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-16 09:51 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-16 03:12 - 2013-08-15 10:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-16 03:02 - 2011-06-29 22:20 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-16 02:11 - 2013-11-16 02:11 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
2013-11-16 02:11 - 2013-11-16 02:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-16 02:10 - 2013-11-16 02:10 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-11-16 02:10 - 2013-11-16 02:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-16 02:09 - 2013-11-16 02:09 - 28504328 _____ (SUPERAntiSpyware) C:\Users\Brenda\Downloads\SUPERAntiSpyware.exe
2013-11-16 02:07 - 2011-06-15 12:28 - 00000000 ____D C:\Users\Brenda\AppData\Local\Adobe
2013-11-16 01:02 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-16 01:01 - 2013-07-17 19:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-16 01:01 - 2013-07-17 19:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-16 00:53 - 2013-11-16 00:52 - 00003285 _____ C:\Windows\system32\jupdate-1.6.0_20-b02.log
2013-11-16 00:53 - 2010-08-27 18:50 - 00000000 ____D C:\Program Files\Java
2013-11-15 23:23 - 2013-11-15 23:23 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 05:50 - 2011-04-18 22:07 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-02 09:54 - 2013-11-02 09:53 - 00000000 ____D C:\Users\Brenda\Documents\my story
Some content of TEMP:
====================
C:\Users\Brenda\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Brenda\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Brenda\AppData\Local\Temp\WindowsAPI.dll

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-16 09:30
==================== End Of Log ============================
 
(Continued)


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-11-2013
Ran by Brenda at 2013-11-30 14:44:16
Running from C:\Users\Brenda\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Reader 9.5.5 MUI (Version: 9.5.5)
Adobe Shockwave Player (Version: 11.5.1.601)
ArcSoft WebCam Companion 3 (Version: 3.0.189)
Atheros Driver Installation Program (Version: 9.0)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Bing Bar (Version: 7.2.241.0)
Blasterball 3 (Version: 2.2.0.82)
Chuzzle Deluxe (Version: 2.2.0.82)
Circuit Construction Kit (DC Only)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CyberLink DVD Suite (Version: 7.0.2529)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
Dream Chronicles (Version: 2.2.0.82)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Faerie Solitaire (Version: 2.2.0.82)
FATE (Version: 2.2.0.82)
Gem Shop (Version: 2.2.0.82)
Google Chrome (HKCU Version: 30.0.1599.101)
Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP Documentation (Version: 1.1.1.0)
HP Game Console
HP Games (Version: 1.0.0.80)
HP HomeBase (Version: 3.2.2.70)
HP Navigator (Version: 2.3.32)
HP Product Detection (Version: 11.14.0001)
HP Quick Launch (Version: 2.0.10)
HP QuickSync (Version: 6.2.620.9550)
HP Setup (Version: 8.1.4186.3400)
HP Software Framework (Version: 3.5.20.1)
HP Support Assistant (Version: 6.0.5.4)
HP Update (Version: 5.003.001.001)
HP Wireless Assistant (Version: 4.0.6.0)
IDT Audio (Version: 1.0.6276.0)
Insaniquarium Deluxe (Version: 2.2.0.82)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117)
Intel® Matrix Storage Manager
Java Auto Updater (Version: 2.0.2.1)
Java(TM) 6 Update 20 (Version: 6.0.200)
Jewel Match 2 (Version: 2.2.0.82)
Jewel Quest II (Version: 2.2.0.82)
Jewel Quest Solitaire (Version: 2.2.0.82)
JoJo's Fashion Show (Version: 2.2.0.82)
Junk Mail filter update (Version: 14.0.8089.726)
Loki Browser Plugin (Version: 3.3.3.29)
Mahjongg Artifacts (Version: 2.2.0.82)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.10)
McAfee Total Protection (Version: 12.8.856)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
Office Depot PC Support Agent (Version: 59.0.15.1)
Penguins! (Version: 2.2.0.82)
Plants vs. Zombies (Version: 2.2.0.82)
Polar Bowler (Version: 2.2.0.82)
Power2Go (Version: 6.1.3802)
Qualcomm Gobi 2000 Package for HP (Version: 1.1.150)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.11.1127.2009)
Realtek PCIE Card Reader (Version: 6.1.7600.00046)
Recovery Manager (Version: 5.5.2725)
Shared C Run-time for x86 (Version: 10.0.0)
Skyhook Wireless XPS Service (Version: 3.4.3.10)
Slingo Deluxe (Version: 2.2.0.82)
SUPERAntiSpyware (Version: 5.6.1042)
Synaptics Pointing Device Driver (Version: 15.0.17.0)
Times Reader (Version: 2.055)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Virtual Villagers - The Secret City (Version: 2.2.0.82)
VZAccess Manager (Version: 7.3.10.1)
Wedding Dash (Version: 2.2.0.82)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Zuma Deluxe (Version: 2.2.0.82)
==================== Restore Points =========================
16-11-2013 05:51:09 Installed Java(TM) 6 Update 20
16-11-2013 08:00:50 Windows Update
23-11-2013 00:12:08 Windows Update
30-11-2013 00:43:40 Windows Update
30-11-2013 01:46:49 Windows Update
30-11-2013 03:54:47 Windows Update
==================== Hosts content: ==========================
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {00FB119A-83A2-4E8C-8184-51A9A00A6637} - System32\Tasks\JavaUpdateSched => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18] (Sun Microsystems, Inc.)
Task: {09A62F01-D0E9-4A12-AF31-972AC8A46395} - System32\Tasks\HPCeeScheduleForBrenda => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {4943C760-9574-40DC-8965-896D6836A9CA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5841DE3C-5C07-47F8-BA81-05B34B7605C2} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {6148BC8B-B30D-4E8C-99BB-5A6A60DF5022} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000UA => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
Task: {6BF8A66C-D035-4691-8C81-902EBCB3EDAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
Task: {B31A7428-1142-478F-AECE-F64CEDA38F7E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-16] (Adobe Systems Incorporated)
Task: {B59373E8-D33F-44E6-98B6-597B66161259} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {C7B98E9B-40C3-4175-BC1E-1DF0792500F0} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-23] ()
Task: {E7B3C6B9-44D7-40D5-BB02-D7D50924E58C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {F1E9F4B5-425D-4DDA-8D4E-2FF685C1E76D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000Core => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
Task: {F4B0D189-3022-404E-9B5C-93967215A8D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {F64C6905-92C2-4015-833E-06E793DC787A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000Core.job => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000UA.job => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBrenda.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2013-11-15 23:54 - 2013-11-30 14:28 - 00198144 _____ () C:\Users\Brenda\AppData\Local\Temp\WindowsAPI.dll
2013-11-30 14:29 - 2013-11-30 14:29 - 00379904 _____ () C:\Users\Brenda\AppData\Local\Temp\libsqlitejdbc-4691950578996762076.lib
2010-04-05 13:11 - 2010-04-05 13:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 13:12 - 2010-04-05 13:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent => ""="Office Depot PC Support Agent"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Office Depot PC Support Agent => ""="Office Depot PC Support Agent"
==================== Faulty Device Manager Devices =============
Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
Error: (11/30/2013 02:37:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7de31
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0067006f
Faulting process id: 0xb18
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3
Error: (11/30/2013 02:34:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (11/30/2013 02:34:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (11/29/2013 11:00:48 PM) (Source: uagqecsvc) (User: )
Description: The Microsoft Forefront UAG Quarantine Enforcement Client component cannot retrieve the status of the Network Access Protection (NAP) Agent service.
System error 1115: A system shutdown is in progress. (0x45b).
When the Microsoft Forefront UAG Quarantine Enforcement Client component starts, it attempts to query settings for the NAP agent service.
Error: (11/29/2013 09:03:27 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (11/29/2013 09:03:27 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (11/29/2013 08:55:21 PM) (Source: uagqecsvc) (User: )
Description: The Microsoft Forefront UAG Quarantine Enforcement Client component cannot retrieve the status of the Network Access Protection (NAP) Agent service.
System error 1115: A system shutdown is in progress. (0x45b).
When the Microsoft Forefront UAG Quarantine Enforcement Client component starts, it attempts to query settings for the NAP agent service.
Error: (11/29/2013 07:41:26 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (11/29/2013 07:41:26 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (11/29/2013 07:38:14 PM) (Source: Service1) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

System errors:
=============
Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
Description: The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (11/30/2013 02:39:08 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Home Network service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (11/30/2013 02:29:49 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (11/30/2013 02:29:39 PM) (Source: Service Control Manager) (User: )
Description: The HP Wireless Assistant Service service failed to start due to the following error:
%%1053
Error: (11/30/2013 02:29:39 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.
Error: (11/30/2013 02:28:40 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (11/30/2013 02:37:20 PM) (Source: Application Error)(User: )
Description: McSvHost.exe3.8.703.051f7de31unknown0.0.0.000000000c00000050067006fb1801ceee01df1235d3C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exeunknownd37057d9-59f6-11e3-aadb-00a0c6000000
Error: (11/30/2013 02:34:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (11/30/2013 02:34:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance16370700000E3500000000000009030000
Error: (11/29/2013 11:00:48 PM) (Source: uagqecsvc)(User: )
Description: 1115A system shutdown is in progress. (0x45b)
Error: (11/29/2013 09:03:27 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (11/29/2013 09:03:27 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance16370700005A3400000000000009030000
Error: (11/29/2013 08:55:21 PM) (Source: uagqecsvc)(User: )
Description: 1115A system shutdown is in progress. (0x45b)
Error: (11/29/2013 07:41:26 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (11/29/2013 07:41:26 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000A63300000000000009030000
Error: (11/29/2013 07:38:14 PM) (Source: Service1)(User: )
Description: Service cannot be started. The service process could not connect to the service controller

==================== Memory info ===========================
Percentage of memory in use: 86%
Total physical RAM: 1011.9 MB
Available physical RAM: 136.04 MB
Total Pagefile: 2035.9 MB
Available Pagefile: 510.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:134.45 GB) (Free:100 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.3 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: C3EFE556)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=134 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

IMPORTANT! Restart computer.

Re-run FRST "Scan" one more time and post fresh log.
 

Attachments

  • fixlist.txt
    672 bytes · Views: 4
Downloaded the txt file. Clicked the fix button. Accidentally ran the FIRST scan before restart. Restarted. Ran the FIRST scan but saw that there was a first.txt still in existence (thought I forgot to delete it so I deleted it while FIRTS was running). Knew I made a mistake. Re-ran FIRST. Here are the log files:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-11-2013
Ran by Brenda at 2013-11-30 16:57:27 Run:1
Running from C:\Users\Brenda\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [] - [x]
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess/Alureon?
CHR Plugin: (Shockwave Flash) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (MSN\u00AE Toolbar) - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll No File
CHR Plugin: (Loki Plugin) - C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll No File
CHR Plugin: (Google Update) - C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll not found.
C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll not found.
C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll not found.
C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll not found.
==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2013
Ran by Brenda (administrator) on BRENDA-PC on 30-11-2013 17:42:08
Running from C:\Users\Brenda\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Support.com, Inc.) C:\Program Files\Office Depot PC Support Agent\esService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Zecter Inc.) C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Support.com, Inc.) C:\Program Files\Office Depot PC Support Agent\escont.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Skyhook Wireless) C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Farbar) C:\Users\Brenda\Desktop\FRST32.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-04-15] (Synaptics Incorporated)
HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [601144 2010-04-09] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ZumoDrive] - C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2038 2010-08-27] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-09-24] (McAfee, Inc.)
HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [516912 2013-09-24] (McAfee, Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-12] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-11-05] (SUPERAntiSpyware)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {AB720E55-013E-45EC-94DA-7FC03E84DB46} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {74FFB162-7355-4478-A81D-D5C259DC2100} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {74FFB162-7355-4478-A81D-D5C259DC2100} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {AB720E55-013E-45EC-94DA-7FC03E84DB46} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (MSN\u00AE Toolbar) - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll No File
CHR Plugin: (Loki Plugin) - C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
CHR Extension: (Google Wallet) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR Extension: (Gmail) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [487312 2011-05-14] (Microsoft Corporation)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [238328 2010-01-04] (WildTangent, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26168 2010-04-09] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145088 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [203080 2011-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [638976 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-09-24] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 Office Depot PC Support Agent; C:\Program Files\Office Depot PC Support Agent\esService.exe [1005144 2013-10-08] (Support.com, Inc.)
R2 QDLService2kHP; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe [331512 2010-05-12] (QUALCOMM, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-24] (IDT, Inc.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)
R2 xpssvc; C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe [707400 2010-06-28] (Skyhook Wireless)
==================== Drivers (Whitelisted) ====================
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [66296 2013-09-09] (McAfee, Inc.)
R0 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133928 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235488 2013-09-24] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [365256 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [571608 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [301248 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80656 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213200 2013-09-24] (McAfee, Inc.)
R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [5248 2010-05-12] (QUALCOMM Incorporated)
R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [372224 2010-05-12] (QUALCOMM Incorporated)
R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [190592 2010-05-12] (QUALCOMM Incorporated)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [228896 2010-04-20] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 XPSVCOM; C:\Windows\System32\DRIVERS\XPSVCOM.sys [12416 2010-06-01] (Skyhook Wireless)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-11-30 14:38 - 2013-11-30 17:42 - 00017374 _____ C:\Users\Brenda\Desktop\FRST.txt
2013-11-30 14:36 - 2013-11-30 14:36 - 00000000 ____D C:\FRST
2013-11-30 14:33 - 2013-11-30 14:10 - 01959070 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
2013-11-30 14:32 - 2013-11-30 14:07 - 01092069 _____ (Farbar) C:\Users\Brenda\Desktop\FRST32.exe
2013-11-29 19:50 - 2013-11-29 23:00 - 00019963 _____ C:\Windows\IE11_main.log
2013-11-28 18:05 - 2013-11-28 18:05 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-28 18:04 - 2013-11-28 18:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-28 18:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-28 17:17 - 2013-11-28 17:17 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee File Lock
2013-11-28 17:00 - 2013-09-09 11:11 - 00066296 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2013-11-28 16:58 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2013-11-22 20:50 - 2013-11-22 20:50 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-11-22 20:46 - 2013-11-30 17:33 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-11-22 20:43 - 2013-11-30 17:30 - 00000000 __RSD C:\Users\Brenda\Documents\McAfee Vaults
2013-11-22 20:43 - 2013-11-22 20:43 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee Anti-Theft
2013-11-22 20:41 - 2013-09-24 20:53 - 00060920 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2013-11-22 20:41 - 2013-09-24 20:44 - 00365256 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2013-11-22 20:41 - 2013-09-24 20:44 - 00065928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2013-11-22 20:41 - 2013-09-24 20:43 - 00235488 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2013-11-22 20:40 - 2013-11-28 18:42 - 00000000 ____D C:\Program Files\Common Files\Mcafee
2013-11-22 20:40 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\McAfee.com
2013-11-22 20:39 - 2013-11-28 18:42 - 00000000 ____D C:\Program Files\McAfee
2013-11-22 19:59 - 2013-09-24 20:49 - 00172416 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2013-11-22 19:53 - 2013-09-24 20:49 - 00213200 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2013-11-22 19:53 - 2013-09-24 20:45 - 00571608 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2013-11-22 19:53 - 2013-09-24 20:42 - 00133928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2013-11-22 18:54 - 2013-11-22 18:54 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-18 19:21 - 2013-11-18 19:21 - 00000000 ____D C:\Users\Brenda\Documents\Office Depot PC Support Agent
2013-11-18 19:15 - 2013-11-18 19:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\QuickScan
2013-11-18 19:07 - 2013-11-18 19:07 - 00002186 _____ C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
2013-11-18 19:06 - 2013-11-18 19:42 - 00000000 ____D C:\Program Files\Office Depot PC Support Agent
2013-11-18 19:06 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Common Files\supportsoft
2013-11-18 19:04 - 2013-11-18 19:05 - 07892896 _____ C:\Users\Brenda\Downloads\Office_Depot_PC_SupportAgent.exe
2013-11-16 15:15 - 2013-11-16 15:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Malwarebytes
2013-11-16 15:14 - 2013-11-16 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 13:26 - 2013-11-16 13:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-11-16 13:21 - 2013-11-16 13:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-16 03:14 - 2013-10-12 02:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-16 03:14 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-16 03:14 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-16 03:14 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-16 03:14 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-16 03:14 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-16 03:13 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-16 02:11 - 2013-11-16 02:11 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
2013-11-16 02:10 - 2013-11-16 02:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-16 02:10 - 2013-11-16 02:10 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-11-16 02:10 - 2013-11-16 02:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-16 02:09 - 2013-11-16 02:09 - 28504328 _____ (SUPERAntiSpyware) C:\Users\Brenda\Downloads\SUPERAntiSpyware.exe
2013-11-16 01:02 - 2013-11-30 14:55 - 00000000 ____D C:\ProgramData\McAfee
2013-11-16 01:02 - 2013-11-22 18:53 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-16 01:02 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-16 00:54 - 2010-04-12 17:29 - 00411368 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
2013-11-16 00:54 - 2010-04-12 17:29 - 00153376 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2013-11-16 00:54 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2013-11-16 00:54 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2013-11-16 00:52 - 2013-11-16 00:53 - 00003285 _____ C:\Windows\system32\jupdate-1.6.0_20-b02.log
2013-11-16 00:09 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-16 00:09 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-16 00:09 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-16 00:08 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-16 00:08 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-16 00:08 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-16 00:08 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-16 00:08 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-16 00:08 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-16 00:08 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-16 00:08 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-16 00:08 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-16 00:08 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-16 00:08 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-16 00:08 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-16 00:08 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-16 00:08 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-16 00:08 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-15 23:23 - 2013-11-30 17:28 - 00000840 _____ C:\Windows\setupact.log
2013-11-15 23:23 - 2013-11-15 23:23 - 00000000 _____ C:\Windows\setuperr.log
2013-11-02 09:53 - 2013-11-02 09:54 - 00000000 ____D C:\Users\Brenda\Documents\my story
==================== One Month Modified Files and Folders =======
2013-11-30 17:43 - 2013-11-30 14:38 - 00017374 _____ C:\Users\Brenda\Desktop\FRST.txt
2013-11-30 17:38 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-30 17:38 - 2009-07-13 23:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-30 17:36 - 2009-09-06 18:02 - 00194002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-30 17:35 - 2010-12-26 09:39 - 01997770 _____ C:\Windows\WindowsUpdate.log
2013-11-30 17:34 - 2013-07-17 19:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-30 17:33 - 2013-11-22 20:46 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-11-30 17:30 - 2013-11-22 20:43 - 00000000 __RSD C:\Users\Brenda\Documents\McAfee Vaults
2013-11-30 17:29 - 2011-02-17 09:50 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\ZumoDrive
2013-11-30 17:28 - 2013-11-15 23:23 - 00000840 _____ C:\Windows\setupact.log
2013-11-30 17:28 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-30 17:21 - 2012-04-12 16:14 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000UA.job
2013-11-30 15:21 - 2012-04-12 16:14 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000Core.job
2013-11-30 14:55 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee
2013-11-30 14:36 - 2013-11-30 14:36 - 00000000 ____D C:\FRST
2013-11-30 14:18 - 2011-02-22 07:22 - 00210556 _____ C:\Windows\PFRO.log
2013-11-30 14:10 - 2013-11-30 14:33 - 01959070 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
2013-11-30 14:07 - 2013-11-30 14:32 - 01092069 _____ (Farbar) C:\Users\Brenda\Desktop\FRST32.exe
2013-11-29 23:00 - 2013-11-29 19:50 - 00019963 _____ C:\Windows\IE11_main.log
2013-11-29 21:33 - 2011-06-29 22:04 - 00007597 _____ C:\Users\Brenda\AppData\Local\Resmon.ResmonCfg
2013-11-29 21:06 - 2011-02-17 09:39 - 00000000 ____D C:\Users\Brenda\AppData\Local\VirtualStore
2013-11-28 18:42 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\Common Files\Mcafee
2013-11-28 18:42 - 2013-11-22 20:39 - 00000000 ____D C:\Program Files\McAfee
2013-11-28 18:40 - 2013-04-24 06:37 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForBrenda.job
2013-11-28 18:05 - 2013-11-28 18:05 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-28 18:05 - 2013-11-28 18:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-28 17:17 - 2013-11-28 17:17 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee File Lock
2013-11-22 21:59 - 2010-12-26 09:54 - 00000000 ____D C:\Program Files\Skyhook Wireless
2013-11-22 20:50 - 2013-11-22 20:50 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-11-22 20:46 - 2009-07-13 21:04 - 00000435 _____ C:\Windows\win.ini
2013-11-22 20:43 - 2013-11-22 20:43 - 00000000 ____D C:\Users\Brenda\AppData\Local\McAfee Anti-Theft
2013-11-22 20:40 - 2013-11-22 20:40 - 00000000 ____D C:\Program Files\McAfee.com
2013-11-22 19:02 - 2010-12-26 09:55 - 00000000 ____D C:\ProgramData\Norton
2013-11-22 18:54 - 2013-11-22 18:54 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-22 18:53 - 2013-11-16 01:02 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-18 19:42 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Office Depot PC Support Agent
2013-11-18 19:21 - 2013-11-18 19:21 - 00000000 ____D C:\Users\Brenda\Documents\Office Depot PC Support Agent
2013-11-18 19:15 - 2013-11-18 19:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\QuickScan
2013-11-18 19:07 - 2013-11-18 19:07 - 00002186 _____ C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
2013-11-18 19:06 - 2013-11-18 19:06 - 00000000 ____D C:\Program Files\Common Files\supportsoft
2013-11-18 19:05 - 2013-11-18 19:04 - 07892896 _____ C:\Users\Brenda\Downloads\Office_Depot_PC_SupportAgent.exe
2013-11-16 15:15 - 2013-11-16 15:15 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Malwarebytes
2013-11-16 15:14 - 2013-11-16 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 13:26 - 2013-11-16 13:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-11-16 13:21 - 2013-11-16 13:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Brenda\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-16 09:51 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-16 03:12 - 2013-08-15 10:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-16 03:02 - 2011-06-29 22:20 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-16 02:11 - 2013-11-16 02:11 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
2013-11-16 02:11 - 2013-11-16 02:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-16 02:10 - 2013-11-16 02:10 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-11-16 02:10 - 2013-11-16 02:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-16 02:09 - 2013-11-16 02:09 - 28504328 _____ (SUPERAntiSpyware) C:\Users\Brenda\Downloads\SUPERAntiSpyware.exe
2013-11-16 02:07 - 2011-06-15 12:28 - 00000000 ____D C:\Users\Brenda\AppData\Local\Adobe
2013-11-16 01:02 - 2013-11-16 01:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-16 01:01 - 2013-07-17 19:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-16 01:01 - 2013-07-17 19:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-16 00:53 - 2013-11-16 00:52 - 00003285 _____ C:\Windows\system32\jupdate-1.6.0_20-b02.log
2013-11-16 00:53 - 2010-08-27 18:50 - 00000000 ____D C:\Program Files\Java
2013-11-15 23:23 - 2013-11-15 23:23 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 05:50 - 2011-04-18 22:07 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-02 09:54 - 2013-11-02 09:53 - 00000000 ____D C:\Users\Brenda\Documents\my story
Some content of TEMP:
====================
C:\Users\Brenda\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Brenda\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Brenda\AppData\Local\Temp\WindowsAPI.dll

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-16 09:30
==================== End Of Log ============================
 
Looks good :)

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
 
RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Brenda [Admin rights]
Mode : Scan -- Date : 11/30/2013 21:23:06
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160314AS +++++
--- User ---
[MBR] 0eed7a97c7198f81f5d0d9432c6d1fa3
[BSP] 5064a89c86100fa7431e112b902044a3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 137677 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 282372096 | Size: 14647 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_11302013_212306.txt >>

-


RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Brenda [Admin rights]
Mode : Remove -- Date : 11/30/2013 21:23:44
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160314AS +++++
--- User ---
[MBR] 0eed7a97c7198f81f5d0d9432c6d1fa3
[BSP] 5064a89c86100fa7431e112b902044a3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 137677 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 282372096 | Size: 14647 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_11302013_212344.txt >>
RKreport[0]_S_11302013_212306.txt
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Your process produced three logs:

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Brenda [Admin rights]
Mode : Scan -- Date : 11/30/2013 21:23:06
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160314AS +++++
--- User ---
[MBR] 0eed7a97c7198f81f5d0d9432c6d1fa3
[BSP] 5064a89c86100fa7431e112b902044a3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 137677 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 282372096 | Size: 14647 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_11302013_212306.txt >>

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Brenda [Admin rights]
Mode : Remove -- Date : 11/30/2013 21:23:44
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160314AS +++++
--- User ---
[MBR] 0eed7a97c7198f81f5d0d9432c6d1fa3
[BSP] 5064a89c86100fa7431e112b902044a3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 137677 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 282372096 | Size: 14647 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_11302013_212344.txt >>
RKreport[0]_S_11302013_212306.txt

ComboFix 13-12-01.01 - Brenda 12/02/2013 12:49:04.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.200 [GMT -5:00]
Running from: c:\users\Brenda\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-11-02 to 2013-12-02 )))))))))))))))))))))))))))))))
.
.
2013-12-02 18:08 . 2013-12-02 18:08 -------- d-----w- c:\users\Brenda\AppData\Local\temp
2013-12-02 18:08 . 2013-12-02 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-02 17:27 . 2013-12-02 17:27 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-12-02 17:27 . 2013-12-02 17:27 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-12-02 17:27 . 2013-12-02 17:27 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-12-02 17:27 . 2013-12-02 17:27 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-11-30 19:36 . 2013-11-30 19:36 -------- d-----w- C:\FRST
2013-11-28 22:17 . 2013-11-28 22:17 -------- d-----w- c:\users\Brenda\AppData\Local\McAfee File Lock
2013-11-28 22:00 . 2013-09-09 16:11 66296 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2013-11-28 21:58 . 2013-09-23 18:48 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-11-23 01:43 . 2013-11-23 01:43 -------- d-----w- c:\users\Brenda\AppData\Local\McAfee Anti-Theft
2013-11-23 01:41 . 2013-09-25 01:44 365256 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-23 01:41 . 2013-09-25 01:53 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-23 01:41 . 2013-09-25 01:44 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-11-23 01:41 . 2013-09-25 01:43 235488 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-23 01:40 . 2013-11-28 23:42 -------- d-----w- c:\program files\Common Files\Mcafee
2013-11-23 01:39 . 2013-11-28 23:42 -------- d-----w- c:\program files\McAfee
2013-11-23 00:59 . 2013-09-25 01:49 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-11-23 00:53 . 2013-09-25 01:49 213200 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-11-23 00:53 . 2013-09-25 01:45 571608 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-23 00:53 . 2013-09-25 01:42 133928 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-11-23 00:19 . 2013-11-18 06:28 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A7DA894-0A3E-481E-B209-6711E3C9D86D}\mpengine.dll
2013-11-19 00:15 . 2013-11-19 00:15 -------- d-----w- c:\users\Brenda\AppData\Roaming\QuickScan
2013-11-19 00:15 . 2013-11-19 00:35 -------- d-----w- c:\users\Brenda\AppData\Roaming\OpswatLogs
2013-11-19 00:10 . 2013-11-19 00:10 -------- d-----w- C:\temp
2013-11-19 00:06 . 2013-11-19 00:42 -------- d-----w- c:\program files\Office Depot PC Support Agent
2013-11-19 00:06 . 2013-11-19 00:06 -------- d-----w- c:\program files\Common Files\supportsoft
2013-11-16 20:15 . 2013-11-16 20:15 -------- d-----w- c:\users\Brenda\AppData\Roaming\Malwarebytes
2013-11-16 20:14 . 2013-11-16 20:14 -------- d-----w- c:\programdata\Malwarebytes
2013-11-16 20:14 . 2013-11-16 20:14 -------- d-----w- c:\users\Brenda\AppData\Local\Programs
2013-11-16 07:11 . 2013-11-16 07:11 -------- d-----w- c:\users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
2013-11-16 07:10 . 2013-11-16 07:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-11-16 07:10 . 2013-11-16 07:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-11-16 06:02 . 2013-11-16 06:02 -------- d-----w- c:\programdata\McAfee Security Scan
2013-11-16 06:02 . 2013-11-30 19:55 -------- d-----w- c:\programdata\McAfee
2013-11-16 06:02 . 2013-11-22 23:53 -------- d-----w- c:\program files\McAfee Security Scan
2013-11-16 05:54 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2013-11-16 05:09 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-16 05:09 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-16 05:09 . 2013-10-04 01:56 168960 ----a-w- c:\windows\system32\credui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-16 06:01 . 2013-07-18 00:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-11 10:50 . 2011-04-19 03:07 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-14 17:30 . 2013-10-14 17:30 0 ----a-w- c:\windows\system32\sho737A.tmp
2013-09-30 11:35 . 2013-09-30 11:35 0 ----a-w- c:\windows\system32\sho781B.tmp
2013-09-20 14:37 . 2013-09-20 14:37 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 14:37 . 2013-09-20 14:37 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 14:37 . 2013-09-20 14:37 301248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-09-14 00:48 . 2013-10-12 23:10 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07 . 2013-10-12 23:11 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-12 23:10 231424 ----a-w- c:\windows\system32\mswsock.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-05 5717272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-24 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-16 1721640]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-04-09 601144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-08-28 2038]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent]
@="Office Depot PC Support Agent"
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.241.0\BBSvc.exe [2013-07-23 193696]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\Office Depot PC Support Agent\esService.exe [2013-10-08 1005144]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-05-15 487312]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-09-23 147912]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 203080]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2013-09-20 80656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2013-09-09 66296]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-09-25 213200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-03 81920]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-09 26168]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [2013-09-24 145088]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2013-09-20 638976]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-09-25 169320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-09-25 172416]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [2010-05-12 331512]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928]
S2 xpssvc;Skyhook Wireless XPS Service;c:\program files\Skyhook Wireless\XPS\xpssvc.exe [2010-06-28 707400]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.241.0\SeaPort.exe [2013-07-23 240288]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-09-25 60920]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-09-25 365256]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2013-09-20 301248]
S3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2010-05-12 5248]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2010-05-12 372224]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2010-05-12 190592]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-04-20 228896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-28 233472]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S3 XPSVCOM;XPSVCOM;c:\windows\system32\DRIVERS\XPSVCOM.sys [2010-06-02 12416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
2010-04-19 03:47 702464 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18 06:01]
.
2013-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000Core.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 21:14]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326676488-864963984-2190722416-1000UA.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12 21:14]
.
2013-11-28 c:\windows\Tasks\HPCeeScheduleForBrenda.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-02 13:12:57
ComboFix-quarantined-files.txt 2013-12-02 18:12
.
Pre-Run: 111,468,675,072 bytes free
Post-Run: 111,531,094,016 bytes free
.
- - End Of File - - 4A1497A36742A76A1BCA30991AC77F16
0B8F13CA41821C8A4D645FFCFD0DC92F
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Here are the results of the AdwCleaner. It also created a quarantine file.
Awd log:

# AdwCleaner v3.014 - Report created 02/12/2013 at 19:35:31
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Brenda - BRENDA-PC
# Running from : C:\Users\Brenda\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736

-\\ Google Chrome v
[ File : C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [1090 octets] - [02/12/2013 19:35:31]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1150 octets] ##########
# AdwCleaner v3.014 - Report created 02/12/2013 at 19:38:07
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Brenda - BRENDA-PC
# Running from : C:\Users\Brenda\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736

-\\ Google Chrome v
[ File : C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [1230 octets] - [02/12/2013 19:35:31]
AdwCleaner[S0].txt - [1163 octets] - [02/12/2013 19:38:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1223 octets] ##########
 
Junkware tool results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Starter x86
Ran by Brenda on Mon 12/02/2013 at 20:04:35.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files
Successfully deleted: [File] C:\Windows\system32\sho27EA.tmp
Successfully deleted: [File] C:\Windows\system32\sho36A.tmp
Successfully deleted: [File] C:\Windows\system32\sho5CC7.tmp
Successfully deleted: [File] C:\Windows\system32\sho737A.tmp
Successfully deleted: [File] C:\Windows\system32\sho781B.tmp
Successfully deleted: [File] C:\Windows\system32\sho863F.tmp
Successfully deleted: [File] C:\Windows\system32\shoDC7B.tmp

~~~ Folders

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/02/2013 at 20:13:16.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL log:

OTL logfile created on: 12/2/2013 8:29:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brenda\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.90 Mb Total Physical Memory | 220.75 Mb Available Physical Memory | 21.82% Memory free
1.99 Gb Paging File | 0.93 Gb Available in Paging File | 46.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.45 Gb Total Space | 103.86 Gb Free Space | 77.25% Space Free | Partition Type: NTFS
Drive D: | 14.30 Gb Total Space | 2.05 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.56 Mb Free Space | 93.65% Space Free | Partition Type: FAT32

Computer Name: BRENDA-PC | User Name: Brenda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/02 19:23:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
PRC - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/09/24 20:49:04 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/09/24 20:44:16 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/09/24 16:00:04 | 000,145,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2013/09/20 09:47:54 | 000,638,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
PRC - [2013/09/11 11:55:58 | 000,499,384 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
PRC - [2013/09/09 11:10:14 | 000,517,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
PRC - [2013/09/06 12:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
PRC - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
PRC - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 16:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/25 05:05:00 | 000,150,928 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
PRC - [2010/06/28 06:03:14 | 000,707,400 | ---- | M] (Skyhook Wireless) -- C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
PRC - [2010/05/12 13:28:08 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
PRC - [2010/04/09 17:43:38 | 000,026,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/04/09 17:42:00 | 000,601,144 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/04/05 13:12:02 | 000,363,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010/04/05 13:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010/03/28 17:22:20 | 000,154,304 | ---- | M] (Zecter Inc.) -- C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
PRC - [2010/03/24 01:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/24 01:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2009/10/13 13:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/03 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/02 20:17:00 | 000,379,904 | ---- | M] () -- C:\Users\Brenda\AppData\Local\temp\libsqlitejdbc-66376067507847092.lib
MOD - [2013/12/02 20:16:55 | 000,198,144 | ---- | M] () -- C:\Users\Brenda\AppData\Local\temp\WindowsAPI.dll
MOD - [2013/10/14 12:46:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/14 12:39:41 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/14 12:38:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/14 12:37:24 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/14 12:36:07 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/14 12:35:40 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/13 06:22:38 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/13 06:21:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 10:46:24 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 10:44:16 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 10:43:49 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/17 19:44:48 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/17 19:34:57 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2010/08/27 17:08:12 | 000,237,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
MOD - [2010/04/05 13:12:06 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2010/04/05 13:12:00 | 000,267,832 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
MOD - [2010/04/05 13:11:58 | 000,030,264 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll


========== Services (SafeList) ==========

SRV - [2013/11/16 01:01:59 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/10/08 02:47:20 | 001,005,144 | ---- | M] (Support.com, Inc.) [Auto | Stopped] -- C:\Program Files\Office Depot PC Support Agent\esService.exe -- (Office Depot PC Support Agent)
SRV - [2013/09/24 20:49:04 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/09/24 20:44:16 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/09/24 16:00:04 | 000,145,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV - [2013/09/20 09:47:54 | 000,638,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
SRV - [2013/09/06 12:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/08/02 17:50:58 | 000,471,592 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2013/07/30 11:44:36 | 000,281,560 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/14 20:37:12 | 000,487,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Downloaded Program Files\DMService.exe -- (DMService)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/01/28 12:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2010/11/25 05:05:00 | 000,150,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2010/06/28 06:03:14 | 000,707,400 | ---- | M] (Skyhook Wireless) [Auto | Running] -- C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe -- (xpssvc)
SRV - [2010/05/12 13:28:08 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe -- (QDLService2kHP)
SRV - [2010/04/09 17:43:38 | 000,026,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/04/05 13:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/03/24 01:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/03/03 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/06 19:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Brenda\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/09/24 20:53:24 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/09/24 20:49:20 | 000,213,200 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/09/24 20:45:46 | 000,571,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/09/24 20:44:30 | 000,365,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/09/24 20:44:00 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/09/24 20:43:30 | 000,235,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/09/24 20:42:44 | 000,133,928 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013/09/23 13:48:38 | 000,147,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2013/09/20 09:37:24 | 000,080,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2013/09/20 09:37:10 | 000,301,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2013/09/09 11:11:52 | 000,066,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2013/06/26 18:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013/06/26 18:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013/06/26 18:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013/06/26 18:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/01 22:35:26 | 000,012,416 | ---- | M] (Skyhook Wireless) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\XPSVCOM.sys -- (XPSVCOM)
DRV - [2010/05/12 12:18:02 | 000,372,224 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbnethp2k.sys -- (qcusbnethp2k)
DRV - [2010/05/12 12:18:02 | 000,190,592 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbserhp2k.sys -- (qcusbserhp2k)
DRV - [2010/05/12 12:18:02 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcfilterhp2k.sys -- (qcfilterhp2k)
DRV - [2010/04/20 13:04:24 | 000,228,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/03/24 01:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/02 19:43:20 | 001,263,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AB720E55-013E-45EC-94DA-7FC03E84DB46}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{EB0A2DBB-CB4A-49D0-9056-D300742A1E41}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051
IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\..\SearchScopes\{74FFB162-7355-4478-A81D-D5C259DC2100}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\..\SearchScopes\{AB720E55-013E-45EC-94DA-7FC03E84DB46}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\..\SearchScopes\{EB0A2DBB-CB4A-49D0-9056-D300742A1E41}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-326676488-864963984-2190722416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/11/30 14:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/11/29 20:54:56 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Brenda\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brenda\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brenda\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: SiteAdvisor = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_0\
CHR - Extension: Google Wallet = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\
CHR - Extension: Gmail = C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/02 13:08:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-21-326676488-864963984-2190722416-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-326676488-864963984-2190722416-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-326676488-864963984-2190722416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25AB198E-188A-4EF6-920D-F299DF409BC3}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE92BCF0-0F52-4851-9EDB-E179CABC7890}: DhcpNameServer = 198.6.1.1 204.117.214.10
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/02 20:27:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
[2013/12/02 20:04:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/02 19:35:19 | 000,000,000 | ---D | C] -- C:\Users\Brenda\Desktop\Quarantine
[2013/12/02 19:35:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/02 13:13:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/02 13:13:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/02 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\temp
[2013/12/02 12:44:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/02 12:44:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/02 12:44:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/02 12:43:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/02 12:42:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/30 14:36:34 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/28 17:17:45 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\McAfee File Lock
[2013/11/28 17:00:31 | 000,066,296 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\McPvDrv.sys
[2013/11/28 16:58:59 | 000,147,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2013/11/22 20:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/11/22 20:43:31 | 000,000,000 | R-SD | C] -- C:\Users\Brenda\Documents\McAfee Vaults
[2013/11/22 20:43:31 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\McAfee Anti-Theft
[2013/11/22 20:41:19 | 000,365,256 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2013/11/22 20:41:18 | 000,235,488 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2013/11/22 20:41:18 | 000,065,928 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2013/11/22 20:41:18 | 000,060,920 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2013/11/22 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2013/11/22 20:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2013/11/22 20:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/11/22 19:59:45 | 000,172,416 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2013/11/22 19:53:42 | 000,213,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2013/11/22 19:53:40 | 000,571,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2013/11/22 19:53:39 | 000,133,928 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2013/11/22 18:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/11/18 19:21:11 | 000,000,000 | ---D | C] -- C:\Users\Brenda\Documents\Office Depot PC Support Agent
[2013/11/18 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\QuickScan
[2013/11/18 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\OpswatLogs
[2013/11/18 19:10:18 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/18 19:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2013/11/18 19:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Office Depot PC Support Agent
[2013/11/16 15:15:06 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\Malwarebytes
[2013/11/16 15:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/16 15:14:15 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\Programs
[2013/11/16 02:11:32 | 000,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/16 02:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/11/16 02:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/16 02:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/16 01:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/11/16 01:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/16 01:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

========== Files - Modified Within 30 Days ==========

[2013/12/02 20:34:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/02 20:28:33 | 000,965,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/02 20:28:33 | 000,225,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/02 20:26:38 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/02 20:26:38 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/02 20:21:54 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2013/12/02 20:16:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/02 20:16:18 | 795,787,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/02 19:23:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
[2013/12/02 13:08:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/11/29 21:33:27 | 000,007,597 | ---- | M] () -- C:\Users\Brenda\AppData\Local\Resmon.ResmonCfg
[2013/11/28 18:40:35 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrenda.job
[2013/11/22 18:54:04 | 000,002,012 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/11/22 18:54:03 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/11/18 19:07:36 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
[2013/11/16 02:10:32 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

========== Files Created - No Company Name ==========

[2013/12/02 12:44:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/02 12:44:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/02 12:44:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/02 12:44:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/02 12:44:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/28 16:57:42 | 000,002,641 | ---- | C] () -- C:\Windows\System32\drivers\mfencrk.inf
[2013/11/28 16:57:41 | 000,002,951 | ---- | C] () -- C:\Windows\System32\drivers\mfencbdc.inf
[2013/11/22 20:46:44 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2013/11/22 18:54:03 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/11/18 19:07:36 | 000,002,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office Depot PC Support Agent.lnk
[2013/11/18 19:07:35 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
[2013/11/16 02:10:32 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2013/11/16 01:02:15 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/29 22:04:44 | 000,007,597 | ---- | C] () -- C:\Users\Brenda\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/02/17 10:37:09 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2013/11/18 19:35:34 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\OpswatLogs
[2013/11/18 19:15:38 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\QuickScan
[2013/09/09 19:37:29 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\SoftGrid Client
[2011/08/26 17:51:03 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\TP
[2011/02/17 10:41:22 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\WildTangent
[2013/12/02 20:16:55 | 000,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\ZumoDrive

========== Purity Check ==========


< End of report >
 
Extras log:

OTL Extras logfile created on: 12/2/2013 8:29:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brenda\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.90 Mb Total Physical Memory | 220.75 Mb Available Physical Memory | 21.82% Memory free
1.99 Gb Paging File | 0.93 Gb Available in Paging File | 46.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.45 Gb Total Space | 103.86 Gb Free Space | 77.25% Space Free | Partition Type: NTFS
Drive D: | 14.30 Gb Total Space | 2.05 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.56 Mb Free Space | 93.65% Space Free | Partition Type: FAT32

Computer Name: BRENDA-PC | User Name: Brenda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B5505B-4B9A-41DB-9BC8-98B1CD3970EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0CF22207-4B17-4E34-9A5A-C7539EE6FC08}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15ABF673-1FC1-4716-A481-768994B74256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{221B72FB-39EC-46A4-AAF0-0F50C1BFB1C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2EB89B8F-083D-4B65-A217-B235D9293277}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{33844EC0-A492-4BAA-8EDA-FE59815BFAA3}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E6DE267-4F3D-44A1-A801-9C84C948080D}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C5A7C08-E3AE-4858-9C40-D136EDB7BCEF}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D2F5F0E-DF39-45FA-A91F-E4E75B87BB80}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{810C5FF4-1934-47D2-B4CB-A2D5DCC09721}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{873246D4-F9FE-47FF-8FFD-122D674F2FC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0F39071-9B68-4B42-A607-FA083A01978C}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4DE1687-D8B2-4ED3-9E20-0879E52D6477}" = rport=139 | protocol=6 | dir=out | app=system |
"{E6AC9393-F9B6-463A-BF0B-3730A03DAADE}" = rport=137 | protocol=17 | dir=out | app=system |
"{F2D0852E-791C-4C29-9AA0-13E8C0425CA9}" = lport=445 | protocol=6 | dir=in | app=system |
"{F5BDF2E8-35D0-48BA-B8CB-8154F781F234}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A4DC97-6340-4B2E-B10B-D01648162B90}" = protocol=6 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\video\hpvideo.exe |
"{0BD69F47-02A8-4E48-A4DD-0BBB8ECC547A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19E752A8-FB29-4436-84CB-DE8EE442EFBF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{36EBC98F-C63C-43C8-A005-ED117B53A927}" = protocol=6 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\music\hpmusic.exe |
"{3C63C0E7-A504-4B61-A5EF-606DA1284A9A}" = protocol=17 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\video\hpvideo.exe |
"{410E893A-CDBB-4A13-AD76-E82EF69FC0BE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{44C35245-08A9-457C-9E7A-1765A9BF6CEA}" = dir=out | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe |
"{503C131B-DDAF-419B-92FC-448887C774C6}" = protocol=17 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\music\hpmusic.exe |
"{52667481-AEED-4BF5-915C-0BA4391772CB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{69B7AA6B-98C9-4772-9C60-170B37AF8A6C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{85CF09FB-5ECA-4A28-9722-A6C22B184509}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{89CE38E3-285A-4E98-9AB2-02F05364B20F}" = protocol=17 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\photo\hpphoto.exe |
"{99115C4C-638E-4E2D-84FD-F5A2C1E695EC}" = protocol=6 | dir=in | app=c:\progra~1\hewlet~1\hpmedi~1\photo\hpphoto.exe |
"{A2DAA051-9B7A-476E-86B7-9DA8359AAC71}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B68734A8-DEB5-4442-B929-D4A832AEECA3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C715E19D-F02F-428F-A33A-B1AD16BB3764}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D90D1320-F2FF-4384-A07E-0148678E005F}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"{E221FBED-DC53-4763-8433-67CE83C275CF}" = dir=in | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe |
"{E340A80F-58C5-4784-A4CC-4541D9F54A21}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{E94D0DB3-17D3-48BD-8B4B-49DCD127504D}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"{FCDB1FD5-73DE-4A68-9A37-67983EEAD611}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0AEE22A8-6430-4CD0-917A-F0EB49F4E814}" = Skyhook Wireless XPS Service
"{10BFDC04-317E-4DF2-8773-ACC02155B055}" = HP Navigator
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C915B0-F2A0-423D-BEDF-04D3CE4D4DC5}" = HP Quick Launch
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{458328FB-0D19-43D9-854D-2EA404CF5BBE}" = Qualcomm Gobi 2000 Package for HP
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F22707C-C8E4-4BC8-881C-FAAB2EF5914B}" = HP HomeBase
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{60C58642-B64D-43E6-B7EF-7928019AA012}" = Loki Browser Plugin
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79EFF05C-D148-4A2E-AEF2-24720B6A76EC}" = VZAccess Manager
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FCE3C61-B789-4A62-8B85-1C2B5F5D9575}" = HP Documentation
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DA200FDD-DE3D-4958-8465-C4FBC869544B}" = HP Software Framework
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF627ABB-E970-4C3E-9ABB-097BE46F55CB}" = HP QuickSync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"MSC" = McAfee Total Protection
"My HP Game Console" = HP Game Console
"Office Depot PC Support Agent" = Office Depot PC Support Agent
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082124" = Blasterball 3
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082172" = Polar Bowler
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082222" = Insaniquarium Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082246" = Zuma Deluxe
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082409" = Mahjongg Artifacts
"WT082422" = Wedding Dash
"WT082427" = Slingo Deluxe
"WT082442" = Faerie Solitaire
"WT083489" = JoJo's Fashion Show
"WT083503" = Jewel Match 2
"WT083510" = Jewel Quest Solitaire
"WT083514" = Jewel Quest II
"WT083521" = Dream Chronicles
"WT083529" = Gem Shop
"ZumoDrive" = HP CloudDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-326676488-864963984-2190722416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Circuit Construction Kit (DC Only)" = Circuit Construction Kit (DC Only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2013 9:24:49 PM | Computer Name = Brenda-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 12/2/2013 9:24:49 PM | Computer Name = Brenda-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 12/2/2013 9:27:36 PM | Computer Name = Brenda-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 12/2/2013 9:28:29 PM | Computer Name = Brenda-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 12/2/2013 9:28:29 PM | Computer Name = Brenda-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ Hewlett-Packard Events ]
Error - 9/22/2013 5:58:39 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

Error - 9/22/2013 6:00:16 PM | Computer Name = Brenda-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 9/22/2013 6:00:16 PM | Computer Name = Brenda-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 9/29/2013 6:35:09 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 10/6/2013 8:51:00 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1011 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 10/12/2013 9:34:23 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1011 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 10/18/2013 8:44:34 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

Error - 10/27/2013 12:47:34 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1011 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 10/31/2013 3:36:37 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect()

Error - 11/7/2013 9:12:17 PM | Computer Name = Brenda-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

[ HP Wireless Assistant Events ]
Error - 10/14/2013 1:36:05 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 10/14/2013 5:48:22 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 10/15/2013 3:01:23 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 10/15/2013 8:09:25 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 10/15/2013 8:48:20 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 10/15/2013 9:46:56 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 10/18/2013 4:17:44 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 10/22/2013 7:53:14 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 10/23/2013 7:15:57 AM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 10/27/2013 12:31:06 PM | Computer Name = Brenda-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

[ System Events ]
Error - 12/2/2013 9:15:20 PM | Computer Name = Brenda-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the mfecore service.

Error - 12/2/2013 9:17:33 PM | Computer Name = Brenda-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
mfeapfk

Error - 12/2/2013 9:19:44 PM | Computer Name = Brenda-PC | Source = DCOM | ID = 10016
Description =


< End of report >
 
OTL logs are clean.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Security Check results:

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Java(TM) 6 Update 20
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
FSS results:

Farbar Service Scanner Version: 23-11-2013
Ran by Brenda (administrator) on 02-12-2013 at 21:59:12
Running from "C:\Users\Brenda\Desktop"
Microsoft Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-12 18:10] - [2013-09-13 19:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-12 18:11] - [2013-09-07 21:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 10:57] - [2013-07-08 23:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-10 06:57] - [2013-05-26 23:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****
 
Back