MoneyPak FBi

Inactive
By theRadiantChild
Jun 20, 2013
Topic Status:
Not open for further replies.
  1. I am trying to clean my fiancees parents computer remotely. They can not boot into normal mode but safe mode with networking works. I have scanned their computer and cant seem to come up with anything malicious. What gives? Here are my logs. I am using teamviewer to try to help them since they live in another state and arent computer savvy.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 9.0.8112.16490
    Run by bernie at 7:40:38 on 2013-06-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3832.2666 [GMT -4:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://att.yahoo.com/
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: UnfriendApp: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3
    mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
    uExplorerRun: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3
    mExplorerRun: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3
    StartupFolder: C:\Users\bernie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Windows\System32\rundll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{044CE9DD-5C68-43A4-95BC-53242B8DAFB4} : DHCPNameServer = 192.168.1.254
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-17 493656]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-17 1139800]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-5-31 852256]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-31 346144]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-5-31 39480]
    S1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-6-19 26176]
    S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]
    S1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-17 169048]
    S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130619.001\IDSviA64.sys [2013-6-19 513184]
    S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-17 224416]
    S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-6-17 433752]
    S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-6-19 2626880]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-31 202752]
    S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-11 132504]
    S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2011-11-24 126392]
    S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-6-19 4150112]
    S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-6-19 66320]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-17 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-28 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-27 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-06-19 22:58:32--------d-----w-C:\Program Files (x86)\Emsisoft Anti-Malware
    2013-06-19 22:35:53--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-19 22:35:41--------d-----w-C:\Users\bernie\AppData\Local\Programs
    2013-06-19 22:28:29--------d-----w-C:\Program Files (x86)\TeamViewer
    2013-06-18 21:05:16--------d-----w-C:\ProgramData\McAfeeSecurePC
    2013-06-17 10:52:13433752----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys
    2013-06-17 10:52:1323448----a-r-C:\Windows\System32\drivers\N360x64\1404000.028\symelam.sys
    2013-06-17 10:52:12796760----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys
    2013-06-17 10:52:12493656----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys
    2013-06-17 10:52:1236952----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\srtspx64.sys
    2013-06-17 10:52:12224416----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys
    2013-06-17 10:52:12169048----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys
    2013-06-17 10:52:121139800----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys
    2013-06-17 10:51:52--------d-----w-C:\Windows\System32\drivers\N360x64\1404000.028
    2013-06-12 19:17:361910632----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-06-12 19:16:441887232----a-w-C:\Windows\System32\d3d11.dll
    2013-06-12 19:16:431505280----a-w-C:\Windows\SysWow64\d3d11.dll
    .
    ==================== Find3M ====================
    .
    2013-06-17 22:03:09177312----a-w-C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2013-06-12 14:30:5371048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 14:30:53692104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-17 03:09:562312704----a-w-C:\Windows\System32\jscript9.dll
    2013-05-17 03:02:291392128----a-w-C:\Windows\System32\wininet.dll
    2013-05-17 03:01:131494528----a-w-C:\Windows\System32\inetcpl.cpl
    2013-05-17 02:56:09173056----a-w-C:\Windows\System32\ieUnatt.exe
    2013-05-17 02:56:00599040----a-w-C:\Windows\System32\vbscript.dll
    2013-05-17 02:51:272382848----a-w-C:\Windows\System32\mshtml.tlb
    2013-05-16 22:39:391800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-05-16 22:28:261129472----a-w-C:\Windows\SysWow64\wininet.dll
    2013-05-16 22:27:301427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2013-05-16 22:21:37142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2013-05-16 22:20:30420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2013-05-16 22:16:572382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-05-13 05:51:01184320----a-w-C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:001464320----a-w-C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00139776----a-w-C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:4052224----a-w-C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:551160192----a-w-C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:551192448----a-w-C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10903168----a-w-C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:0643008----a-w-C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:2730720----a-w-C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:5424576----a-w-C:\Windows\SysWow64\cryptdlg.dll
    2013-04-26 05:51:36751104----a-w-C:\Windows\System32\win32spl.dll
    2013-04-26 04:55:21492544----a-w-C:\Windows\SysWow64\win32spl.dll
    2013-04-17 07:02:061230336----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
    2013-04-17 06:24:461424384----a-w-C:\Windows\System32\WindowsCodecs.dll
    2013-04-13 05:49:23135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16474624----a-w-C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:152176512----a-w-C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:081656680----a-w-C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54265064----a-w-C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53983400----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:503153920----a-w-C:\Windows\System32\win32k.sys
    2013-04-04 18:50:3225928----a-w-C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 7:41:12.09 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/27/2010 7:56:35 PM
    System Uptime: 6/20/2013 7:17:31 AM (0 hours ago)
    .
    Motherboard: FOXCONN | | 2A92
    Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 2793/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 687 GiB total, 631.672 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 0.278 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    RP191: 5/26/2013 7:25:01 AM - Scheduled Checkpoint
    RP192: 6/2/2013 5:06:07 PM - Scheduled Checkpoint
    RP193: 6/9/2013 6:33:25 PM - Scheduled Checkpoint
    RP194: 6/13/2013 3:00:29 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.7)
    AMD USB Filter Driver
    ATI Catalyst Install Manager
    Bing Bar
    Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide
    Canon Utilities CameraWindow DC 8
    Canon Utilities ImageBrowser EX
    Canon Utilities PhotoStitch
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CinemaNow Media Manager
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    D3DX10
    DVD Menu Pack for HP MediaSmart Video
    Emsisoft Anti-Malware
    EPSON Scan
    EPSON WorkForce 500 Series Printer Uninstall
    Free File Opener version 2011.6.0
    Google Chrome
    Google Update Helper
    Hardware Diagnostic Tools
    HP Customer Experience Enhancements
    HP Odometer
    HP Support Information
    Hulu Desktop
    Java Auto Updater
    Java(TM) 6 Update 37
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.75.0.1300
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton 360
    Norton PC Checkup
    OpenOffice.org 3.2
    PhotoNow!
    PictureMover
    PlayReady PC Runtime amd64
    Power2Go
    PowerDirector
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    Recovery Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Steam
    TeamViewer 8
    Torchlight II
    UnfriendApp
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VVVVVV
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/20/2013 7:39:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/20/2013 7:18:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/20/2013 7:18:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/20/2013 7:18:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/20/2013 7:18:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/20/2013 7:18:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
    6/19/2013 11:40:03 PM, Error: Service Control Manager [7022] - The Emsisoft Anti-Malware 7.0 - Service service hung on starting.
    6/18/2013 4:52:00 PM, Error: Schannel [36888] - The following fatal alert was generated: 70. The internal error state is 105.
    6/14/2013 8:57:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    .
    ==== End Of File ===========================
  2. theRadiantChild

    theRadiantChild TechSpot Enthusiast Topic Starter Posts: 297

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.20.05

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    bernie :: BERNIE-HP [administrator]

    6/20/2013 7:31:12 AM
    mbam-log-2013-06-20 (07-31-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209838
    Time elapsed: 3 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  3. theRadiantChild

    theRadiantChild TechSpot Enthusiast Topic Starter Posts: 297

    Did an eset scan and it found this C:\Users\bernie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\6edd60f7-5a93f238Java/Exploit.CVE-2012-1723.KH trojancleaned by deleting - quarantined

    Not sure if this is the FBI monkeypak virus or not. Any help would be appreciated
  4. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  5. theRadiantChild

    theRadiantChild TechSpot Enthusiast Topic Starter Posts: 297

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2013
    Ran by bernie (administrator) on 20-06-2013 19:36:04
    Running from C:\Users\bernie\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Safe Mode (with Networking)

    ==================== Processes (Whitelisted) =================

    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
    (TeamViewer GmbH) c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Policies\Explorer\Run: [McAfeeSecurePC] C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll [63488 2013-06-18] ( ())
    HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
    HKCU\...\Run: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3 [63488 2013-06-18] ()
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-03] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3 [63488 2013-06-18] ()
    HKLM-x32\...\Run: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60 [2916264 2013-05-30] (Emsisoft GmbH)
    HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
    HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
    Startup: C:\ProgramData\Start Menu\Programs\Startup\PictureMover.lnk
    ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\bernie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\McAfee PC Security.lnk
    ShortcutTarget: McAfee PC Security.lnk -> C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {8A79530E-788C-4C92-97D6-D6D4FFD01D22} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {8A79530E-788C-4C92-97D6-D6D4FFD01D22} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKCU - {23B909E8-3723-4086-92B5-948847218972} URL = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20110207,6901,0,8,0
    SearchScopes: HKCU - {68620606-8724-4312-94F2-A4031BAAA288} URL =
    SearchScopes: HKCU - {8A79530E-788C-4C92-97D6-D6D4FFD01D22} URL =
    SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-x32: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll (UnfriendApp)
    BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    Chrome:
    =======
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
    CHR Plugin: (Norton Confidential) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)
    CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Extension: (Google Drive) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (YouTube) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Adblock Plus) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
    CHR Extension: (Google Search) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Norton Identity Protection) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
    CHR Extension: (Gmail) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2626880 2013-05-30] (Emsisoft GmbH)
    S2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
    S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-25] (Symantec Corporation)
    S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [126392 2011-09-29] (Symantec Corporation)

    ==================== Drivers (Whitelisted) ====================

    S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
    S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
    S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
    S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
    S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130619.001\IDSvia64.sys [513184 2013-02-01] (Symantec Corporation)
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130619.001\IDSvia64.sys [513184 2013-02-01] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130619.016\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130619.016\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130619.016\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130619.016\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
    S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
    S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
    S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
    S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2012-02-12] (Jungo)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-20 19:35 - 2013-06-20 19:35 - 01929604 ____A (Farbar) C:\Users\bernie\Desktop\FRST64.exe
    2013-06-20 19:35 - 2013-06-20 19:35 - 00000000 ____D C:\FRST
    2013-06-20 16:44 - 2013-06-20 16:44 - 00000156 ____A C:\Users\bernie\Desktop\eset.txt
    2013-06-20 08:04 - 2013-06-20 08:04 - 00000000 ____D C:\Program Files (x86)\ESET
    2013-06-20 07:41 - 2013-06-20 07:41 - 00014363 ____A C:\Users\bernie\Desktop\dds.txt
    2013-06-20 07:41 - 2013-06-20 07:41 - 00008799 ____A C:\Users\bernie\Desktop\attach.txt
    2013-06-20 07:40 - 2013-06-20 07:40 - 00688992 ____R (Swearware) C:\Users\bernie\Desktop\dds.com
    2013-06-20 07:38 - 2013-06-20 07:38 - 13475464 ____A (Microsoft Corporation) C:\Users\bernie\Desktop\mseinstall.exe
    2013-06-20 07:38 - 2013-06-20 07:38 - 00002243 ____A C:\Windows\epplauncher.mif
    2013-06-19 18:58 - 2013-06-19 23:32 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
    2013-06-19 18:58 - 2013-06-19 18:58 - 00001053 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2013-06-19 18:55 - 2013-06-19 18:57 - 187285416 ____A (Emsisoft GmbH ) C:\Users\bernie\Desktop\EmsisoftAntiMalwareSetup.exe
    2013-06-19 18:50 - 2013-06-19 18:52 - 00003174 ____A C:\Users\bernie\Desktop\Rkill.txt
    2013-06-19 18:50 - 2013-06-19 18:50 - 00000000 ____D C:\Users\bernie\Desktop\rkill
    2013-06-19 18:49 - 2013-06-19 18:49 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\bernie\Desktop\iExplore.exe
    2013-06-19 18:48 - 2013-06-19 18:48 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\bernie\Desktop\rkill.exe
    2013-06-19 18:35 - 2013-06-19 18:35 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\bernie\Desktop\mbam-setup-1.75.0.1300.exe
    2013-06-19 18:35 - 2013-06-19 18:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-06-19 18:35 - 2013-06-19 18:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-19 18:28 - 2013-06-19 18:28 - 00001124 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
    2013-06-19 18:28 - 2013-06-19 18:28 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2013-06-19 18:23 - 2013-06-19 18:26 - 05106800 ____A (TeamViewer GmbH) C:\Users\bernie\Downloads\TeamViewer_Setup_en.exe
    2013-06-18 17:05 - 2013-06-18 17:05 - 00000000 ____D C:\ProgramData\McAfeeSecurePC
    2013-06-13 03:03 - 2013-05-17 00:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-06-13 03:03 - 2013-05-16 23:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-06-13 03:03 - 2013-05-16 23:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-06-13 03:03 - 2013-05-16 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-06-13 03:03 - 2013-05-16 23:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-06-13 03:03 - 2013-05-16 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-06-13 03:03 - 2013-05-16 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-06-13 03:03 - 2013-05-16 22:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-06-13 03:03 - 2013-05-16 22:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-06-13 03:03 - 2013-05-16 22:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-06-13 03:03 - 2013-05-16 22:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-06-13 03:03 - 2013-05-16 22:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-06-13 03:03 - 2013-05-16 22:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-06-13 03:03 - 2013-05-16 22:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-06-13 03:03 - 2013-05-16 22:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-06-13 03:03 - 2013-05-16 22:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-06-13 03:03 - 2013-05-16 19:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-06-13 03:03 - 2013-05-16 18:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-06-13 03:03 - 2013-05-16 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-06-13 03:03 - 2013-05-16 18:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-06-13 03:03 - 2013-05-16 18:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-06-13 03:03 - 2013-05-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-06-13 03:03 - 2013-05-16 18:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-06-13 03:03 - 2013-05-16 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-06-13 03:03 - 2013-05-16 18:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-06-13 03:03 - 2013-05-16 18:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-06-13 03:03 - 2013-05-16 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-06-13 03:03 - 2013-05-16 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-06-13 03:03 - 2013-05-16 18:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-06-13 03:03 - 2013-05-16 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-06-13 03:03 - 2013-05-16 18:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-06-13 03:03 - 2013-05-16 18:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-06-12 15:17 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-06-12 15:17 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-06-12 15:17 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-06-12 15:17 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
    2013-06-12 15:17 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-06-12 15:17 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-06-12 15:17 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-06-12 15:17 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
    2013-06-12 15:17 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
    2013-06-12 15:17 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
    2013-06-12 15:17 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
    2013-06-12 15:17 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
    2013-06-12 15:17 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-06-12 15:17 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-06-12 15:17 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-06-12 15:17 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2013-06-12 15:17 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2013-06-12 15:16 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2013-06-12 15:16 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

    ==================== One Month Modified Files and Folders =======

    2013-06-20 19:35 - 2013-06-20 19:35 - 01929604 ____A (Farbar) C:\Users\bernie\Desktop\FRST64.exe
    2013-06-20 19:35 - 2013-06-20 19:35 - 00000000 ____D C:\FRST
    2013-06-20 16:44 - 2013-06-20 16:44 - 00000156 ____A C:\Users\bernie\Desktop\eset.txt
    2013-06-20 08:04 - 2013-06-20 08:04 - 00000000 ____D C:\Program Files (x86)\ESET
    2013-06-20 07:41 - 2013-06-20 07:41 - 00014363 ____A C:\Users\bernie\Desktop\dds.txt
    2013-06-20 07:41 - 2013-06-20 07:41 - 00008799 ____A C:\Users\bernie\Desktop\attach.txt
    2013-06-20 07:40 - 2013-06-20 07:40 - 00688992 ____R (Swearware) C:\Users\bernie\Desktop\dds.com
    2013-06-20 07:38 - 2013-06-20 07:38 - 13475464 ____A (Microsoft Corporation) C:\Users\bernie\Desktop\mseinstall.exe
    2013-06-20 07:38 - 2013-06-20 07:38 - 00002243 ____A C:\Windows\epplauncher.mif
    2013-06-20 07:12 - 2010-11-27 20:56 - 01213970 ____A C:\Windows\WindowsUpdate.log
    2013-06-20 07:11 - 2011-12-06 23:01 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-06-20 07:08 - 2012-04-04 15:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-06-19 23:47 - 2009-07-14 00:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-06-19 23:47 - 2009-07-14 00:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-06-19 23:39 - 2012-12-21 22:22 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-06-19 23:39 - 2010-11-27 20:56 - 00085712 ____A C:\Users\bernie\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-06-19 23:38 - 2012-09-12 03:18 - 00002978 ____A C:\Windows\setupact.log
    2013-06-19 23:38 - 2011-12-06 23:01 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-19 23:38 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-19 23:38 - 2009-07-14 00:45 - 00353872 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-06-19 23:32 - 2013-06-19 18:58 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
    2013-06-19 18:58 - 2013-06-19 18:58 - 00001053 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2013-06-19 18:57 - 2013-06-19 18:55 - 187285416 ____A (Emsisoft GmbH ) C:\Users\bernie\Desktop\EmsisoftAntiMalwareSetup.exe
    2013-06-19 18:52 - 2013-06-19 18:50 - 00003174 ____A C:\Users\bernie\Desktop\Rkill.txt
    2013-06-19 18:50 - 2013-06-19 18:50 - 00000000 ____D C:\Users\bernie\Desktop\rkill
    2013-06-19 18:49 - 2013-06-19 18:49 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\bernie\Desktop\iExplore.exe
    2013-06-19 18:48 - 2013-06-19 18:48 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\bernie\Desktop\rkill.exe
    2013-06-19 18:35 - 2013-06-19 18:35 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\bernie\Desktop\mbam-setup-1.75.0.1300.exe
    2013-06-19 18:35 - 2013-06-19 18:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-06-19 18:35 - 2013-06-19 18:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-19 18:28 - 2013-06-19 18:28 - 00001124 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
    2013-06-19 18:28 - 2013-06-19 18:28 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2013-06-19 18:26 - 2013-06-19 18:23 - 05106800 ____A (TeamViewer GmbH) C:\Users\bernie\Downloads\TeamViewer_Setup_en.exe
    2013-06-18 17:18 - 2012-09-23 03:19 - 00055332 ____A C:\Windows\PFRO.log
    2013-06-18 17:18 - 2010-11-27 20:56 - 00000000 ____D C:\users\bernie
    2013-06-18 17:05 - 2013-06-18 17:05 - 00000000 ____D C:\ProgramData\McAfeeSecurePC
    2013-06-18 17:05 - 2011-04-15 07:06 - 00000000 ____D C:\Users\bernie\AppData\Local\CrashDumps
    2013-06-18 10:26 - 2010-11-27 22:32 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
    2013-06-18 10:25 - 2010-11-27 22:32 - 00002281 ____A C:\Users\Public\Desktop\Norton 360.lnk
    2013-06-17 18:03 - 2010-11-27 22:33 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2013-06-17 18:03 - 2010-11-27 22:33 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2013-06-15 07:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2013-06-13 08:24 - 2009-07-14 01:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-13 03:01 - 2010-11-27 21:59 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-06-12 10:30 - 2012-04-04 15:18 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-06-12 10:30 - 2011-10-23 10:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-06-02 17:07 - 2012-09-11 07:19 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.0
    2013-05-31 23:05 - 2010-11-27 20:57 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-06-13 03:03

    ==================== End Of Log ============================
  6. theRadiantChild

    theRadiantChild TechSpot Enthusiast Topic Starter Posts: 297

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2013
    Ran by bernie at 2013-06-20 19:36:35 Run:
    Running from C:\Users\bernie\Desktop
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Installed Programs =======================

    Adobe AIR (Version: 2.5.1.17730)
    Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
    Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
    Adobe Reader X (10.1.7) (Version: 10.1.7)
    AMD USB Filter Driver (Version: 1.0.14.91)
    ATI Catalyst Install Manager (Version: 3.0.762.0)
    Bing Bar (Version: 7.0.614.0)
    Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide (Version: 1.0.0.7)
    Canon Utilities CameraWindow DC 8 (Version: 8.7.0.11)
    Canon Utilities ImageBrowser EX (Version: 1.0.1.32)
    Canon Utilities PhotoStitch (Version: 3.1.23.47)
    Catalyst Control Center - Branding (Version: 1.00.0000)
    Catalyst Control Center Core Implementation (Version: 2010.0202.2335.42270)
    Catalyst Control Center Graphics Full Existing (Version: 2010.0202.2335.42270)
    Catalyst Control Center Graphics Full New (Version: 2010.0202.2335.42270)
    Catalyst Control Center Graphics Light (Version: 2010.0202.2335.42270)
    Catalyst Control Center Graphics Previews Vista (Version: 2010.0202.2335.42270)
    Catalyst Control Center InstallProxy (Version: 2010.0202.2335.42270)
    Catalyst Control Center Localization All (Version: 2010.0202.2335.42270)
    CCC Help Chinese Standard (Version: 2010.0202.2334.42270)
    CCC Help Chinese Traditional (Version: 2010.0202.2334.42270)
    CCC Help Czech (Version: 2010.0202.2334.42270)
    CCC Help Danish (Version: 2010.0202.2334.42270)
    CCC Help Dutch (Version: 2010.0202.2334.42270)
    CCC Help English (Version: 2010.0202.2334.42270)
    CCC Help Finnish (Version: 2010.0202.2334.42270)
    CCC Help French (Version: 2010.0202.2334.42270)
    CCC Help German (Version: 2010.0202.2334.42270)
    CCC Help Greek (Version: 2010.0202.2334.42270)
    CCC Help Hungarian (Version: 2010.0202.2334.42270)
    CCC Help Italian (Version: 2010.0202.2334.42270)
    CCC Help Japanese (Version: 2010.0202.2334.42270)
    CCC Help Korean (Version: 2010.0202.2334.42270)
    CCC Help Norwegian (Version: 2010.0202.2334.42270)
    CCC Help Polish (Version: 2010.0202.2334.42270)
    CCC Help Portuguese (Version: 2010.0202.2334.42270)
    CCC Help Russian (Version: 2010.0202.2334.42270)
    CCC Help Spanish (Version: 2010.0202.2334.42270)
    CCC Help Swedish (Version: 2010.0202.2334.42270)
    CCC Help Thai (Version: 2010.0202.2334.42270)
    CCC Help Turkish (Version: 2010.0202.2334.42270)
    ccc-core-static (Version: 2010.0202.2335.42270)
    ccc-utility64 (Version: 2010.0202.2335.42270)
    CCleaner (Version: 3.12)
    CinemaNow Media Manager (Version: 1.9.1.105)
    Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
    CyberLink DVD Suite Deluxe (Version: 7.0.2712)
    D3DX10 (Version: 15.4.2368.0902)
    DVD Menu Pack for HP MediaSmart Video (Version: 4.0.3715)
    Emsisoft Anti-Malware (Version: 7.0)
    EPSON Scan
    EPSON WorkForce 500 Series Printer Uninstall
    ESET Online Scanner v3
    Free File Opener version 2011.6.0 (Version: 2011.6.0)
    Google Chrome (Version: 27.0.1453.116)
    Google Update Helper (Version: 1.3.21.145)
    Hardware Diagnostic Tools (Version: 6.0.5418.39)
    HP Customer Experience Enhancements (Version: 6.0.1.4)
    HP Odometer (Version: 2.10.0000)
    HP Support Information (Version: 10.1.0002)
    Hulu Desktop (Version: 0.9.11)
    Java Auto Updater (Version: 2.0.7.2)
    Java(TM) 6 Update 37 (Version: 6.0.370)
    Junk Mail filter update (Version: 15.4.3502.0922)
    LabelPrint (Version: 2.5.2610)
    LightScribe System Software (Version: 1.18.11.1)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Mesh Runtime (Version: 15.4.5722.2)
    Messenger Companion (Version: 15.4.3502.0922)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
    Microsoft Silverlight (Version: 5.1.20125.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Works (Version: 9.7.0621)
    Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
    MSVCRT (Version: 15.4.2862.0708)
    MSVCRT_amd64 (Version: 15.4.2862.0708)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    Norton 360 (Version: 20.4.0.40)
    Norton PC Checkup (Version: 2.0.15.91)
    Norton PC Checkup (Version: 3.0.2.115.0)
    OpenOffice.org 3.2 (Version: 3.2.9502)
    PhotoNow! (Version: 1.1.6904)
    PictureMover (Version: 3.3.1.19)
    PlayReady PC Runtime amd64 (Version: 1.3.0)
    Power2Go (Version: 6.1.3810)
    PowerDirector (Version: 8.0.2704)
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver (Version: 6.0.1.6053)
    Recovery Manager (Version: 5.5.2719)
    Steam (Version: 1.0.0.0)
    TeamViewer 8 (Version: 8.0.19045)
    Torchlight II
    UnfriendApp (Version: 2.5.60)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    VVVVVV
    Windows Live Communications Platform (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3555.0308)
    Windows Live Family Safety (Version: 15.4.3555.0308)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
    Windows Live Installer (Version: 15.4.3502.0922)
    Windows Live Language Selector (Version: 15.4.3555.0308)
    Windows Live Mail (Version: 15.4.3502.0922)
    Windows Live Mesh (Version: 15.4.3502.0922)
    Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
    Windows Live Messenger (Version: 15.4.3538.0513)
    Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
    Windows Live MIME IFilter (Version: 15.4.3502.0922)
    Windows Live Movie Maker (Version: 15.4.3502.0922)
    Windows Live Photo Common (Version: 15.4.3502.0922)
    Windows Live Photo Gallery (Version: 15.4.3502.0922)
    Windows Live PIMT Platform (Version: 15.4.3508.1109)
    Windows Live Remote Client (Version: 15.4.5722.2)
    Windows Live Remote Client Resources (Version: 15.4.5722.2)
    Windows Live Remote Service (Version: 15.4.5722.2)
    Windows Live Remote Service Resources (Version: 15.4.5722.2)
    Windows Live SOXE (Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (Version: 15.4.3502.0922)
    Windows Live Sync (Version: 14.0.8089.726)
    Windows Live UX Platform (Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
    Windows Live Writer (Version: 15.4.3502.0922)
    Windows Live Writer Resources (Version: 15.4.3502.0922)
    Yahoo! Software Update

    ==================== Restore Points =========================

    26-05-2013 11:25:01 Scheduled Checkpoint
    02-06-2013 21:06:07 Scheduled Checkpoint
    09-06-2013 22:33:25 Scheduled Checkpoint
    13-06-2013 07:00:29 Windows Update

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {176D66E2-4564-4B83-8CFE-131C62B88AFF} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe No File
    Task: {21D14A6E-F108-4461-94C6-63D9A308D899} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06] (Google Inc.)
    Task: {220D890D-B199-4065-9AEA-85033EA135D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
    Task: {5B4D802E-0E4C-46F2-B088-3CE182656DB2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
    Task: {6C9675DA-ECDE-4E62-AB2F-7F38760B770A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06] (Google Inc.)
    Task: {8F8DC102-7F2A-4818-8EDE-A14DE9B2C757} - System32\Tasks\User_Feed_Synchronization-{5844CA90-075D-439D-B054-E4D35460F121} => C:\Windows\system32\msfeedssync.exe [2011-10-23] (Microsoft Corporation)
    Task: {9CE38A18-9D3F-4252-AE08-925EC4EC8BA1} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
    Task: {A0196E0B-D561-408E-B577-1FC5F92D69CC} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\Norton PC Checkup 3.0\NLAppLauncher.exe [2013-03-25] (Symantec Corporation)
    Task: {A3B03F19-A913-48E9-9B22-79548EADD22F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01] (PC-Doctor, Inc.)
    Task: {A551DE0D-AE0E-4F0C-BA10-326932960A3B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2495214620-795130098-3517316633-1001
    Task: {BB0642A7-80B8-4876-94E4-A35846186324} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
    Task: {C2D363BD-B989-460F-B1C7-8EAB35302374} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)

    ==================== Faulty Device Manager Devices =============

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/20/2013 07:38:35 AM) (Source: Microsoft Security Client Setup) (User: bernie-HP)
    Description: HRESULT:0x8004FF11
    Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

    Error: (06/18/2013 05:05:29 PM) (Source: Application Error) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
    Exception code: 0xc0000374
    Fault offset: 0x000ce6c3
    Faulting process id: 0xf80
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3

    Error: (06/18/2013 07:51:29 AM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

    Error: (06/16/2013 11:17:02 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

    Error: (06/15/2013 06:58:12 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

    Error: (06/14/2013 02:41:13 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

    Error: (06/13/2013 02:28:13 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

    Error: (06/12/2013 11:15:35 AM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}

    Error: (06/11/2013 09:53:03 AM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}

    Error: (06/10/2013 08:52:55 AM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}


    System errors:
    =============
    Error: (06/20/2013 07:33:48 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (06/20/2013 07:33:48 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (06/20/2013 07:33:48 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (06/20/2013 07:33:24 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (06/20/2013 07:33:24 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (06/20/2013 07:33:24 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (06/20/2013 07:31:46 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (06/20/2013 07:31:46 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (06/20/2013 07:31:46 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (06/20/2013 07:31:16 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (06/20/2013 07:38:35 AM) (Source: Microsoft Security Client Setup)(User: bernie-HP)
    Description: HRESULT:0x8004FF11
    Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

    Error: (06/18/2013 05:05:29 PM) (Source: Application Error)(User: )
    Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3f8001ce6c6786449500C:\Windows\syswow64\rundll32.exeC:\Windows\SysWOW64\ntdll.dllcd930315-d85a-11e2-8690-1cc1de4f5edf

    Error: (06/18/2013 07:51:29 AM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

    Error: (06/16/2013 11:17:02 PM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

    Error: (06/15/2013 06:58:12 PM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

    Error: (06/14/2013 02:41:13 PM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

    Error: (06/13/2013 02:28:13 PM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

    Error: (06/12/2013 11:15:35 AM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}

    Error: (06/11/2013 09:53:03 AM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}

    Error: (06/10/2013 08:52:55 AM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}


    ==================== Memory info ===========================

    Percentage of memory in use: 37%
    Total physical RAM: 3831.89 MB
    Available physical RAM: 2400.81 MB
    Total Pagefile: 7661.97 MB
    Available Pagefile: 6460.08 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:686.92 GB) (Free:631.24 GB) NTFS (Disk=0 Partition=2)
    Drive d: (HP_RECOVERY) (Fixed) (Total:11.48 GB) (Free:0.28 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 699 GB) (Disk ID: C4B377E8)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=687 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
  7. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    I don't see anything malicious there so far.

    Try restore point from 13-06-2013.
    This is the date when the computer booted properly for the last time (some Windows updates have been installed at that date).
  8. theRadiantChild

    theRadiantChild TechSpot Enthusiast Topic Starter Posts: 297

    Yea I thought it was strange too. Anyway, I tried rolling back to the restore point, however, I can not verify the fix since her parents went out of town. I'm not sure when they will return but I will keep you posted.
  9. Broni

    Broni Malware Annihilator Posts: 46,388   +252

  10. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Still with me?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.