Inactive-A Malwarebytes Access Denied -- Tried Some Stuff, Need Help from Expert

begonia · May 15, 2013

Hi,
I'll give them a try, but MSE won't make it through a full scan -- tried 4x and every time the machine shuts down part way through. It's not like a, "hey I'm going to do an update" shutdown or "goodnight" shutdown; it's like BANG Dead someone pulled the plug shutdown. None of the normal shutdown stuff. Doesn't this sound fishy to you?

Broni · May 15, 2013

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
Press Scan button.[/*]
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]

begonia · May 15, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013
Ran by Barbara (administrator) on 15-05-2013 22:04:17
Running from C:\Users\Barbara\Favorites\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Conexant Systems, Inc) C:\Program Files\Conexant\SAII\SmartAudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files\Prey\platform\windows\cron.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Barbara\Favorites\Downloads\FRST64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] TpShocks.exe [380776 2009-12-11] (Lenovo.)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-17] ()
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\PFW:
HKCU\...\Run: [087BFA070BC68B68EF72E800FF7EF859CE1EC0E9._service_run] "C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service [1312720 2013-04-09] (Google Inc.)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [5998144 2012-09-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Prey Laptop Tracker] C:\Program Files\Prey\platform\windows\cron.exe --log [216635 2011-02-15] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k [580632 2011-09-23] (NTI Corporation)
HKLM-x32\...\Run: [AffixaPersonalSettings] "C:\Program Files (x86)\Affixa\AffixaHandler.exe" /APPLYPERSONAL [282848 2012-12-22] (Notably Good Ltd)
HKLM-x32\...\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [181608 2010-04-22] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [wlstart] %ProgramFiles(x86)%\Windows Live\Installer\wlstart.exe /nosearch /nohomepage [x]
HKU\Default\...\RunOnce: [] [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [wlstart] %ProgramFiles(x86)%\Windows Live\Installer\wlstart.exe /nosearch /nohomepage [x]
HKU\Default User\...\RunOnce: [] [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\GuestUser\...\Policies\system: [LogonHoursAction] 2
HKU\GuestUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Barbara\AppData\Local\Apps\2.0\X2XRTH5L.08D\71V3PPR9.7Q5\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (No File)
Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {81836CCD-778B-4AF4-96A8-3F4110357DAE} URL =
SearchScopes: HKCU - {21BE64E7-7AC0-47BA-9FF3-204E68EA9A62} URL =
SearchScopes: HKCU - {81836CCD-778B-4AF4-96A8-3F4110357DAE} URL =
SearchScopes: HKCU - {88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6} URL = http://www.search-results.com/web?q...dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1606
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: AffixaHandlerLib.BHO - {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
PDF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
PDF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default
FF Homepage: hxxp://www.easwaran.org/thoughts-for-the-day-quotes.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Visualisateur 3D de 20-20 - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\Extensions\2020Player_IKEA@2020Technologies.com
FF Extension: No Name - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\Extensions\morningCoffee@shaneliesegang
FF Extension: Affixa - Login Handler - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\Extensions\{732A141A-E40A-45c7-8F12-520284102A7D}
FF Extension: Affixa - Login Handler - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\Extensions\{732A141A-E40A-45c7-8F12-520284102A7E}
FF Extension: LeechBlock - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
FF Extension: FoxTab - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF Extension: isreaditlater - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\Extensions\isreaditlater@ideashower.com.xpi
FF Extension: morningCoffee - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\Extensions\morningCoffee@shaneliesegang.xpi
FF Extension: No Name - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\Extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi

Chrome:
=======
CHR Extension: (Google Drive) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Pandora) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0
CHR Extension: (Google Sheets) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\0.6_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Skype Click to Call) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0
CHR Extension: (Quick Note) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.8_0
CHR Extension: (Google Drawings) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme\0.7_0
CHR Extension: (Evernote Web Clipper) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.13_0
CHR Extension: (Yann Arthus-Bertrand) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc\3_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143088 2013-05-07] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-08] (Adobe Systems)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-09-24] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S4 PCToolsFixToolInjDrv; C:\Program Files (x86)\PC Tools Security\pcttFixTool64.sys [55624 2011-05-24] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2010-06-07] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 StarOpen; No ImagePath
R1 TPPWRIF; System32\drivers\Tppwr64v.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-15 22:03 - 2013-05-15 22:03 - 00000000 ____D C:\FRST
2013-05-15 07:53 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 07:53 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 07:52 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 07:52 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 07:52 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 07:52 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 07:52 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 07:52 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 07:52 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 07:52 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 07:52 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 07:52 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 07:52 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 07:52 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 07:52 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 07:52 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 07:52 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 07:52 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 07:52 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 07:52 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 07:52 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-14 14:57 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 14:57 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 14:57 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 14:57 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 14:57 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 14:57 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 14:57 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 14:56 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 14:56 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 14:56 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 14:56 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 14:56 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 14:56 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 14:56 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-13 22:53 - 2013-05-13 22:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-13 22:53 - 2013-05-13 22:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-05-13 22:32 - 2013-05-13 22:32 - 00001086 ____A C:\AdwCleaner[R2].txt
2013-05-13 20:42 - 2013-05-13 20:42 - 00025185 ____A C:\ComboFix.txt
2013-05-13 08:41 - 2013-05-13 08:41 - 00001577 ____A C:\Users\Barbara\Desktop\RKreport[2]_D_05132013_02d0841.txt
2013-05-13 08:39 - 2013-05-13 08:39 - 00001597 ____A C:\Users\Barbara\Desktop\RKreport[1]_S_05132013_02d0839.txt
2013-05-13 08:37 - 2013-05-13 08:40 - 00000000 ____D C:\Users\Barbara\Desktop\RK_Quarantine
2013-05-12 23:49 - 2013-05-12 23:49 - 00020031 ____A C:\Users\Barbara\Desktop\dds.txt
2013-05-12 23:49 - 2013-05-12 23:49 - 00013775 ____A C:\Users\Barbara\Desktop\attach.txt
2013-05-12 23:40 - 2013-05-12 23:40 - 00001819 ____A C:\Users\Barbara\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-05-12 23:40 - 2013-05-12 23:40 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-12 23:40 - 2013-05-12 23:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-12 23:39 - 2013-05-12 23:40 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-05-12 22:35 - 2013-05-12 22:55 - 00002868 ____A C:\Users\Barbara\Desktop\unhide.txt
2013-05-12 22:19 - 2013-05-12 22:19 - 00002624 ____A C:\Users\Barbara\Desktop\Rkill.txt
2013-05-12 22:10 - 2013-05-12 22:11 - 00000174 ____A C:\Windows\DeleteOnReboot.bat
2013-05-12 22:09 - 2013-05-12 22:11 - 00002744 ____A C:\AdwCleaner[S1].txt
2013-05-12 22:08 - 2013-05-12 22:08 - 00002817 ____A C:\AdwCleaner[R1].txt
2013-05-12 20:06 - 2013-05-13 23:41 - 00073924 ____A C:\Windows\PFRO.log
2013-05-12 19:51 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-12 19:51 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-12 19:51 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-12 19:51 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-12 19:51 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-12 19:51 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-12 19:51 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-12 19:51 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-12 19:49 - 2013-05-13 20:42 - 00000000 ___AD C:\Qoobox
2013-05-12 19:49 - 2013-05-12 20:11 - 00000000 ____D C:\Windows\erdnt
2013-05-12 19:00 - 2013-05-12 19:00 - 00000165 ____A C:\Users\Barbara\Documents\~$lowes lar charges 1.xlsx
2013-05-03 16:50 - 2013-05-03 16:50 - 00003388 ____A C:\Users\Barbara\.recently-used.xbel
2013-05-03 13:58 - 2013-05-03 13:58 - 00000000 ____D C:\Program Files (x86)\Canon
2013-05-03 13:58 - 2012-02-08 16:34 - 00320000 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_BBL.dll
2013-05-03 13:58 - 2012-01-26 10:28 - 00081920 ____A C:\Windows\SysWOW64\CNC1764D.TBL
2013-05-03 13:58 - 2012-01-16 14:21 - 00103424 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_BBU.dll
2013-05-03 13:58 - 2008-08-25 18:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-05-03 13:55 - 2012-04-16 05:00 - 00389120 ____A (CANON INC.) C:\Windows\System32\CNMLMBB.DLL
2013-05-03 13:55 - 2012-02-08 16:36 - 00363520 ____A (CANON INC.) C:\Windows\System32\CNC_BBL.dll
2013-05-03 13:55 - 2012-01-26 10:28 - 00081920 ____A C:\Windows\System32\CNC1764D.TBL
2013-05-03 13:55 - 2012-01-16 14:21 - 00287744 ____A (CANON INC.) C:\Windows\System32\CNC_BBC.dll
2013-05-03 13:55 - 2012-01-16 14:20 - 00106496 ____A (CANON INC.) C:\Windows\System32\CNC_BBI.dll
2013-05-03 13:55 - 2008-08-25 18:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
2013-04-30 15:55 - 2013-04-30 21:31 - 00013333 ____A C:\Users\Barbara\Documents\Property Summary.xlsx
2013-04-30 03:22 - 2013-04-30 03:22 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-30 03:22 - 2013-04-30 03:22 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-30 03:22 - 2013-04-30 03:22 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-30 03:22 - 2013-04-30 03:22 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-30 03:22 - 2013-04-30 03:22 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-30 03:22 - 2013-04-30 03:22 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-30 03:22 - 2013-04-30 03:22 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-30 03:22 - 2013-04-30 03:22 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-30 03:22 - 2013-04-30 03:22 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-30 03:01 - 2013-04-30 03:25 - 00006999 ____A C:\Windows\IE10_main.log
2013-04-27 23:48 - 2013-04-27 23:52 - 00000000 ____D C:\Users\Barbara\Cloud Drive
2013-04-27 23:47 - 2013-04-27 23:47 - 00000000 ____D C:\Users\Barbara\AppData\Local\Amazon Cloud Drive
2013-04-27 23:42 - 2013-04-28 17:06 - 00000000 ____D C:\Users\Barbara\AppData\Local\Deployment
2013-04-27 23:42 - 2013-04-27 23:42 - 00000000 ____D C:\Users\Barbara\AppData\Local\Apps\2.0
2013-04-24 20:53 - 2013-05-15 22:02 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Barbara.job
2013-04-24 20:53 - 2013-05-15 19:34 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Barbara.job
2013-04-24 20:53 - 2013-05-14 22:33 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Barbara.job
2013-04-24 07:41 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-24 07:41 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-24 07:41 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-24 07:40 - 2013-04-24 07:41 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-23 20:09 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-20 09:40 - 2013-04-20 09:40 - 00624584 ____A C:\Windows\Minidump\042013-32479-01.dmp
2013-04-19 22:47 - 2013-04-19 22:47 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-04-19 20:24 - 2013-04-19 20:27 - 00000000 ____D C:\Users\Barbara\.android
2013-04-19 20:24 - 2013-04-19 20:24 - 00000000 ____D C:\Users\Barbara\workspace
2013-04-19 20:10 - 2013-04-19 20:10 - 00000000 ____D C:\New Folder
2013-04-19 12:38 - 2012-08-29 02:24 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-04-19 12:38 - 2012-08-29 02:24 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2013-04-19 12:38 - 2012-06-27 04:37 - 01490656 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
2013-04-19 12:38 - 2012-06-27 04:37 - 00708168 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
2013-04-19 12:36 - 2013-04-19 20:12 - 00000000 ____D C:\Verizon_Android
2013-04-19 12:36 - 2013-04-19 12:36 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android
2013-04-19 12:35 - 2013-04-19 12:35 - 00000000 ____D C:\ProgramData\Samsung
2013-04-18 09:49 - 2013-04-18 09:49 - 00001191 ____A C:\Users\GuestUser\Desktop\WinASO Registry Optimizer.lnk
2013-04-18 09:49 - 2013-04-18 09:49 - 00001191 ____A C:\Users\Barbara\Desktop\WinASO Registry Optimizer.lnk

begonia · May 15, 2013

==================== One Month Modified Files and Folders =======

2013-05-15 22:03 - 2013-05-15 22:03 - 00000000 ____D C:\FRST
2013-05-15 22:02 - 2013-04-24 20:53 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Barbara.job
2013-05-15 22:02 - 2011-04-24 12:29 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-15 22:02 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-05-15 22:01 - 2013-04-07 01:00 - 00007171 ____A C:\Windows\setupact.log
2013-05-15 22:01 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-15 21:27 - 2013-02-15 09:17 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-15 21:27 - 2012-11-30 13:12 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1281610388-98583384-2208228445-1001UA.job
2013-05-15 19:46 - 2010-06-07 22:26 - 01557275 ____A C:\Windows\WindowsUpdate.log
2013-05-15 19:42 - 2012-11-30 13:12 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1281610388-98583384-2208228445-1001Core.job
2013-05-15 19:34 - 2013-04-24 20:53 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Barbara.job
2013-05-15 09:23 - 2011-04-18 16:57 - 00000000 ___RD C:\Users\Barbara\Virtual Machines
2013-05-15 08:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-05-15 08:26 - 2009-07-14 00:45 - 00020704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-15 08:26 - 2009-07-14 00:45 - 00020704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-15 08:17 - 2009-07-14 00:45 - 00348144 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 07:58 - 2010-08-29 14:22 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 07:56 - 2009-07-14 01:13 - 00743068 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-14 22:33 - 2013-04-24 20:53 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Barbara.job
2013-05-13 23:41 - 2013-05-12 20:06 - 00073924 ____A C:\Windows\PFRO.log
2013-05-13 22:53 - 2013-05-13 22:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-13 22:53 - 2013-05-13 22:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-05-13 22:53 - 2011-01-31 20:25 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-13 22:48 - 2011-04-03 20:15 - 00000000 ____D C:\Program Files (x86)\PC Tools Security
2013-05-13 22:47 - 2011-04-03 20:12 - 00000000 ____D C:\ProgramData\PC Tools
2013-05-13 22:32 - 2013-05-13 22:32 - 00001086 ____A C:\AdwCleaner[R2].txt
2013-05-13 22:26 - 2009-07-14 01:08 - 00032602 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-13 20:42 - 2013-05-13 20:42 - 00025185 ____A C:\ComboFix.txt
2013-05-13 20:42 - 2013-05-12 19:49 - 00000000 ___AD C:\Qoobox
2013-05-13 20:39 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-05-13 08:41 - 2013-05-13 08:41 - 00001577 ____A C:\Users\Barbara\Desktop\RKreport[2]_D_05132013_02d0841.txt
2013-05-13 08:40 - 2013-05-13 08:37 - 00000000 ____D C:\Users\Barbara\Desktop\RK_Quarantine
2013-05-13 08:39 - 2013-05-13 08:39 - 00001597 ____A C:\Users\Barbara\Desktop\RKreport[1]_S_05132013_02d0839.txt
2013-05-13 07:48 - 2013-04-07 08:06 - 00002391 ____A C:\Users\Barbara\Desktop\Google Chrome.lnk
2013-05-13 07:21 - 2011-04-03 20:15 - 02944053 ____A C:\Windows\System32\Drivers\Cat.DB
2013-05-13 00:02 - 2012-06-25 16:04 - 00477916 ____A C:\Users\Barbara\Documents\lowes lar charges 1.xlsx
2013-05-12 23:49 - 2013-05-12 23:49 - 00020031 ____A C:\Users\Barbara\Desktop\dds.txt
2013-05-12 23:49 - 2013-05-12 23:49 - 00013775 ____A C:\Users\Barbara\Desktop\attach.txt
2013-05-12 23:40 - 2013-05-12 23:40 - 00001819 ____A C:\Users\Barbara\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-05-12 23:40 - 2013-05-12 23:40 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-12 23:40 - 2013-05-12 23:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-12 23:40 - 2013-05-12 23:39 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-05-12 22:55 - 2013-05-12 22:35 - 00002868 ____A C:\Users\Barbara\Desktop\unhide.txt
2013-05-12 22:19 - 2013-05-12 22:19 - 00002624 ____A C:\Users\Barbara\Desktop\Rkill.txt
2013-05-12 22:11 - 2013-05-12 22:10 - 00000174 ____A C:\Windows\DeleteOnReboot.bat
2013-05-12 22:11 - 2013-05-12 22:09 - 00002744 ____A C:\AdwCleaner[S1].txt
2013-05-12 22:10 - 2010-06-18 03:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-12 22:08 - 2013-05-12 22:08 - 00002817 ____A C:\AdwCleaner[R1].txt
2013-05-12 20:11 - 2013-05-12 19:49 - 00000000 ____D C:\Windows\erdnt
2013-05-12 20:05 - 2009-07-13 22:34 - 78905344 ____A C:\Windows\System32\config\software.bak
2013-05-12 20:05 - 2009-07-13 22:34 - 22282240 ____A C:\Windows\System32\config\system.bak
2013-05-12 20:05 - 2009-07-13 22:34 - 00524288 ____A C:\Windows\System32\config\default.bak
2013-05-12 20:05 - 2009-07-13 22:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2013-05-12 20:05 - 2009-07-13 22:34 - 00028672 ____A C:\Windows\System32\config\sam.bak
2013-05-12 20:04 - 2010-06-18 03:11 - 00000000 ____D C:\users\Barbara
2013-05-12 19:19 - 2011-05-02 12:22 - 00000000 ____D C:\Users\Barbara\Documents\TurboTax
2013-05-12 19:00 - 2013-05-12 19:00 - 00000165 ____A C:\Users\Barbara\Documents\~$lowes lar charges 1.xlsx
2013-05-09 22:20 - 2010-08-20 14:15 - 00000000 ____D C:\ProgramData\Syscon
2013-05-03 22:31 - 2011-04-27 20:50 - 00000000 ____D C:\Users\Barbara\Documents\Betsy
2013-05-03 17:34 - 2010-12-07 09:54 - 00000000 ____D C:\Users\Barbara\.gimp-2.6
2013-05-03 16:50 - 2013-05-03 16:50 - 00003388 ____A C:\Users\Barbara\.recently-used.xbel
2013-05-03 13:58 - 2013-05-03 13:58 - 00000000 ____D C:\Program Files (x86)\Canon
2013-05-03 13:58 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2013-05-03 13:55 - 2012-02-25 01:07 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-05-02 11:29 - 2010-06-18 03:36 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-02 08:49 - 2011-02-14 18:26 - 00000632 _RASH C:\Users\Barbara\ntuser.pol
2013-05-01 20:06 - 2009-07-13 23:20 - 00000000 ___RD C:\Users\Public\Libraries
2013-04-30 21:31 - 2013-04-30 15:55 - 00013333 ____A C:\Users\Barbara\Documents\Property Summary.xlsx
2013-04-30 21:31 - 2012-03-02 11:46 - 00811852 ____A C:\Users\Barbara\Documents\michaux03-12.xlsx
2013-04-30 19:18 - 2010-08-25 14:23 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Mapi2Xml
2013-04-30 03:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-30 03:25 - 2013-04-30 03:01 - 00006999 ____A C:\Windows\IE10_main.log
2013-04-30 03:22 - 2013-04-30 03:22 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-30 03:22 - 2013-04-30 03:22 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-30 03:22 - 2013-04-30 03:22 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-30 03:22 - 2013-04-30 03:22 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-30 03:22 - 2013-04-30 03:22 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-30 03:22 - 2013-04-30 03:22 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-30 03:22 - 2013-04-30 03:22 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-30 03:22 - 2013-04-30 03:22 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-30 03:22 - 2013-04-30 03:22 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-30 03:22 - 2013-04-30 03:22 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-30 03:22 - 2013-04-30 03:22 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-28 17:06 - 2013-04-27 23:42 - 00000000 ____D C:\Users\Barbara\AppData\Local\Deployment
2013-04-27 23:52 - 2013-04-27 23:48 - 00000000 ____D C:\Users\Barbara\Cloud Drive
2013-04-27 23:47 - 2013-04-27 23:47 - 00000000 ____D C:\Users\Barbara\AppData\Local\Amazon Cloud Drive
2013-04-27 23:42 - 2013-04-27 23:42 - 00000000 ____D C:\Users\Barbara\AppData\Local\Apps\2.0
2013-04-27 23:21 - 2011-06-18 07:39 - 00000000 ____D C:\Users\Barbara\Documents\CardMinder
2013-04-24 17:51 - 2012-09-20 16:57 - 00000000 ____D C:\ProgramData\Real
2013-04-24 17:51 - 2010-08-28 18:34 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Real
2013-04-24 07:41 - 2013-04-24 07:40 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-24 07:41 - 2011-09-12 18:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-04-20 09:40 - 2013-04-20 09:40 - 00624584 ____A C:\Windows\Minidump\042013-32479-01.dmp
2013-04-20 09:40 - 2010-08-28 20:35 - 00000000 ____D C:\Windows\Minidump
2013-04-20 09:39 - 2012-01-04 00:26 - 567862325 ____A C:\Windows\MEMORY.DMP
2013-04-19 22:47 - 2013-04-19 22:47 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-04-19 21:52 - 2011-07-01 15:37 - 00071680 ____A C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-19 20:27 - 2013-04-19 20:24 - 00000000 ____D C:\Users\Barbara\.android
2013-04-19 20:24 - 2013-04-19 20:24 - 00000000 ____D C:\Users\Barbara\workspace
2013-04-19 20:12 - 2013-04-19 12:36 - 00000000 ____D C:\Verizon_Android
2013-04-19 20:10 - 2013-04-19 20:10 - 00000000 ____D C:\New Folder
2013-04-19 12:37 - 2010-07-01 10:05 - 00000000 ____D C:\Program Files (x86)\SAMSUNG
2013-04-19 12:36 - 2013-04-19 12:36 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android
2013-04-19 12:36 - 2010-07-01 10:04 - 00000000 ____D C:\Program Files\Samsung
2013-04-19 12:35 - 2013-04-19 12:35 - 00000000 ____D C:\ProgramData\Samsung
2013-04-18 09:49 - 2013-04-18 09:49 - 00001191 ____A C:\Users\GuestUser\Desktop\WinASO Registry Optimizer.lnk
2013-04-18 09:49 - 2013-04-18 09:49 - 00001191 ____A C:\Users\Barbara\Desktop\WinASO Registry Optimizer.lnk
2013-04-17 17:00 - 2012-09-14 13:43 - 00000000 ____D C:\ProgramData\Rosetta Stone
2013-04-17 00:21 - 2013-02-16 17:52 - 00019572 ____A C:\Users\Barbara\Documents\Cash Flow Worksheet1.xlsx
2013-04-16 23:53 - 2013-04-01 12:30 - 00032260 ____A C:\Users\Barbara\Documents\finstmtapr13.xlsx
2013-04-15 08:44 - 2011-12-07 00:19 - 00020601 ____A C:\Users\Barbara\Documents\chalet util.xlsx

Other Malware:
===========
C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-14 19:55

==================== End Of Log ============================

begonia · May 15, 2013

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2013
Ran by Barbara at 2013-05-15 22:05:50 Run:
Running from C:\Users\Barbara\Favorites\Downloads
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Sansa Media Converter (Version: 1.0-B4.263)
Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.2.1.28086)
3ivx D4 4.5.1 Decoder (remove only) (Version: 4.5.1)
ABBYY FineReader for ScanSnap (TM) 4.0 (Version: 8.00.245.56422)
Access Help (Version: 3.01)
Adobe AIR (Version: 3.4.0.2710)
Adobe Bridge 1.0 (Version: 1.0.1.1)
Adobe Common File Installer (Version: 1.00.002)
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX (Version: 10.2.159.1)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Help Center 2.0 (Version: 2.0.0)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Premiere Pro 2.0 (Version: 2.000.000)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe Stock Photos 1.0 (Version: 1.0.2)
Affixa (Version: 3.12.1222)
Affixa 3.2012.12.22 (Version: 3.11.1127)
Amazon Cloud Drive (Version: 2.0.2013.841)
Amazon Kindle
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Bamboo (Version: 5.2.4-5)
Bamboo Dock (Version: 3.5.0)
Bamboo Dock 3.3 (Version: 3.3)
Blackboard IM 4.1.0-C (Version: 4.1.0-C)
Bonjour (Version: 3.0.0.10)
Burn.Now 4.5 (Version: 4.5.0)
Canon IJ Scan Utility
Canon MG5400 series MP Drivers (Version: 1.01)
Canon MP530
CardMinder (Version: V4.0L10)
CardMinder V4.0 (Version: 4.0.10.1)
Conexant 20585 SmartAudio HD (Version: 4.95.43.52)
Corel Burn.Now Lenovo Edition (Version: 4.5.0)
Corel DVD MovieFactory 7 (Version: 7.0.0)
Corel DVD MovieFactory Lenovo Edition (Version: 7.0.0)
Create Recovery Media (Version: 1.20.0.00)
Direct DiscRecorder (Version: 1.00.0000)
Evernote v. 4.6.3 (Version: 4.6.3.8096)
Fastest Free YouTube Downloader to MP3 Converter (Version: 4.9)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 26.0.1410.64)
Google Drive (Version: 1.9.4536.8202)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
Human Design Life Chart (Version: 3.0)
Integrated Camera Driver Installer Package Ver.1.1.0.19 (Version: 1.1.0.19)
Intel PROSet Wireless
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2025)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) PROSet/Wireless WiFi Software (Version: 13.02.0000)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.186.3)
InterVideo WinDVD 8 (Version: 8.0.20.184)
IP Camera
iTunes (Version: 10.7.0.21)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 31 (Version: 6.0.310)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (Version: 1.3.0.9)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo System Interface Driver (Version: 1.05)
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
Lenovo Warranty Information (Version: 1.0.0004.00)
Lenovo Welcome
LG SP USB Driver (Version: 1.0)
LG USB WML Modem Driver (Version: 1.0)
Message Center Plus (Version: 2.0.0012.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mini-stream Ripper 3.1.2.1.2010.03.30
Mobile Broadband (Version: 3.6.0034)
Mozilla Firefox (3.6.12) (Version: 3.6.12 (en-US))
Mozilla Firefox 14.0 (x86 en-US) (Version: 14.0)
Mozilla Maintenance Service (Version: 14.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NirSoft VideoCacheView
NTI Backup Now EZ (Version: 2.5.2.36)
Pam Call Recorder 4.8 (Version: 4.8)
Power Manager (Version: 6.36)
Quicken 2011 (Version: 20.1.8.6)
QuickTime (Version: 7.70.80.34)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Rescue and Recovery (Version: 4.30.0025.00)
Rosetta Stone Homeschool (Version: 3.4.5)
Samsung Mobile phone USB driver Drive Software
Samsung PC Studio 3 (Version: 3.0.0.71206)
Samsung PC Studio 3 (Version: 3.2.3.90502)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
Sansa Updater
ScanSnap (Version: 5.0.11.1)
ScanSnap Manager (Version: V5.0L11)
ScanSnap Organizer (Version: 4.0.12.1)
ScanSnap Organizer (Version: V4.1L13)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
Suite Specific (Version: 2.0.0)
SUPERAntiSpyware (Version: 5.6.1018)
swMSM (Version: 12.0.0.1)
System Update (Version: 4.03.0012)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Modem Adapter (Version: 7.80.5.0)
ThinkPad Power Management Driver (Version: 1.64.00.00)
ThinkPad UltraNav Driver (Version: 15.0.18.0)
ThinkPad UltraNav Utility (Version: 2.12.0)
ThinkVantage Access Connections (Version: 5.62)
ThinkVantage Active Protection System (Version: 1.71)
ThinkVantage Communications Utility (Version: 1.41)
TurboTax 2009
TurboTax 2009 WinBizFedFormset (Version: 009.000.0915)
TurboTax 2009 WinBizReleaseEngine (Version: 009.000.0236)
TurboTax 2009 WinBizTaxSupport (Version: 009.000.0167)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2009 wnciper (Version: 009.000.0717)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222)
TurboTax 2010 wnciper (Version: 010.000.1586)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.3351)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222)
TurboTax 2011 wnciper (Version: 011.000.1545)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2013)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wnciper (Version: 012.000.1358)
TurboTax 2012 wrapper (Version: 012.000.0127)
TurboTax Business 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebTablet IE Plugin (Version: 1.1.0.7)
WebTablet Netscape Plugin (Version: 1.1.0.5)
WinASO Registry Optimizer 4.8.2
Windows Driver Package - Intel (e1kexpress) Net (12/10/2009 11.5.10.0) (Version: 12/10/2009 11.5.10.0)
Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179) (Version: 09/17/2009 6.0.0.1179)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (Version: 06/04/2009 1.0.0.0002)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (Version: 10/28/2009 9.1.1.1022)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (Version: 08/20/2009 9.1.1.1020)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (Version: 11/18/2009 1.60.0.4)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (Version: 10/26/2009 6.10.02.07)
Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0) (Version: 04/22/2010 15.0.18.0)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Mode (Version: 1.3.7600.16423)
WinRAR archiver
Wisdom Quest (Version: 2.0)
Xvid Video Codec (Version: 1.3.2)

==================== Restore Points =========================

30-04-2013 07:00:15 Windows Update
01-05-2013 07:00:35 Windows Update
10-05-2013 11:53:10 Scheduled Checkpoint
12-05-2013 23:51:38 ComboFix created restore point
14-05-2013 00:25:20 Broni1
14-05-2013 02:55:30 Windows Update
15-05-2013 11:51:04 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2013 02:54:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3385

Error: (05/15/2013 02:54:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3385

Error: (05/15/2013 02:54:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 02:54:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2387

Error: (05/15/2013 02:54:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2387

Error: (05/15/2013 02:54:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 02:54:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (05/15/2013 02:54:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (05/15/2013 02:54:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2013 08:48:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

System errors:
=============
Error: (05/15/2013 10:01:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
StarOpen

Error: (05/15/2013 10:00:55 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/15/2013 10:01:09 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:58:49 PM on ?5/?15/?2013 was unexpected.

Error: (05/15/2013 08:18:17 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
StarOpen

Error: (05/15/2013 08:16:34 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/15/2013 07:47:03 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
StarOpen

Error: (05/15/2013 07:46:09 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/15/2013 07:46:25 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:22:49 PM on ?5/?14/?2013 was unexpected.

Error: (05/14/2013 05:13:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
StarOpen

Error: (05/14/2013 05:12:49 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Microsoft Office Sessions:
=========================
Error: (04/15/2013 01:18:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 62207 seconds with 720 seconds of active time. This session ended with a crash.

Error: (04/12/2013 05:23:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 77326 seconds with 4680 seconds of active time. This session ended with a crash.

Error: (02/06/2013 03:07:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17325 seconds with 780 seconds of active time. This session ended with a crash.

Error: (09/04/2012 10:10:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 674 seconds with 300 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2013-05-12 20:04:04.396
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-12 20:04:04.222
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3891.67 MB
Available physical RAM: 1789.86 MB
Total Pagefile: 7781.53 MB
Available Pagefile: 5339.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:211.83 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:0 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 38757EDB)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Broni · May 15, 2013

Nah, there is nothing malicious there.

The only thing I can suggest is to reinstall MSE or switch to some other AV program.

We can try one very last shot.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

begonia · May 20, 2013

Hi again,
Hope you had a good weekend. The computer is running faster, but still not letting me write programs and is crashing. I don't know if it made it through the checkdisk part yet because I let it run when I'm going to bed and then the computer is dead when I come to check it in the morning. I haven't seen a log or a reboot message, so I assume it's just crashing partway through. I tried to install Acrobat today and gave me a similar write protection error as MBAM. Will play later and let you know any updates/discoveries/breakthroughs.

Broni · May 20, 2013

You need to run my tool.
If necessary stay next to it and see what happens.

Broni · May 25, 2013

Still with me?

Broni · May 30, 2013

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

Inactive-A Malwarebytes Access Denied -- Tried Some Stuff, Need Help from Expert

begonia

Posts: 20 +0

Broni

Posts: 56,041 +516

begonia

Posts: 20 +0

begonia

Posts: 20 +0

begonia

Posts: 20 +0

Broni

Posts: 56,041 +516

begonia

Posts: 20 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts