Inactive MoneyPak FBi

Status
Not open for further replies.
T

theRadiantChild

Posts: 424   +0
I am trying to clean my fiancees parents computer remotely. They can not boot into normal mode but safe mode with networking works. I have scanned their computer and cant seem to come up with anything malicious. What gives? Here are my logs. I am using teamviewer to try to help them since they live in another state and arent computer savvy.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16490
Run by bernie at 7:40:38 on 2013-06-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3832.2666 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.yahoo.com/
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: UnfriendApp: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3
mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
uExplorerRun: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3
mExplorerRun: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3
StartupFolder: C:\Users\bernie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Windows\System32\rundll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{044CE9DD-5C68-43A4-95BC-53242B8DAFB4} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-17 1139800]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-5-31 852256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-31 346144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-5-31 39480]
S1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-6-19 26176]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]
S1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-17 169048]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130619.001\IDSviA64.sys [2013-6-19 513184]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-17 224416]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-6-17 433752]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-6-19 2626880]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-31 202752]
S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-11 132504]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2011-11-24 126392]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-6-19 4150112]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-6-19 66320]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-28 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-27 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-19 22:58:32--------d-----w-C:\Program Files (x86)\Emsisoft Anti-Malware
2013-06-19 22:35:53--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-19 22:35:41--------d-----w-C:\Users\bernie\AppData\Local\Programs
2013-06-19 22:28:29--------d-----w-C:\Program Files (x86)\TeamViewer
2013-06-18 21:05:16--------d-----w-C:\ProgramData\McAfeeSecurePC
2013-06-17 10:52:13433752----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys
2013-06-17 10:52:1323448----a-r-C:\Windows\System32\drivers\N360x64\1404000.028\symelam.sys
2013-06-17 10:52:12796760----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys
2013-06-17 10:52:12493656----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys
2013-06-17 10:52:1236952----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\srtspx64.sys
2013-06-17 10:52:12224416----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys
2013-06-17 10:52:12169048----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys
2013-06-17 10:52:121139800----a-w-C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys
2013-06-17 10:51:52--------d-----w-C:\Windows\System32\drivers\N360x64\1404000.028
2013-06-12 19:17:361910632----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-06-12 19:16:441887232----a-w-C:\Windows\System32\d3d11.dll
2013-06-12 19:16:431505280----a-w-C:\Windows\SysWow64\d3d11.dll
.
==================== Find3M ====================
.
2013-06-17 22:03:09177312----a-w-C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-12 14:30:5371048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 14:30:53692104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 03:09:562312704----a-w-C:\Windows\System32\jscript9.dll
2013-05-17 03:02:291392128----a-w-C:\Windows\System32\wininet.dll
2013-05-17 03:01:131494528----a-w-C:\Windows\System32\inetcpl.cpl
2013-05-17 02:56:09173056----a-w-C:\Windows\System32\ieUnatt.exe
2013-05-17 02:56:00599040----a-w-C:\Windows\System32\vbscript.dll
2013-05-17 02:51:272382848----a-w-C:\Windows\System32\mshtml.tlb
2013-05-16 22:39:391800704----a-w-C:\Windows\SysWow64\jscript9.dll
2013-05-16 22:28:261129472----a-w-C:\Windows\SysWow64\wininet.dll
2013-05-16 22:27:301427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2013-05-16 22:21:37142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2013-05-16 22:20:30420864----a-w-C:\Windows\SysWow64\vbscript.dll
2013-05-16 22:16:572382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01184320----a-w-C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:001464320----a-w-C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00139776----a-w-C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:4052224----a-w-C:\Windows\System32\certenc.dll
2013-05-13 04:45:55140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:551160192----a-w-C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:551192448----a-w-C:\Windows\System32\certutil.exe
2013-05-13 03:08:10903168----a-w-C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:0643008----a-w-C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:2730720----a-w-C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:5424576----a-w-C:\Windows\SysWow64\cryptdlg.dll
2013-04-26 05:51:36751104----a-w-C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21492544----a-w-C:\Windows\SysWow64\win32spl.dll
2013-04-17 07:02:061230336----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:461424384----a-w-C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16474624----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:152176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:081656680----a-w-C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54265064----a-w-C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53983400----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:503153920----a-w-C:\Windows\System32\win32k.sys
2013-04-04 18:50:3225928----a-w-C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 7:41:12.09 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/27/2010 7:56:35 PM
System Uptime: 6/20/2013 7:17:31 AM (0 hours ago)
.
Motherboard: FOXCONN | | 2A92
Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 2793/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 687 GiB total, 631.672 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 0.278 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP191: 5/26/2013 7:25:01 AM - Scheduled Checkpoint
RP192: 6/2/2013 5:06:07 PM - Scheduled Checkpoint
RP193: 6/9/2013 6:33:25 PM - Scheduled Checkpoint
RP194: 6/13/2013 3:00:29 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
AMD USB Filter Driver
ATI Catalyst Install Manager
Bing Bar
Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Canon Utilities PhotoStitch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
DVD Menu Pack for HP MediaSmart Video
Emsisoft Anti-Malware
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
Free File Opener version 2011.6.0
Google Chrome
Google Update Helper
Hardware Diagnostic Tools
HP Customer Experience Enhancements
HP Odometer
HP Support Information
Hulu Desktop
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
Norton PC Checkup
OpenOffice.org 3.2
PhotoNow!
PictureMover
PlayReady PC Runtime amd64
Power2Go
PowerDirector
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Steam
TeamViewer 8
Torchlight II
UnfriendApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VVVVVV
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
6/20/2013 7:39:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/20/2013 7:18:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/20/2013 7:18:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/20/2013 7:18:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/20/2013 7:18:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/20/2013 7:18:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
6/19/2013 11:40:03 PM, Error: Service Control Manager [7022] - The Emsisoft Anti-Malware 7.0 - Service service hung on starting.
6/18/2013 4:52:00 PM, Error: Schannel [36888] - The following fatal alert was generated: 70. The internal error state is 105.
6/14/2013 8:57:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.20.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
bernie :: BERNIE-HP [administrator]

6/20/2013 7:31:12 AM
mbam-log-2013-06-20 (07-31-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209838
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Did an eset scan and it found this C:\Users\bernie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\6edd60f7-5a93f238Java/Exploit.CVE-2012-1723.KH trojancleaned by deleting - quarantined

Not sure if this is the FBI monkeypak virus or not. Any help would be appreciated
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2013
Ran by bernie (administrator) on 20-06-2013 19:36:04
Running from C:\Users\bernie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Policies\Explorer\Run: [McAfeeSecurePC] C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll [63488 2013-06-18] ( ())
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
HKCU\...\Run: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3 [63488 2013-06-18] ()
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [McAfeeSecurePC] rundll32.exe "C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll",#3 [63488 2013-06-18] ()
HKLM-x32\...\Run: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60 [2916264 2013-05-30] (Emsisoft GmbH)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\bernie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\McAfee PC Security.lnk
ShortcutTarget: McAfee PC Security.lnk -> C:\ProgramData\McAfeeSecurePC\mcafeesecurepc.dll ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {8A79530E-788C-4C92-97D6-D6D4FFD01D22} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {8A79530E-788C-4C92-97D6-D6D4FFD01D22} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {23B909E8-3723-4086-92B5-948847218972} URL = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20110207,6901,0,8,0
SearchScopes: HKCU - {68620606-8724-4312-94F2-A4031BAAA288} URL =
SearchScopes: HKCU - {8A79530E-788C-4C92-97D6-D6D4FFD01D22} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll (UnfriendApp)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Gmail) - C:\Users\bernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2626880 2013-05-30] (Emsisoft GmbH)
S2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-25] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [126392 2011-09-29] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130619.001\IDSvia64.sys [513184 2013-02-01] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130619.001\IDSvia64.sys [513184 2013-02-01] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130619.016\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130619.016\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130619.016\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130619.016\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2012-02-12] (Jungo)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-20 19:35 - 2013-06-20 19:35 - 01929604 ____A (Farbar) C:\Users\bernie\Desktop\FRST64.exe
2013-06-20 19:35 - 2013-06-20 19:35 - 00000000 ____D C:\FRST
2013-06-20 16:44 - 2013-06-20 16:44 - 00000156 ____A C:\Users\bernie\Desktop\eset.txt
2013-06-20 08:04 - 2013-06-20 08:04 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-20 07:41 - 2013-06-20 07:41 - 00014363 ____A C:\Users\bernie\Desktop\dds.txt
2013-06-20 07:41 - 2013-06-20 07:41 - 00008799 ____A C:\Users\bernie\Desktop\attach.txt
2013-06-20 07:40 - 2013-06-20 07:40 - 00688992 ____R (Swearware) C:\Users\bernie\Desktop\dds.com
2013-06-20 07:38 - 2013-06-20 07:38 - 13475464 ____A (Microsoft Corporation) C:\Users\bernie\Desktop\mseinstall.exe
2013-06-20 07:38 - 2013-06-20 07:38 - 00002243 ____A C:\Windows\epplauncher.mif
2013-06-19 18:58 - 2013-06-19 23:32 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-06-19 18:58 - 2013-06-19 18:58 - 00001053 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-06-19 18:55 - 2013-06-19 18:57 - 187285416 ____A (Emsisoft GmbH ) C:\Users\bernie\Desktop\EmsisoftAntiMalwareSetup.exe
2013-06-19 18:50 - 2013-06-19 18:52 - 00003174 ____A C:\Users\bernie\Desktop\Rkill.txt
2013-06-19 18:50 - 2013-06-19 18:50 - 00000000 ____D C:\Users\bernie\Desktop\rkill
2013-06-19 18:49 - 2013-06-19 18:49 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\bernie\Desktop\iExplore.exe
2013-06-19 18:48 - 2013-06-19 18:48 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\bernie\Desktop\rkill.exe
2013-06-19 18:35 - 2013-06-19 18:35 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\bernie\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-19 18:35 - 2013-06-19 18:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-19 18:35 - 2013-06-19 18:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-19 18:28 - 2013-06-19 18:28 - 00001124 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-06-19 18:28 - 2013-06-19 18:28 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-06-19 18:23 - 2013-06-19 18:26 - 05106800 ____A (TeamViewer GmbH) C:\Users\bernie\Downloads\TeamViewer_Setup_en.exe
2013-06-18 17:05 - 2013-06-18 17:05 - 00000000 ____D C:\ProgramData\McAfeeSecurePC
2013-06-13 03:03 - 2013-05-17 00:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:03 - 2013-05-16 23:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:03 - 2013-05-16 23:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:03 - 2013-05-16 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:03 - 2013-05-16 23:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:03 - 2013-05-16 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 03:03 - 2013-05-16 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 03:03 - 2013-05-16 22:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:03 - 2013-05-16 22:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 03:03 - 2013-05-16 22:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 03:03 - 2013-05-16 22:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:03 - 2013-05-16 22:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:03 - 2013-05-16 22:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 03:03 - 2013-05-16 22:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:03 - 2013-05-16 22:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 03:03 - 2013-05-16 22:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 03:03 - 2013-05-16 19:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 03:03 - 2013-05-16 18:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 03:03 - 2013-05-16 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 03:03 - 2013-05-16 18:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 03:03 - 2013-05-16 18:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 03:03 - 2013-05-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-13 03:03 - 2013-05-16 18:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-13 03:03 - 2013-05-16 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 03:03 - 2013-05-16 18:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 03:03 - 2013-05-16 18:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-13 03:03 - 2013-05-16 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-13 03:03 - 2013-05-16 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 03:03 - 2013-05-16 18:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 03:03 - 2013-05-16 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-13 03:03 - 2013-05-16 18:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 03:03 - 2013-05-16 18:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 15:17 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 15:17 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 15:17 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 15:17 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 15:17 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 15:17 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 15:17 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 15:17 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 15:17 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 15:17 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 15:17 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 15:17 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 15:17 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 15:17 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 15:17 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 15:17 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 15:17 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 15:16 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 15:16 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-06-20 19:35 - 2013-06-20 19:35 - 01929604 ____A (Farbar) C:\Users\bernie\Desktop\FRST64.exe
2013-06-20 19:35 - 2013-06-20 19:35 - 00000000 ____D C:\FRST
2013-06-20 16:44 - 2013-06-20 16:44 - 00000156 ____A C:\Users\bernie\Desktop\eset.txt
2013-06-20 08:04 - 2013-06-20 08:04 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-20 07:41 - 2013-06-20 07:41 - 00014363 ____A C:\Users\bernie\Desktop\dds.txt
2013-06-20 07:41 - 2013-06-20 07:41 - 00008799 ____A C:\Users\bernie\Desktop\attach.txt
2013-06-20 07:40 - 2013-06-20 07:40 - 00688992 ____R (Swearware) C:\Users\bernie\Desktop\dds.com
2013-06-20 07:38 - 2013-06-20 07:38 - 13475464 ____A (Microsoft Corporation) C:\Users\bernie\Desktop\mseinstall.exe
2013-06-20 07:38 - 2013-06-20 07:38 - 00002243 ____A C:\Windows\epplauncher.mif
2013-06-20 07:12 - 2010-11-27 20:56 - 01213970 ____A C:\Windows\WindowsUpdate.log
2013-06-20 07:11 - 2011-12-06 23:01 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 07:08 - 2012-04-04 15:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 23:47 - 2009-07-14 00:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 23:47 - 2009-07-14 00:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 23:39 - 2012-12-21 22:22 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-19 23:39 - 2010-11-27 20:56 - 00085712 ____A C:\Users\bernie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-19 23:38 - 2012-09-12 03:18 - 00002978 ____A C:\Windows\setupact.log
2013-06-19 23:38 - 2011-12-06 23:01 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 23:38 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 23:38 - 2009-07-14 00:45 - 00353872 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-19 23:32 - 2013-06-19 18:58 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-06-19 18:58 - 2013-06-19 18:58 - 00001053 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2013-06-19 18:57 - 2013-06-19 18:55 - 187285416 ____A (Emsisoft GmbH ) C:\Users\bernie\Desktop\EmsisoftAntiMalwareSetup.exe
2013-06-19 18:52 - 2013-06-19 18:50 - 00003174 ____A C:\Users\bernie\Desktop\Rkill.txt
2013-06-19 18:50 - 2013-06-19 18:50 - 00000000 ____D C:\Users\bernie\Desktop\rkill
2013-06-19 18:49 - 2013-06-19 18:49 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\bernie\Desktop\iExplore.exe
2013-06-19 18:48 - 2013-06-19 18:48 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\bernie\Desktop\rkill.exe
2013-06-19 18:35 - 2013-06-19 18:35 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\bernie\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-19 18:35 - 2013-06-19 18:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-19 18:35 - 2013-06-19 18:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-19 18:28 - 2013-06-19 18:28 - 00001124 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-06-19 18:28 - 2013-06-19 18:28 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-06-19 18:26 - 2013-06-19 18:23 - 05106800 ____A (TeamViewer GmbH) C:\Users\bernie\Downloads\TeamViewer_Setup_en.exe
2013-06-18 17:18 - 2012-09-23 03:19 - 00055332 ____A C:\Windows\PFRO.log
2013-06-18 17:18 - 2010-11-27 20:56 - 00000000 ____D C:\users\bernie
2013-06-18 17:05 - 2013-06-18 17:05 - 00000000 ____D C:\ProgramData\McAfeeSecurePC
2013-06-18 17:05 - 2011-04-15 07:06 - 00000000 ____D C:\Users\bernie\AppData\Local\CrashDumps
2013-06-18 10:26 - 2010-11-27 22:32 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-06-18 10:25 - 2010-11-27 22:32 - 00002281 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-06-17 18:03 - 2010-11-27 22:33 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-17 18:03 - 2010-11-27 22:33 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-15 07:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 08:24 - 2009-07-14 01:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-13 03:01 - 2010-11-27 21:59 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 10:30 - 2012-04-04 15:18 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 10:30 - 2011-10-23 10:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-02 17:07 - 2012-09-11 07:19 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.0
2013-05-31 23:05 - 2010-11-27 20:57 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 03:03

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2013
Ran by bernie at 2013-06-20 19:36:35 Run:
Running from C:\Users\bernie\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Installed Programs =======================

Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
AMD USB Filter Driver (Version: 1.0.14.91)
ATI Catalyst Install Manager (Version: 3.0.762.0)
Bing Bar (Version: 7.0.614.0)
Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide (Version: 1.0.0.7)
Canon Utilities CameraWindow DC 8 (Version: 8.7.0.11)
Canon Utilities ImageBrowser EX (Version: 1.0.1.32)
Canon Utilities PhotoStitch (Version: 3.1.23.47)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Full Existing (Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Full New (Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Light (Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0202.2335.42270)
Catalyst Control Center InstallProxy (Version: 2010.0202.2335.42270)
Catalyst Control Center Localization All (Version: 2010.0202.2335.42270)
CCC Help Chinese Standard (Version: 2010.0202.2334.42270)
CCC Help Chinese Traditional (Version: 2010.0202.2334.42270)
CCC Help Czech (Version: 2010.0202.2334.42270)
CCC Help Danish (Version: 2010.0202.2334.42270)
CCC Help Dutch (Version: 2010.0202.2334.42270)
CCC Help English (Version: 2010.0202.2334.42270)
CCC Help Finnish (Version: 2010.0202.2334.42270)
CCC Help French (Version: 2010.0202.2334.42270)
CCC Help German (Version: 2010.0202.2334.42270)
CCC Help Greek (Version: 2010.0202.2334.42270)
CCC Help Hungarian (Version: 2010.0202.2334.42270)
CCC Help Italian (Version: 2010.0202.2334.42270)
CCC Help Japanese (Version: 2010.0202.2334.42270)
CCC Help Korean (Version: 2010.0202.2334.42270)
CCC Help Norwegian (Version: 2010.0202.2334.42270)
CCC Help Polish (Version: 2010.0202.2334.42270)
CCC Help Portuguese (Version: 2010.0202.2334.42270)
CCC Help Russian (Version: 2010.0202.2334.42270)
CCC Help Spanish (Version: 2010.0202.2334.42270)
CCC Help Swedish (Version: 2010.0202.2334.42270)
CCC Help Thai (Version: 2010.0202.2334.42270)
CCC Help Turkish (Version: 2010.0202.2334.42270)
ccc-core-static (Version: 2010.0202.2335.42270)
ccc-utility64 (Version: 2010.0202.2335.42270)
CCleaner (Version: 3.12)
CinemaNow Media Manager (Version: 1.9.1.105)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CyberLink DVD Suite Deluxe (Version: 7.0.2712)
D3DX10 (Version: 15.4.2368.0902)
DVD Menu Pack for HP MediaSmart Video (Version: 4.0.3715)
Emsisoft Anti-Malware (Version: 7.0)
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
ESET Online Scanner v3
Free File Opener version 2011.6.0 (Version: 2011.6.0)
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
Hardware Diagnostic Tools (Version: 6.0.5418.39)
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP Odometer (Version: 2.10.0000)
HP Support Information (Version: 10.1.0002)
Hulu Desktop (Version: 0.9.11)
Java Auto Updater (Version: 2.0.7.2)
Java(TM) 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.2610)
LightScribe System Software (Version: 1.18.11.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton 360 (Version: 20.4.0.40)
Norton PC Checkup (Version: 2.0.15.91)
Norton PC Checkup (Version: 3.0.2.115.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
PhotoNow! (Version: 1.1.6904)
PictureMover (Version: 3.3.1.19)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (Version: 6.1.3810)
PowerDirector (Version: 8.0.2704)
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver (Version: 6.0.1.6053)
Recovery Manager (Version: 5.5.2719)
Steam (Version: 1.0.0.0)
TeamViewer 8 (Version: 8.0.19045)
Torchlight II
UnfriendApp (Version: 2.5.60)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VVVVVV
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Software Update

==================== Restore Points =========================

26-05-2013 11:25:01 Scheduled Checkpoint
02-06-2013 21:06:07 Scheduled Checkpoint
09-06-2013 22:33:25 Scheduled Checkpoint
13-06-2013 07:00:29 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {176D66E2-4564-4B83-8CFE-131C62B88AFF} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe No File
Task: {21D14A6E-F108-4461-94C6-63D9A308D899} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06] (Google Inc.)
Task: {220D890D-B199-4065-9AEA-85033EA135D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {5B4D802E-0E4C-46F2-B088-3CE182656DB2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {6C9675DA-ECDE-4E62-AB2F-7F38760B770A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-06] (Google Inc.)
Task: {8F8DC102-7F2A-4818-8EDE-A14DE9B2C757} - System32\Tasks\User_Feed_Synchronization-{5844CA90-075D-439D-B054-E4D35460F121} => C:\Windows\system32\msfeedssync.exe [2011-10-23] (Microsoft Corporation)
Task: {9CE38A18-9D3F-4252-AE08-925EC4EC8BA1} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {A0196E0B-D561-408E-B577-1FC5F92D69CC} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\Norton PC Checkup 3.0\NLAppLauncher.exe [2013-03-25] (Symantec Corporation)
Task: {A3B03F19-A913-48E9-9B22-79548EADD22F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01] (PC-Doctor, Inc.)
Task: {A551DE0D-AE0E-4F0C-BA10-326932960A3B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2495214620-795130098-3517316633-1001
Task: {BB0642A7-80B8-4876-94E4-A35846186324} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {C2D363BD-B989-460F-B1C7-8EAB35302374} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2013 07:38:35 AM) (Source: Microsoft Security Client Setup) (User: bernie-HP)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (06/18/2013 05:05:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0xf80
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (06/18/2013 07:51:29 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

Error: (06/16/2013 11:17:02 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

Error: (06/15/2013 06:58:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

Error: (06/14/2013 02:41:13 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

Error: (06/13/2013 02:28:13 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

Error: (06/12/2013 11:15:35 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}

Error: (06/11/2013 09:53:03 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}

Error: (06/10/2013 08:52:55 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}


System errors:
=============
Error: (06/20/2013 07:33:48 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/20/2013 07:33:48 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/20/2013 07:33:48 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/20/2013 07:33:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/20/2013 07:33:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/20/2013 07:33:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/20/2013 07:31:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/20/2013 07:31:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/20/2013 07:31:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/20/2013 07:31:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (06/20/2013 07:38:35 AM) (Source: Microsoft Security Client Setup)(User: bernie-HP)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (06/18/2013 05:05:29 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3f8001ce6c6786449500C:\Windows\syswow64\rundll32.exeC:\Windows\SysWOW64\ntdll.dllcd930315-d85a-11e2-8690-1cc1de4f5edf

Error: (06/18/2013 07:51:29 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

Error: (06/16/2013 11:17:02 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

Error: (06/15/2013 06:58:12 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

Error: (06/14/2013 02:41:13 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

Error: (06/13/2013 02:28:13 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {194da546-58bc-4893-ab29-125e5b506a62}

Error: (06/12/2013 11:15:35 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}

Error: (06/11/2013 09:53:03 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}

Error: (06/10/2013 08:52:55 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e989da58-8f96-483b-a58c-9b7d677cae74}


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 3831.89 MB
Available physical RAM: 2400.81 MB
Total Pagefile: 7661.97 MB
Available Pagefile: 6460.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:686.92 GB) (Free:631.24 GB) NTFS (Disk=0 Partition=2)
Drive d: (HP_RECOVERY) (Fixed) (Total:11.48 GB) (Free:0.28 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: C4B377E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
I don't see anything malicious there so far.

Try restore point from 13-06-2013.
This is the date when the computer booted properly for the last time (some Windows updates have been installed at that date).
 
Yea I thought it was strange too. Anyway, I tried rolling back to the restore point, however, I can not verify the fix since her parents went out of town. I'm not sure when they will return but I will keep you posted.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back