Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

"HP RECOVERY MANAGER" VIRUS HELP NEEDED ! [Closed]


  • This topic is locked This topic is locked
17 replies to this topic

#1 smj

smj

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 09 August 2014 - 01:37 PM

Has anyone gotten anywhere with this fix?  it appears it may be legit as I am seeing many posts on the net about it.  Can no longer boot into Win 7.  brought to a Windows Error Recovery screen that looks very cheazy, which gave me the first impression it's not the real screen, that gives 2 options:  Launch Startup Repair or Start Windows Normally.  Neither works although the repair option will bring you to a cheezy HP Recovery Manager screen.  you can actually move around this screen and make selections, which I haven't.  System Restore, System Recovery, Run Checkup, etc. I did go into run checkup and ran chkdsk.  it appears to be running.  I also took the option to go to command prompt, and did actually get to my Documents, and I was able to xcopy everything to an attached hard drive.  SOOOO... how can I tell I this is a legit problem with my system, or an elaborate hack?  all fingers are pointing to a virus. Possibly name "REDIRECT"?   When I run the startup repair screen and look at the details, I see the following: 

Problem Event Name:  StartupRepairOffline     along with 7 problem signatures. 

 

sig 1 = 6.1.7600.16385

sig 2 = 6.1.7600.16385

sig 3 = unknown

sig 4 = -1

sig 5 = AutoFailover,

sig 6 = 19

sig 7 = CorruptRegistry

OS Version = 6.1.7600.2.1.1.256.1

Locale ID = 1033

 

completely confused on how to tell if this is a virus or a legit problem with the system.  Any thoughts or input greatly appreciated.

 

I created a recovery boot-up disk and it fixed nothing.


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 12 August 2014 - 05:40 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

Your system is corrupt and unable to repair itself.

HP Recovery Manager is legit and will/would reset your system to factory settings.

 

Let´s see if we can help.

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 

#3 smj

smj

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 12 August 2014 - 10:27 AM

Marius - thanks for the help.  see the result of the scan below.  I may have not mentioned that I ran a deep HDD scan and memory scan from the HP recovery tools menu and they both appeared to be clean with no errors or corruptions noted.  I am pasting this lengthy log as that is what you requested plus I don't see where I can attach a file.  thanks in advance for any input. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by SYSTEM on MININT-AM9UM74 on 12-08-2014 12:18:50
Running from g:\
Platform: WIN_7 (X64) OS Language: English (United States)
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation)
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
S2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 0206341407275231mcinstcleanup; C:\Users\steve\AppData\Local\Temp\020634~1.EXE -cleanup -nolog [X]
S2 MCLIENT; "C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe" /s "MCLIENT" /m "C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll" /prefetch:1
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2013-02-06] (Fresco Logic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-15] (Intel Corporation)
S2 MCSTRM; No ImagePath
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeapfk01; No ImagePath
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S3 mfehidk01; No ImagePath
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-06-17] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-06-17] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S1 bgasircc; \??\C:\Windows\system32\drivers\bgasircc.sys [X]
S1 ccSet_MCLIENT; \SystemRoot\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [X]
S1 dzsdujjt; \??\C:\Windows\system32\drivers\dzsdujjt.sys [X]
S1 ndygofyn; \??\C:\Windows\system32\drivers\ndygofyn.sys [X]
S1 qsrgkzhr; \??\C:\Windows\system32\drivers\qsrgkzhr.sys [X]
S1 rkcrdyix; \??\C:\Windows\system32\drivers\rkcrdyix.sys [X]
S1 rzdkegod; \??\C:\Windows\system32\drivers\rzdkegod.sys [X]
S1 sikqkvif; \??\C:\Windows\system32\drivers\sikqkvif.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 12:18 - 2014-08-12 12:18 - 00000000 ____D () C:\FRST
2014-08-09 13:57 - 2014-08-09 13:57 - 00000000 ____D () C:\ProgramData\Recovery
2014-08-08 06:23 - 2014-08-08 06:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 06:23 - 2014-08-08 06:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 06:22 - 2014-08-08 06:22 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-08 06:21 - 2014-08-08 06:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-07 09:42 - 2014-08-07 09:42 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-07 09:31 - 2014-08-07 09:33 - 00000000 __HDC () C:\ProgramData\~0
2014-08-07 09:31 - 2014-08-07 09:31 - 00000000 ____D () C:\Users\steve\AppData\Local\IsolatedStorage
2014-08-07 09:27 - 2014-08-08 07:27 - 00000292 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-07 09:27 - 2014-08-07 09:27 - 00003232 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\steve\AppData\Roaming\WSE_Astromenda
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Astromenda
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Program Files (x86)\Astromenda
2014-08-07 09:26 - 2014-08-07 09:30 - 00003232 _____ () C:\Windows\System32\Tasks\UpdaterEX
2014-08-07 09:26 - 2014-08-07 09:30 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\Users\steve\AppData\Roaming\UpdaterEX
2014-08-07 09:26 - 2014-08-07 09:25 - 00284224 _____ (Mozilla) C:\Users\steve\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-07 09:16 - 2014-08-07 09:16 - 00000218 _____ () C:\Windows\wininit.ini
2014-08-05 13:48 - 2014-08-07 17:26 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-08-05 13:48 - 2013-09-23 09:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2014-08-05 13:47 - 2014-08-05 13:48 - 00000000 ____D () C:\Program Files (x86)\McAfeeMOBK
2014-08-05 13:47 - 2014-08-05 13:47 - 00000000 ____D () C:\Program Files (x86)\McAfee Online Backup
2014-08-05 13:47 - 2010-04-13 16:10 - 00066040 _____ (Mozy, Inc.) C:\Windows\System32\Drivers\MOBK.sys
2014-08-05 13:46 - 2014-08-08 04:07 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-05 13:46 - 2014-08-05 13:48 - 00000000 ____D () C:\Program Files\McAfee
2014-08-05 13:46 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files\McAfee.com
2014-08-05 13:46 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-08-05 13:40 - 2014-06-20 06:30 - 00189912 _____ (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2014-08-05 13:14 - 2014-08-05 13:20 - 00000000 ____D () C:\Program Files\stinger
2014-08-05 13:13 - 2014-08-05 13:47 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-05 13:13 - 2014-08-05 13:13 - 05155464 _____ (McAfee, Inc.) C:\Users\steve\Downloads\McAfeeSetup (1).exe
2014-08-05 13:12 - 2014-08-05 13:12 - 05155464 _____ (McAfee, Inc.) C:\Users\steve\Downloads\McAfeeSetup.exe
2014-08-04 13:05 - 2014-08-04 13:05 - 00000791 _____ () C:\Users\steve\Downloads\reservation.vcs
2014-07-31 14:06 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-07-31 14:06 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-07-31 14:06 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 14:06 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-07-31 14:06 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-07-31 14:06 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-07-31 14:06 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 14:06 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-07-31 14:06 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-07-31 14:06 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 14:06 - 2014-05-14 05:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-07-31 14:06 - 2014-05-14 05:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 14:06 - 2014-05-14 05:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-07-31 14:06 - 2014-05-14 05:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 15:54 - 2014-07-30 15:54 - 01945959 _____ () C:\ProgramData\SPL5102.tmp
2014-07-30 07:20 - 2014-08-07 09:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 10:48 - 2014-07-28 10:48 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-07-28 10:47 - 2013-09-12 01:00 - 00391168 _____ (CANON INC.) C:\Windows\System32\CNMLMC2.DLL
2014-07-28 10:46 - 2014-07-28 10:46 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-07-28 10:46 - 2013-09-25 01:00 - 00303104 _____ (CANON INC.) C:\Windows\System32\CNCALC2.DLL
2014-07-27 09:02 - 2014-08-06 14:45 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Skype
2014-07-27 09:02 - 2014-07-27 09:02 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-27 09:02 - 2014-07-27 09:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-27 08:29 - 2014-07-27 07:27 - 35591272 _____ (Skype Technologies S.A.) C:\Users\steve\Downloads\SkypeSetupFull (1).exe.iw3cgpp.partial
2014-07-27 08:16 - 2014-07-27 08:16 - 00000000 ____D () C:\Users\steve\AppData\Local\Skype
2014-07-27 08:06 - 2014-07-27 08:07 - 35590752 _____ (Skype Technologies S.A.) C:\Users\steve\Downloads\SkypeSetupFull.exe
2014-07-27 07:27 - 2014-07-27 07:27 - 00003140 _____ () C:\Windows\System32\Tasks\{A8D47ADE-013B-46A0-9827-E113A45F8934}
2014-07-25 11:17 - 2014-07-25 11:17 - 00631892 _____ () C:\ProgramData\SPL2DE3.tmp
2014-07-24 12:49 - 2014-07-24 12:51 - 00007612 _____ () C:\Users\steve\AppData\Local\resmon.resmoncfg
2014-07-24 12:23 - 2014-07-24 12:23 - 02246079 _____ () C:\ProgramData\SPL2266.tmp
2014-07-23 15:01 - 2014-07-23 15:01 - 611319379 _____ () C:\Windows\MEMORY.DMP
2014-07-23 15:01 - 2014-07-23 15:01 - 00792960 _____ () C:\Windows\Minidump\072314-9906-01.dmp
2014-07-23 15:01 - 2014-07-23 15:01 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 12:12 - 2014-07-22 12:13 - 00000000 ___DC () C:\Users\steve\AppData\Local\MigWiz
2014-07-13 06:12 - 2014-06-29 18:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-07-13 06:12 - 2014-06-29 18:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-07-13 06:11 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-13 06:11 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-13 06:11 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-13 06:11 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-13 06:11 - 2014-05-30 00:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-07-13 06:11 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-07-13 06:11 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-07-13 06:11 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-07-13 06:11 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-07-13 06:11 - 2014-05-30 00:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-07-13 06:11 - 2014-05-30 00:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-07-13 06:11 - 2014-05-29 23:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-13 06:11 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-13 06:11 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-13 06:11 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-13 06:11 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-13 06:11 - 2014-05-29 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-13 06:11 - 2014-05-29 23:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-13 06:11 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-13 06:10 - 2014-06-20 12:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-13 06:10 - 2014-06-20 11:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-13 06:10 - 2014-06-18 17:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-13 06:10 - 2014-06-18 17:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-13 06:10 - 2014-06-18 17:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-07-13 06:10 - 2014-06-18 16:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-13 06:10 - 2014-06-18 16:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-13 06:10 - 2014-06-18 16:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-13 06:10 - 2014-06-18 16:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-07-13 06:10 - 2014-06-18 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-07-13 06:10 - 2014-06-18 16:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-13 06:10 - 2014-06-18 16:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-13 06:10 - 2014-06-18 16:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-13 06:10 - 2014-06-18 16:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-13 06:10 - 2014-06-18 16:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-07-13 06:10 - 2014-06-18 16:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-07-13 06:10 - 2014-06-18 16:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-13 06:10 - 2014-06-18 16:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-13 06:10 - 2014-06-18 16:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-13 06:10 - 2014-06-18 15:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-13 06:10 - 2014-06-18 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-13 06:10 - 2014-06-18 15:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-13 06:10 - 2014-06-18 15:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-13 06:10 - 2014-06-18 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-13 06:10 - 2014-06-18 15:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-13 06:10 - 2014-06-18 15:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-13 06:10 - 2014-06-18 15:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-13 06:10 - 2014-06-18 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-13 06:10 - 2014-06-18 15:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-13 06:10 - 2014-06-18 15:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-13 06:10 - 2014-06-18 15:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-13 06:10 - 2014-06-18 15:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-13 06:10 - 2014-06-18 15:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-13 06:10 - 2014-06-18 15:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-13 06:10 - 2014-06-18 15:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-13 06:10 - 2014-06-18 15:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-07-13 06:10 - 2014-06-18 15:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-13 06:10 - 2014-06-18 15:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-13 06:10 - 2014-06-18 15:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-13 06:10 - 2014-06-18 15:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-13 06:10 - 2014-06-18 15:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-13 06:10 - 2014-06-18 15:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-13 06:10 - 2014-06-18 14:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-13 06:10 - 2014-06-18 14:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-13 06:10 - 2014-06-18 14:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-13 06:10 - 2014-06-18 14:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-13 06:10 - 2014-06-18 14:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-13 06:10 - 2014-06-18 14:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-13 06:10 - 2014-06-18 14:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-13 06:10 - 2014-06-18 14:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-13 06:10 - 2014-06-18 14:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-13 06:10 - 2014-06-18 14:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-13 06:10 - 2014-06-18 14:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-13 06:10 - 2014-06-18 14:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-13 06:10 - 2014-06-18 14:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-13 06:10 - 2014-06-18 14:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-13 06:09 - 2014-06-05 06:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-07-13 06:09 - 2014-06-05 06:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 12:18 - 2014-08-12 12:18 - 00000000 ____D () C:\FRST
2014-08-09 13:57 - 2014-08-09 13:57 - 00000000 ____D () C:\ProgramData\Recovery
2014-08-08 07:48 - 2010-11-20 19:47 - 01199944 _____ () C:\Windows\PFRO.log
2014-08-08 07:45 - 2012-02-11 08:03 - 01797977 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 07:27 - 2014-08-07 09:27 - 00000292 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-08 07:07 - 2012-09-18 15:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-08 06:47 - 2012-10-26 08:23 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-08 06:23 - 2014-08-08 06:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 06:23 - 2014-08-08 06:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 06:23 - 2013-10-17 05:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 06:23 - 2013-10-17 05:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 06:22 - 2014-08-08 06:22 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-08 06:21 - 2014-08-08 06:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-08 06:21 - 2011-11-09 16:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-08 06:21 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 06:21 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 06:11 - 2009-07-13 21:13 - 00783360 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-08 04:19 - 2012-10-26 08:23 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 04:07 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-07 18:09 - 2012-09-10 21:49 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{70F28337-FB55-4FA9-9D97-FD00B0097029}
2014-08-07 17:26 - 2014-08-05 13:48 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-08-07 17:24 - 2013-11-27 13:42 - 00000000 ___RD () C:\Users\steve\Dropbox
2014-08-07 17:24 - 2013-04-23 14:02 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Dropbox
2014-08-07 17:22 - 2012-12-26 13:43 - 00000344 _____ () C:\Windows\lgfwup.ini
2014-08-07 17:22 - 2012-12-26 13:43 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-08-07 17:22 - 2012-09-21 08:00 - 00076292 _____ () C:\ProgramData\lxebscan.log
2014-08-07 17:22 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 17:22 - 2009-07-13 20:51 - 00091517 _____ () C:\Windows\setupact.log
2014-08-07 09:44 - 2012-09-21 08:04 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-08-07 09:42 - 2014-08-07 09:42 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-07 09:42 - 2014-07-30 07:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-07 09:33 - 2014-08-07 09:31 - 00000000 __HDC () C:\ProgramData\~0
2014-08-07 09:31 - 2014-08-07 09:31 - 00000000 ____D () C:\Users\steve\AppData\Local\IsolatedStorage
2014-08-07 09:30 - 2014-08-07 09:26 - 00003232 _____ () C:\Windows\System32\Tasks\UpdaterEX
2014-08-07 09:30 - 2014-08-07 09:26 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-08-07 09:27 - 2014-08-07 09:27 - 00003232 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\steve\AppData\Roaming\WSE_Astromenda
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Astromenda
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Program Files (x86)\Astromenda
2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\Users\steve\AppData\Roaming\UpdaterEX
2014-08-07 09:25 - 2014-08-07 09:26 - 00284224 _____ (Mozilla) C:\Users\steve\Downloads\Firefox_Setup_Stub_30.0.exe
2014-08-07 09:17 - 2012-02-11 08:17 - 00000000 ____D () C:\ProgramData\Norton
2014-08-07 09:16 - 2014-08-07 09:16 - 00000218 _____ () C:\Windows\wininit.ini
2014-08-07 06:16 - 2012-09-18 16:11 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-07 05:55 - 2012-10-03 19:41 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForsteve
2014-08-07 05:55 - 2012-10-03 19:41 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForsteve.job
2014-08-06 14:58 - 2012-09-11 14:28 - 00000000 ____D () C:\Users\steve\AppData\Local\CrashDumps
2014-08-06 14:45 - 2014-07-27 09:02 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Skype
2014-08-06 09:25 - 2012-12-05 10:49 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-06 09:25 - 2012-09-12 09:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-05 15:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-08-05 13:48 - 2014-08-05 13:47 - 00000000 ____D () C:\Program Files (x86)\McAfeeMOBK
2014-08-05 13:48 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files\McAfee
2014-08-05 13:47 - 2014-08-05 13:47 - 00000000 ____D () C:\Program Files (x86)\McAfee Online Backup
2014-08-05 13:47 - 2014-08-05 13:13 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-05 13:46 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files\McAfee.com
2014-08-05 13:46 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-08-05 13:40 - 2013-12-30 12:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-05 13:40 - 2012-09-11 17:44 - 00000000 ___RD () C:\Users\steve\Documents\SkyDrive
2014-08-05 13:38 - 2012-02-11 08:17 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-05 13:34 - 2012-02-11 08:18 - 00000000 ____D () C:\Windows\System32\Drivers\NISx64
2014-08-05 13:24 - 2013-01-01 18:29 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-05 13:20 - 2014-08-05 13:14 - 00000000 ____D () C:\Program Files\stinger
2014-08-05 13:13 - 2014-08-05 13:13 - 05155464 _____ (McAfee, Inc.) C:\Users\steve\Downloads\McAfeeSetup (1).exe
2014-08-05 13:12 - 2014-08-05 13:12 - 05155464 _____ (McAfee, Inc.) C:\Users\steve\Downloads\McAfeeSetup.exe
2014-08-05 13:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-08-05 07:36 - 2012-09-18 07:31 - 00000000 ____D () C:\Users\steve\Documents\misc
2014-08-04 13:05 - 2014-08-04 13:05 - 00000791 _____ () C:\Users\steve\Downloads\reservation.vcs
2014-08-01 15:43 - 2014-05-15 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-30 15:54 - 2014-07-30 15:54 - 01945959 _____ () C:\ProgramData\SPL5102.tmp
2014-07-30 14:35 - 2012-10-17 04:52 - 00015399 _____ () C:\ProgramData\lxeb.log
2014-07-28 10:48 - 2014-07-28 10:48 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-07-28 10:46 - 2014-07-28 10:46 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-07-28 09:10 - 2012-09-11 11:47 - 00000000 ____D () C:\Users\steve\Documents\Youcam
2014-07-28 05:45 - 2012-09-21 09:09 - 00001834 _____ () C:\ProgramData\lxebDiagnostics.log
2014-07-27 12:38 - 2012-09-18 07:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-27 09:02 - 2014-07-27 09:02 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-27 09:02 - 2014-07-27 09:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-27 09:02 - 2011-11-09 16:05 - 00000000 ____D () C:\ProgramData\Skype
2014-07-27 08:37 - 2012-09-12 09:37 - 00000000 ____D () C:\Users\steve\Documents\UMUC
2014-07-27 08:18 - 2012-09-11 15:51 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Skype Old
2014-07-27 08:16 - 2014-07-27 08:16 - 00000000 ____D () C:\Users\steve\AppData\Local\Skype
2014-07-27 08:07 - 2014-07-27 08:06 - 35590752 _____ (Skype Technologies S.A.) C:\Users\steve\Downloads\SkypeSetupFull.exe
2014-07-27 07:27 - 2014-07-27 08:29 - 35591272 _____ (Skype Technologies S.A.) C:\Users\steve\Downloads\SkypeSetupFull (1).exe.iw3cgpp.partial
2014-07-27 07:27 - 2014-07-27 07:27 - 00003140 _____ () C:\Windows\System32\Tasks\{A8D47ADE-013B-46A0-9827-E113A45F8934}
2014-07-25 11:17 - 2014-07-25 11:17 - 00631892 _____ () C:\ProgramData\SPL2DE3.tmp
2014-07-25 11:14 - 2013-11-27 13:42 - 00001017 _____ () C:\Users\steve\Desktop\Dropbox.lnk
2014-07-25 11:09 - 2013-03-14 23:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 11:09 - 2013-03-14 23:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 12:51 - 2014-07-24 12:49 - 00007612 _____ () C:\Users\steve\AppData\Local\resmon.resmoncfg
2014-07-24 12:23 - 2014-07-24 12:23 - 02246079 _____ () C:\ProgramData\SPL2266.tmp
2014-07-23 15:01 - 2014-07-23 15:01 - 611319379 _____ () C:\Windows\MEMORY.DMP
2014-07-23 15:01 - 2014-07-23 15:01 - 00792960 _____ () C:\Windows\Minidump\072314-9906-01.dmp
2014-07-23 15:01 - 2014-07-23 15:01 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 12:13 - 2014-07-22 12:12 - 00000000 ___DC () C:\Users\steve\AppData\Local\MigWiz
2014-07-21 09:46 - 2013-09-17 08:46 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-07-18 06:46 - 2013-03-25 16:32 - 00000000 ____D () C:\Users\steve\Documents\Lemko
2014-07-15 23:28 - 2009-07-13 20:45 - 00301920 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-15 23:27 - 2014-05-07 05:31 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-07-15 23:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-15 23:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-07-15 23:09 - 2013-07-17 04:01 - 00000000 ____D () C:\Windows\System32\MRT
2014-07-15 23:04 - 2012-09-21 09:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1087048458-2913693047-1466559524-1001\$e44f2e2b619b66bf7b85b8e9cf036977

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e44f2e2b619b66bf7b85b8e9cf036977

Files to move or delete:
====================
C:\Users\steve\gotomypc_635.exe

Some content of TEMP:
====================
C:\Users\steve\AppData\Local\Temp\20130225013015184jniverify.dll
C:\Users\steve\AppData\Local\Temp\APNStub.exe
C:\Users\steve\AppData\Local\Temp\autorun.dll
C:\Users\steve\AppData\Local\Temp\contentDATs.exe
C:\Users\steve\AppData\Local\Temp\csvrelay32.dll
C:\Users\steve\AppData\Local\Temp\csvrelay64.dll
C:\Users\steve\AppData\Local\Temp\DPInstx64.exe
C:\Users\steve\AppData\Local\Temp\DPInstx86.exe
C:\Users\steve\AppData\Local\Temp\DPInst_Monx64.exe
C:\Users\steve\AppData\Local\Temp\DPInst_Monx86.exe
C:\Users\steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzgs8ls.dll
C:\Users\steve\AppData\Local\Temp\Extract.exe
C:\Users\steve\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\steve\AppData\Local\Temp\htmlayout.dll
C:\Users\steve\AppData\Local\Temp\ICReinstall_Firefox_Setup_15.0.1.exe
C:\Users\steve\AppData\Local\Temp\ICReinstall_FLVPlayerSetup.exe
C:\Users\steve\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\steve\AppData\Local\Temp\MSIM212328124.exe
C:\Users\steve\AppData\Local\Temp\mssinstaller.exe
C:\Users\steve\AppData\Local\Temp\OS_Detect.exe
C:\Users\steve\AppData\Local\Temp\Resource.exe
C:\Users\steve\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\steve\AppData\Local\Temp\SkypeSetup.exe
C:\Users\steve\AppData\Local\Temp\SP56154.exe
C:\Users\steve\AppData\Local\Temp\SP56445.exe
C:\Users\steve\AppData\Local\Temp\SP56665.exe
C:\Users\steve\AppData\Local\Temp\SP56929.exe
C:\Users\steve\AppData\Local\Temp\SP57234.exe
C:\Users\steve\AppData\Local\Temp\SP57398.exe
C:\Users\steve\AppData\Local\Temp\SP57698.exe
C:\Users\steve\AppData\Local\Temp\sp58915.exe
C:\Users\steve\AppData\Local\Temp\SP58981.exe
C:\Users\steve\AppData\Local\Temp\SP59761.exe
C:\Users\steve\AppData\Local\Temp\SP59929.exe
C:\Users\steve\AppData\Local\Temp\SP60051.exe
C:\Users\steve\AppData\Local\Temp\sp64126.exe
C:\Users\steve\AppData\Local\Temp\tbedrs.dll
C:\Users\steve\AppData\Local\Temp\toolbar1887128.exe
C:\Users\steve\AppData\Local\Temp\uninst1.exe
C:\Users\steve\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\steve\AppData\Local\Temp\WiseUpdX.exe
C:\Users\steve\AppData\Local\Temp\{F13930E8-06CF-47b7-AECF-D8F40E75F40B}_MCLIENT_7775.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-08-08 06:18:04

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4041.43 MB
Available physical RAM: 3344.5 MB
Total Pagefile: 4039.58 MB
Available Pagefile: 3324.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:96.93 GB) (Free:28.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.08 GB) FAT32
Drive f: (Recovery) (Fixed) (Total:18.02 GB) (Free:1.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Lexar) (Removable) (Total:14.91 GB) (Free:14.9 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 7C9697F5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 304BFB53)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)

LastRegBack: 2014-08-08 11:47

==================== End Of Log ============================

 

 



#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 13 August 2014 - 09:12 AM

Your system is heavily infected - hopefully we´re able to fix all of that:

 

 

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
    HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
    HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
    
    S1 bgasircc; \??\C:\Windows\system32\drivers\bgasircc.sys [X]
    S1 dzsdujjt; \??\C:\Windows\system32\drivers\dzsdujjt.sys [X]
    S1 ndygofyn; \??\C:\Windows\system32\drivers\ndygofyn.sys [X]
    S1 qsrgkzhr; \??\C:\Windows\system32\drivers\qsrgkzhr.sys [X]
    S1 rkcrdyix; \??\C:\Windows\system32\drivers\rkcrdyix.sys [X]
    S1 rzdkegod; \??\C:\Windows\system32\drivers\rzdkegod.sys [X]
    S1 sikqkvif; \??\C:\Windows\system32\drivers\sikqkvif.sys [X]
    
    2014-08-07 09:31 - 2014-08-07 09:33 - 00000000 __HDC () C:\ProgramData\~0
    2014-08-07 09:27 - 2014-08-08 07:27 - 00000292 _____ () C:\Windows\Tasks\WSE_Astromenda.job
    2014-08-07 09:27 - 2014-08-07 09:27 - 00003232 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
    2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\steve\AppData\Roaming\WSE_Astromenda
    2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Astromenda
    2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Program Files (x86)\Astromenda
    2014-08-07 09:26 - 2014-08-07 09:30 - 00003232 _____ () C:\Windows\System32\Tasks\UpdaterEX
    2014-08-07 09:26 - 2014-08-07 09:30 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
    2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D () C:\Users\steve\AppData\Roaming\UpdaterEX
    2014-08-07 09:26 - 2014-08-07 09:25 - 00284224 _____ (Mozilla) C:\Users\steve\Downloads\Firefox_Setup_Stub_30.0.exe
    C:\$Recycle.Bin\S-1-5-21-1087048458-2913693047-1466559524-1001\$e44f2e2b619b66bf7b85b8e9cf036977
    C:\$Recycle.Bin\S-1-5-18\$e44f2e2b619b66bf7b85b8e9cf036977
    C:\Users\steve\gotomypc_635.exe

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Try to boot into windows now!

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 

#5 smj

smj

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 14 August 2014 - 09:04 AM

I just ran FIXIT.  got the msg "fixed", rebooted, no difference.  I wasn't sure if I was to continue with your directions.  You mention Combofix, but you don't mention what if anything I should do with it.  I did download it from the link you provided, and McAfee immediately quarantined the "Artemis!66C552C4F143" TROJAN which I can find no data on.  wtf??  standing by for input.  thx 



#6 smj

smj

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 14 August 2014 - 09:56 AM

BTW - here is the FIXLOG that was created.. sorry for not including it on last post.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01
Ran by SYSTEM at 2014-08-14 10:32:21 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?

S1 bgasircc; \??\C:\Windows\system32\drivers\bgasircc.sys [X]
S1 dzsdujjt; \??\C:\Windows\system32\drivers\dzsdujjt.sys [X]
S1 ndygofyn; \??\C:\Windows\system32\drivers\ndygofyn.sys [X]
S1 qsrgkzhr; \??\C:\Windows\system32\drivers\qsrgkzhr.sys [X]
S1 rkcrdyix;
\??\C:\Windows\system32\drivers\rkcrdyix.sys [X]
S1 rzdkegod; \??\C:\Windows\system32\drivers\rzdkegod.sys [X]
S1 sikqkvif; \??\C:\Windows\system32\drivers\sikqkvif.sys [X]

2014-08-07 09:31 - 2014-08-07 09:33 - 00000000 __HDC () C:\ProgramData\~0
2014-08-07 09:27 - 2014-08-08 07:27 - 00000292 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-07 09:27 - 2014-08-07 09:27 - 00003232 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\steve\AppData\Roaming\WSE_Astromenda
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Astromenda
2014-08-07 09:27 - 2014-08-07 09:27 - 00000000 ____D () C:\Program Files (x86)\Astromenda
2014-08-07 09:26 - 2014-08-07 09:30 - 00003232 _____ () C:\Windows\System32\Tasks\UpdaterEX
2014-08-07 09:26 - 2014-08-07 09:30 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D ()
C:\Users\steve\AppData\Roaming\UpdaterEX
2014-08-07 09:26 - 2014-08-07 09:25 - 00284224 _____ (Mozilla) C:\Users\steve\Downloads\Firefox_Setup_Stub_30.0.exe
C:\$Recycle.Bin\S-1-5-21-1087048458-2913693047-1466559524-1001\$e44f2e2b619b66bf7b85b8e9cf036977
C:\$Recycle.Bin\S-1-5-18\$e44f2e2b619b66bf7b85b8e9cf036977
C:\Users\steve\gotomypc_635.exe
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
bgasircc => Service deleted successfully.
dzsdujjt => Service deleted successfully.
ndygofyn => Service deleted successfully.
qsrgkzhr => Service deleted successfully.
rkcrdyix => Service deleted successfully.
\??\C:\Windows\system32\drivers\rkcrdyix.sys [X] => Error: No automatic fix found for this entry.
rzdkegod => Service deleted successfully.
sikqkvif => Service deleted successfully.
C:\ProgramData\~0 => Moved successfully.
C:\Windows\Tasks\WSE_Astromenda.job => Moved successfully.
C:\Windows\System32\Tasks\WSE_Astromenda => Moved successfully.
C:\Users\steve\AppData\Roaming\WSE_Astromenda => Moved successfully.
C:\Users\steve\AppData\Roaming\Astromenda => Moved successfully.
C:\Program Files (x86)\Astromenda => Moved successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
C:\Windows\Tasks\UpdaterEX.job => Moved successfully.
"2014-08-07 09:26 - 2014-08-07 09:26 - 00000000 ____D ()" => File/Directory not found.
C:\Users\steve\AppData\Roaming\UpdaterEX => Moved successfully.
C:\Users\steve\Downloads\Firefox_Setup_Stub_30.0.exe => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-1087048458-2913693047-1466559524-1001\$e44f2e2b619b66bf7b85b8e9cf036977 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$e44f2e2b619b66bf7b85b8e9cf036977 => Moved successfully.
C:\Users\steve\gotomypc_635.exe => Moved successfully.

==== End of Fixlog ====



#7 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 15 August 2014 - 02:05 AM

Please create and post a new FRST log.


Proud Member of UNITE & TB
 

#8 smj

smj

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 August 2014 - 01:06 PM

Will do.  please leave this thread open as I will not be able to get to that until Monday at the soonest.  thanks



#9 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 18 August 2014 - 06:21 AM

OK :)


Proud Member of UNITE & TB
 

#10 smj

smj

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 19 August 2014 - 12:52 PM

OK - below is the new FRST log that was just run  - Tue 19 Aug, 2:50pm EST   standing by for further input.  btw - is it possible that I could not download COMBOFIX because my McAfee was producing a false positive?  can the file be emailed to me?   thanks

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01 (ATTENTION: ====> FRST version is 9 days old and could be outdated)
Ran by SYSTEM on MININT-LVMBKE2 on 19-08-2014 14:47:23
Running from G:\
Platform: WIN_7 (X64) OS Language: English (United States)
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]  [X]
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation)
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
S2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 0206341407275231mcinstcleanup; C:\Users\steve\AppData\Local\Temp\020634~1.EXE -cleanup -nolog [X]
S2 MCLIENT; "C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe" /s "MCLIENT" /m "C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll" /prefetch:1
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2013-02-06] (Fresco Logic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-15] (Intel Corporation)
S2 MCSTRM; No ImagePath
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeapfk01; No ImagePath
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S3 mfehidk01; No ImagePath
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-06-17] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-06-17] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S1 ccSet_MCLIENT; \SystemRoot\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 12:18 - 2014-08-19 14:47 - 00000000 ____D () C:\FRST
2014-08-09 13:57 - 2014-08-09 13:57 - 00000000 ____D () C:\ProgramData\Recovery
2014-08-08 06:23 - 2014-08-08 06:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 06:23 - 2014-08-08 06:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 06:22 - 2014-08-08 06:22 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-08 06:21 - 2014-08-08 06:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-07 09:42 - 2014-08-07 09:42 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-07 09:31 - 2014-08-07 09:31 - 00000000 ____D () C:\Users\steve\AppData\Local\IsolatedStorage
2014-08-07 09:16 - 2014-08-07 09:16 - 00000218 _____ () C:\Windows\wininit.ini
2014-08-05 13:48 - 2014-08-07 17:26 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-08-05 13:48 - 2013-09-23 09:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2014-08-05 13:47 - 2014-08-05 13:48 - 00000000 ____D () C:\Program Files (x86)\McAfeeMOBK
2014-08-05 13:47 - 2014-08-05 13:47 - 00000000 ____D () C:\Program Files (x86)\McAfee Online Backup
2014-08-05 13:47 - 2010-04-13 16:10 - 00066040 _____ (Mozy, Inc.) C:\Windows\System32\Drivers\MOBK.sys
2014-08-05 13:46 - 2014-08-08 04:07 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-05 13:46 - 2014-08-05 13:48 - 00000000 ____D () C:\Program Files\McAfee
2014-08-05 13:46 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files\McAfee.com
2014-08-05 13:46 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-08-05 13:40 - 2014-06-20 06:30 - 00189912 _____ (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2014-08-05 13:14 - 2014-08-05 13:20 - 00000000 ____D () C:\Program Files\stinger
2014-08-05 13:13 - 2014-08-05 13:47 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-05 13:13 - 2014-08-05 13:13 - 05155464 _____ (McAfee, Inc.) C:\Users\steve\Downloads\McAfeeSetup (1).exe
2014-08-05 13:12 - 2014-08-05 13:12 - 05155464 _____ (McAfee, Inc.) C:\Users\steve\Downloads\McAfeeSetup.exe
2014-08-04 13:05 - 2014-08-04 13:05 - 00000791 _____ () C:\Users\steve\Downloads\reservation.vcs
2014-07-31 14:06 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-07-31 14:06 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-07-31 14:06 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 14:06 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-07-31 14:06 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-07-31 14:06 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-07-31 14:06 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 14:06 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-07-31 14:06 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-07-31 14:06 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 14:06 - 2014-05-14 05:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-07-31 14:06 - 2014-05-14 05:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 14:06 - 2014-05-14 05:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-07-31 14:06 - 2014-05-14 05:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 15:54 - 2014-07-30 15:54 - 01945959 _____ () C:\ProgramData\SPL5102.tmp
2014-07-30 07:20 - 2014-08-07 09:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 10:48 - 2014-07-28 10:48 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-07-28 10:47 - 2013-09-12 01:00 - 00391168 _____ (CANON INC.) C:\Windows\System32\CNMLMC2.DLL
2014-07-28 10:46 - 2014-07-28 10:46 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-07-28 10:46 - 2013-09-25 01:00 - 00303104 _____ (CANON INC.) C:\Windows\System32\CNCALC2.DLL
2014-07-27 09:02 - 2014-08-06 14:45 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Skype
2014-07-27 09:02 - 2014-07-27 09:02 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-27 09:02 - 2014-07-27 09:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-27 08:29 - 2014-07-27 07:27 - 35591272 _____ (Skype Technologies S.A.) C:\Users\steve\Downloads\SkypeSetupFull (1).exe.iw3cgpp.partial
2014-07-27 08:16 - 2014-07-27 08:16 - 00000000 ____D () C:\Users\steve\AppData\Local\Skype
2014-07-27 08:06 - 2014-07-27 08:07 - 35590752 _____ (Skype Technologies S.A.) C:\Users\steve\Downloads\SkypeSetupFull.exe
2014-07-27 07:27 - 2014-07-27 07:27 - 00003140 _____ () C:\Windows\System32\Tasks\{A8D47ADE-013B-46A0-9827-E113A45F8934}
2014-07-25 11:17 - 2014-07-25 11:17 - 00631892 _____ () C:\ProgramData\SPL2DE3.tmp
2014-07-24 12:49 - 2014-07-24 12:51 - 00007612 _____ () C:\Users\steve\AppData\Local\resmon.resmoncfg
2014-07-24 12:23 - 2014-07-24 12:23 - 02246079 _____ () C:\ProgramData\SPL2266.tmp
2014-07-23 15:01 - 2014-07-23 15:01 - 611319379 _____ () C:\Windows\MEMORY.DMP
2014-07-23 15:01 - 2014-07-23 15:01 - 00792960 _____ () C:\Windows\Minidump\072314-9906-01.dmp
2014-07-23 15:01 - 2014-07-23 15:01 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 12:12 - 2014-07-22 12:13 - 00000000 ___DC () C:\Users\steve\AppData\Local\MigWiz

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 14:47 - 2014-08-12 12:18 - 00000000 ____D () C:\FRST
2014-08-14 10:32 - 2012-09-10 21:45 - 00000000 ____D () C:\users\steve
2014-08-09 13:57 - 2014-08-09 13:57 - 00000000 ____D () C:\ProgramData\Recovery
2014-08-08 07:48 - 2010-11-20 19:47 - 01199944 _____ () C:\Windows\PFRO.log
2014-08-08 07:45 - 2012-02-11 08:03 - 01797977 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 07:07 - 2012-09-18 15:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-08 06:47 - 2012-10-26 08:23 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-08 06:23 - 2014-08-08 06:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 06:23 - 2014-08-08 06:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 06:23 - 2013-10-17 05:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 06:23 - 2013-10-17 05:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 06:22 - 2014-08-08 06:22 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-08 06:21 - 2014-08-08 06:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-08 06:21 - 2011-11-09 16:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-08 06:21 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 06:21 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 06:11 - 2009-07-13 21:13 - 00783360 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-08 04:19 - 2012-10-26 08:23 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 04:07 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-07 18:09 - 2012-09-10 21:49 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{70F28337-FB55-4FA9-9D97-FD00B0097029}
2014-08-07 17:26 - 2014-08-05 13:48 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-08-07 17:24 - 2013-11-27 13:42 - 00000000 ___RD () C:\Users\steve\Dropbox
2014-08-07 17:24 - 2013-04-23 14:02 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Dropbox
2014-08-07 17:22 - 2012-12-26 13:43 - 00000344 _____ () C:\Windows\lgfwup.ini
2014-08-07 17:22 - 2012-12-26 13:43 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-08-07 17:22 - 2012-09-21 08:00 - 00076292 _____ () C:\ProgramData\lxebscan.log
2014-08-07 17:22 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 17:22 - 2009-07-13 20:51 - 00091517 _____ () C:\Windows\setupact.log
2014-08-07 09:44 - 2012-09-21 08:04 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-08-07 09:42 - 2014-08-07 09:42 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-07 09:42 - 2014-07-30 07:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-07 09:31 - 2014-08-07 09:31 - 00000000 ____D () C:\Users\steve\AppData\Local\IsolatedStorage
2014-08-07 09:17 - 2012-02-11 08:17 - 00000000 ____D () C:\ProgramData\Norton
2014-08-07 09:16 - 2014-08-07 09:16 - 00000218 _____ () C:\Windows\wininit.ini
2014-08-07 06:16 - 2012-09-18 16:11 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-07 05:55 - 2012-10-03 19:41 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForsteve
2014-08-07 05:55 - 2012-10-03 19:41 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForsteve.job
2014-08-06 14:58 - 2012-09-11 14:28 - 00000000 ____D () C:\Users\steve\AppData\Local\CrashDumps
2014-08-06 14:45 - 2014-07-27 09:02 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Skype
2014-08-06 09:25 - 2012-12-05 10:49 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-06 09:25 - 2012-09-12 09:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-05 15:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-08-05 13:48 - 2014-08-05 13:47 - 00000000 ____D () C:\Program Files (x86)\McAfeeMOBK
2014-08-05 13:48 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files\McAfee
2014-08-05 13:47 - 2014-08-05 13:47 - 00000000 ____D () C:\Program Files (x86)\McAfee Online Backup
2014-08-05 13:47 - 2014-08-05 13:13 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-05 13:46 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files\McAfee.com
2014-08-05 13:46 - 2014-08-05 13:46 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-08-05 13:40 - 2013-12-30 12:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-05 13:40 - 2012-09-11 17:44 - 00000000 ___RD () C:\Users\steve\Documents\SkyDrive
2014-08-05 13:38 - 2012-02-11 08:17 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-05 13:34 - 2012-02-11 08:18 - 00000000 ____D () C:\Windows\System32\Drivers\NISx64
2014-08-05 13:24 - 2013-01-01 18:29 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-05 13:20 - 2014-08-05 13:14 - 00000000 ____D () C:\Program Files\stinger
2014-08-05 13:13 - 2014-08-05 13:13 - 05155464 _____ (McAfee, Inc.) C:\Users\steve\Downloads\McAfeeSetup (1).exe
2014-08-05 13:12 - 2014-08-05 13:12 - 05155464 _____ (McAfee, Inc.) C:\Users\steve\Downloads\McAfeeSetup.exe
2014-08-05 13:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-08-05 07:36 - 2012-09-18 07:31 - 00000000 ____D () C:\Users\steve\Documents\misc
2014-08-04 13:05 - 2014-08-04 13:05 - 00000791 _____ () C:\Users\steve\Downloads\reservation.vcs
2014-08-01 15:43 - 2014-05-15 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-30 15:54 - 2014-07-30 15:54 - 01945959 _____ () C:\ProgramData\SPL5102.tmp
2014-07-30 14:35 - 2012-10-17 04:52 - 00015399 _____ () C:\ProgramData\lxeb.log
2014-07-28 10:48 - 2014-07-28 10:48 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-07-28 10:46 - 2014-07-28 10:46 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-07-28 09:10 - 2012-09-11 11:47 - 00000000 ____D () C:\Users\steve\Documents\Youcam
2014-07-28 05:45 - 2012-09-21 09:09 - 00001834 _____ () C:\ProgramData\lxebDiagnostics.log
2014-07-27 12:38 - 2012-09-18 07:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-27 09:02 - 2014-07-27 09:02 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-27 09:02 - 2014-07-27 09:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-27 09:02 - 2011-11-09 16:05 - 00000000 ____D () C:\ProgramData\Skype
2014-07-27 08:37 - 2012-09-12 09:37 - 00000000 ____D () C:\Users\steve\Documents\UMUC
2014-07-27 08:18 - 2012-09-11 15:51 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Skype Old
2014-07-27 08:16 - 2014-07-27 08:16 - 00000000 ____D () C:\Users\steve\AppData\Local\Skype
2014-07-27 08:07 - 2014-07-27 08:06 - 35590752 _____ (Skype Technologies S.A.) C:\Users\steve\Downloads\SkypeSetupFull.exe
2014-07-27 07:27 - 2014-07-27 08:29 - 35591272 _____ (Skype Technologies S.A.) C:\Users\steve\Downloads\SkypeSetupFull (1).exe.iw3cgpp.partial
2014-07-27 07:27 - 2014-07-27 07:27 - 00003140 _____ () C:\Windows\System32\Tasks\{A8D47ADE-013B-46A0-9827-E113A45F8934}
2014-07-25 11:17 - 2014-07-25 11:17 - 00631892 _____ () C:\ProgramData\SPL2DE3.tmp
2014-07-25 11:14 - 2013-11-27 13:42 - 00001017 _____ () C:\Users\steve\Desktop\Dropbox.lnk
2014-07-25 11:09 - 2013-03-14 23:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 11:09 - 2013-03-14 23:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 12:51 - 2014-07-24 12:49 - 00007612 _____ () C:\Users\steve\AppData\Local\resmon.resmoncfg
2014-07-24 12:23 - 2014-07-24 12:23 - 02246079 _____ () C:\ProgramData\SPL2266.tmp
2014-07-23 15:01 - 2014-07-23 15:01 - 611319379 _____ () C:\Windows\MEMORY.DMP
2014-07-23 15:01 - 2014-07-23 15:01 - 00792960 _____ () C:\Windows\Minidump\072314-9906-01.dmp
2014-07-23 15:01 - 2014-07-23 15:01 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 12:13 - 2014-07-22 12:12 - 00000000 ___DC () C:\Users\steve\AppData\Local\MigWiz
2014-07-21 09:46 - 2013-09-17 08:46 - 00000000 ____D () C:\Users\Public\Downloads\Norton

Some content of TEMP:
====================
C:\Users\steve\AppData\Local\Temp\20130225013015184jniverify.dll
C:\Users\steve\AppData\Local\Temp\APNStub.exe
C:\Users\steve\AppData\Local\Temp\autorun.dll
C:\Users\steve\AppData\Local\Temp\contentDATs.exe
C:\Users\steve\AppData\Local\Temp\csvrelay32.dll
C:\Users\steve\AppData\Local\Temp\csvrelay64.dll
C:\Users\steve\AppData\Local\Temp\DPInstx64.exe
C:\Users\steve\AppData\Local\Temp\DPInstx86.exe
C:\Users\steve\AppData\Local\Temp\DPInst_Monx64.exe
C:\Users\steve\AppData\Local\Temp\DPInst_Monx86.exe
C:\Users\steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzgs8ls.dll
C:\Users\steve\AppData\Local\Temp\Extract.exe
C:\Users\steve\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\steve\AppData\Local\Temp\htmlayout.dll
C:\Users\steve\AppData\Local\Temp\ICReinstall_Firefox_Setup_15.0.1.exe
C:\Users\steve\AppData\Local\Temp\ICReinstall_FLVPlayerSetup.exe
C:\Users\steve\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\steve\AppData\Local\Temp\MSIM212328124.exe
C:\Users\steve\AppData\Local\Temp\mssinstaller.exe
C:\Users\steve\AppData\Local\Temp\OS_Detect.exe
C:\Users\steve\AppData\Local\Temp\Resource.exe
C:\Users\steve\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\steve\AppData\Local\Temp\SkypeSetup.exe
C:\Users\steve\AppData\Local\Temp\SP56154.exe
C:\Users\steve\AppData\Local\Temp\SP56445.exe
C:\Users\steve\AppData\Local\Temp\SP56665.exe
C:\Users\steve\AppData\Local\Temp\SP56929.exe
C:\Users\steve\AppData\Local\Temp\SP57234.exe
C:\Users\steve\AppData\Local\Temp\SP57398.exe
C:\Users\steve\AppData\Local\Temp\SP57698.exe
C:\Users\steve\AppData\Local\Temp\sp58915.exe
C:\Users\steve\AppData\Local\Temp\SP58981.exe
C:\Users\steve\AppData\Local\Temp\SP59761.exe
C:\Users\steve\AppData\Local\Temp\SP59929.exe
C:\Users\steve\AppData\Local\Temp\SP60051.exe
C:\Users\steve\AppData\Local\Temp\sp64126.exe
C:\Users\steve\AppData\Local\Temp\tbedrs.dll
C:\Users\steve\AppData\Local\Temp\toolbar1887128.exe
C:\Users\steve\AppData\Local\Temp\uninst1.exe
C:\Users\steve\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\steve\AppData\Local\Temp\WiseUpdX.exe
C:\Users\steve\AppData\Local\Temp\{F13930E8-06CF-47b7-AECF-D8F40E75F40B}_MCLIENT_7775.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-08-08 06:18:04

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 4041.43 MB
Available physical RAM: 3306.04 MB
Total Pagefile: 4039.58 MB
Available Pagefile: 3295.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:96.93 GB) (Free:28.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.08 GB) FAT32
Drive f: (Recovery) (Fixed) (Total:18.02 GB) (Free:1.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Lexar) (Removable) (Total:14.91 GB) (Free:14.9 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 7C9697F5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 304BFB53)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)

LastRegBack: 2014-08-08 11:47

==================== End Of Log ============================


    Advertisements

Register to Remove


#11 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 20 August 2014 - 05:11 AM

Fix with FRST (Recovery Environment)

 

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    LastRegBack: 2014-08-08 11:47
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
     
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.

 

Try to boot into windows now. If it fails, try to do a startup repair once again.


Proud Member of UNITE & TB
 

#12 smj

smj

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 20 August 2014 - 08:21 AM

TB - below is the result of the fix.  I still could not successfully boot into Windows.  I can run startup repair, however I am not sure what I should be running if anything from the HP Recovery Manager screen.  Am I supposed to be trying to restore windows, do a system recovery, or a minimized image recovery?  Those are the 3 options.  I have not tried any of those yet, since I am assuming that will delete any apps that I had installed since I got the system.  Would be nice to be able to maintain those apps, but it's more important to get the system back up and running.  thanks again for any input.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01
Ran by SYSTEM at 2014-08-20 10:00:29 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2014-08-08 11:47
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====



#13 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 21 August 2014 - 01:40 AM

As I told you before, your system is heavily infected...

 

 

Create/USe Boot-Repair-Disc

  • DOWNLOAD BOOT-REPAIR-DISK
    Note: Select the right version depending on which windows is installed on your system.
  • Then burn it on CD or put it on USB key via Unetbootin
  • Insert the Boot-Repair-Disk and reboot the PC,
  • Choose your language,
  • Connect internet if possible
  • Click "Recommended repair"
  • When finished, you are provided a link to paste.ubuntu.com - write it down somewhere
  • Reboot the pc --> solves the majority of bootsector/GRUB/MBR problems
  • Post up the link you wrote down at step 6.


Proud Member of UNITE & TB
 

#14 smj

smj

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 26 August 2014 - 05:07 PM

TB - sorry for the lag.  been out ill.  will get this done asap and post results.  pls keep thread open.  thanks! smj



#15 smj

smj

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 27 August 2014 - 08:14 AM

TB - I created the disk with the iso file, which is about 570MB so I'm assuming it copied correctly, however how am I supposed to know if it is actually booting that program?  I changed the bios to boot from the floppy, which it appears to do since the drive lights up upon booting, but then I get taken right back to the normal screen that I have been getting that says boot windows normally or go into recovery (or whatever the option is).  if working correctly, should the system boot right into some kind of application screen or do I need to get to a command prompt, go to the DVD drive and kick off the file?  I formatted the disk, then copied the file over.. does the disk need to be formatted to a bootable system disk (my old DOS days), or does the fact that an iso file is on the disk, will it run automatically at boot-up  bottom line, looks like the file got copied over to the disk, but the app is not kicking off.  system is set to boot from Cd/DVD first, then floppy, then internal hard drive.  thx for any input.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users