Norton's PE - windows 7 not booting - FARBAR Help please

Archive
1

Like many others I have read, I downloaded and ran Norton's Power Eraser and now windows will not load, I am using windows 7 64 bit, and have already put farbar on a flash drive and ran the scan, here are the results, any help would be greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool Version: 08-07-2012
Ran by SYSTEM at 09-07-2012 09:36:33
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6489704 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1339441915\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.)
HKU\NDC923\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\Nichole\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\Nichole\...\Run: [Nike+ Connect] "C:\Users\Nichole\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [x]
HKU\Nichole\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Nichole\...\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7b\AOL.EXE" -b [42320 2012-04-20] (AOL Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

==================== Services (Whitelisted) ======

3 Adobe Version Cue CS3; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service [153792 2007-03-20] (Adobe Systems Incorporated)
3 AOL ACS; "C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680 2010-11-09] (Hewlett-Packard Development Company, L.P.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)

========================== Drivers (Whitelisted) =============

2 DS1410D; C:\Windows\SysWow64\Drivers\DS1410D.sys [7328 1998-07-10] ()
3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] (America Online, Inc.)
3 wdfsgusbV3; C:\Windows\System32\DRIVERS\wdfsgusb.sys [22024 2009-07-15] (Stenograph, LLC)
0 SMR250; C:\Windows\System32\drivers\SMR250.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-09 08:12 - 2012-07-09 08:12 - 00000000 ____D C:\FRST
2012-07-03 06:11 - 2012-07-03 06:13 - 00000000 ____D C:\Users\Nichole\Desktop\Malta 2010
2012-07-03 06:10 - 2012-07-03 06:10 - 00000000 ____D C:\Users\Nichole\Desktop\New folder
2012-06-27 11:41 - 2012-06-27 11:41 - 00013649 ____A C:\Users\Nichole\Documents\weddinghair1.zip
2012-06-27 11:41 - 2012-06-27 11:41 - 00000000 ____D C:\Users\Nichole\Documents\weddinghair1
2012-06-27 10:33 - 2012-06-27 10:33 - 00000000 ____D C:\Users\Nichole\AppData\Local\Macromedia
2012-06-27 09:32 - 2012-06-27 09:32 - 00065640 ____A C:\Users\NDC923\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-27 09:32 - 2012-06-27 09:32 - 00000000 ____D C:\Users\NDC923\AppData\Roaming\hpqLog
2012-06-27 09:32 - 2012-06-27 09:32 - 00000000 ____D C:\Users\NDC923\AppData\Roaming\Apple Computer
2012-06-27 09:32 - 2012-06-27 09:32 - 00000000 ____D C:\Users\NDC923\AppData\Local\AVG Secure Search
2012-06-27 09:32 - 2012-06-27 09:32 - 00000000 ____D C:\Users\NDC923\AppData\Local\AOL
2012-06-27 09:32 - 2012-06-27 09:32 - 00000000 ____D C:\Users\NDC923\AppData\Local\Adobe
2012-06-27 09:31 - 2012-07-09 07:00 - 00000000 ____D C:\users\NDC923
2012-06-27 09:31 - 2012-06-27 09:32 - 00000000 ____D C:\Users\NDC923\AppData\Roaming\Adobe
2012-06-27 09:31 - 2010-12-20 00:46 - 00000000 ____D C:\Users\NDC923\AppData\Roaming\Macromedia
2012-06-27 08:40 - 2012-07-09 07:00 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-06-27 08:40 - 2012-06-27 08:40 - 00000000 ____D C:\Users\Nichole\AppData\Local\AVG Secure Search
2012-06-27 08:40 - 2012-06-27 08:40 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-06-27 08:39 - 2012-07-09 07:00 - 00000000 ____D C:\Users\All Users\AVG2012
2012-06-27 08:39 - 2012-06-27 08:39 - 00000000 ___HD C:\$AVG
2012-06-27 08:38 - 2012-07-09 09:20 - 00000000 ____D C:\Program Files (x86)\AVG
2012-06-27 08:31 - 2012-07-09 09:26 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-11 11:21 - 2012-07-09 09:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-11 11:21 - 2012-06-11 11:21 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-11 11:14 - 2012-07-09 09:21 - 00000000 ____D C:\Users\All Users\AOL Toolbar
2012-06-11 11:14 - 2012-06-11 11:14 - 00001038 ____A C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
2012-06-11 11:14 - 2012-06-11 11:14 - 00000000 ____D C:\Program Files (x86)\AOL Toolbar
2012-06-11 11:12 - 2012-06-11 11:12 - 00000000 ____A C:\install.rdf
2012-06-11 11:11 - 2012-07-09 09:26 - 00000000 ____D C:\Program Files (x86)\AOL Desktop 9.7b
2012-06-11 11:11 - 2012-06-11 11:11 - 00000000 ____D C:\Program Files (x86)\AOL
2012-06-11 11:07 - 2012-06-11 11:07 - 00210888 ____A (AOL LLC.) C:\Users\Nichole\Downloads\AOL_Desktop_9.7(1).exe
2012-06-11 11:04 - 2012-06-11 11:05 - 17079781 ____A (Mozilla) C:\Users\Nichole\Downloads\AOL_Edition_for_Firefox(1).exe
2012-06-11 10:45 - 2012-06-11 10:46 - 17079781 ____A (Mozilla) C:\Users\Nichole\Downloads\AOL_Edition_for_Firefox.exe
2012-06-11 09:51 - 2012-06-11 09:51 - 00000000 ____D C:\Users\Nichole\AppData\Roaming\Roxio Log Files
2012-06-10 17:39 - 2012-06-10 17:39 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-10 17:38 - 2012-07-09 09:21 - 00000000 ____D C:\Program Files\iTunes
2012-06-10 17:38 - 2012-07-09 09:21 - 00000000 ____D C:\Program Files\iPod

============ 3 Months Modified Files ========================

2012-06-27 11:41 - 2012-06-27 11:41 - 00013649 ____A C:\Users\Nichole\Documents\weddinghair1.zip
2012-06-27 09:32 - 2012-06-27 09:32 - 00065640 ____A C:\Users\NDC923\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-27 08:29 - 2011-08-10 11:41 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-27 08:22 - 2012-04-09 10:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-27 08:22 - 2010-12-20 00:40 - 01568871 ____A C:\Windows\WindowsUpdate.log
2012-06-26 19:35 - 2011-08-10 11:41 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-26 19:35 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 19:35 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 19:19 - 2012-03-17 07:43 - 00008127 ____A C:\Windows\setupact.log
2012-06-26 19:19 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-23 09:39 - 2012-04-09 10:05 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-23 09:39 - 2011-06-10 02:12 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-23 09:38 - 2012-04-30 12:08 - 09815752 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-06-18 12:46 - 2011-04-10 13:21 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForNichole.job
2012-06-14 06:24 - 2009-07-13 21:13 - 00800354 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-14 06:10 - 2012-03-17 07:43 - 00469304 ____A C:\Windows\PFRO.log
2012-06-11 11:21 - 2012-06-11 11:21 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-11 11:15 - 2012-03-22 06:55 - 00063618 ____A C:\install.log
2012-06-11 11:14 - 2012-06-11 11:14 - 00001038 ____A C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
2012-06-11 11:12 - 2012-06-11 11:12 - 00000000 ____A C:\install.rdf
2012-06-11 11:08 - 2011-04-01 17:43 - 00058696 ____A (AOL Inc.) C:\Windows\SysWOW64\AOLParconLink.exe
2012-06-11 11:07 - 2012-06-11 11:07 - 00210888 ____A (AOL LLC.) C:\Users\Nichole\Downloads\AOL_Desktop_9.7(1).exe
2012-06-11 11:05 - 2012-06-11 11:04 - 17079781 ____A (Mozilla) C:\Users\Nichole\Downloads\AOL_Edition_for_Firefox(1).exe
2012-06-11 10:46 - 2012-06-11 10:45 - 17079781 ____A (Mozilla) C:\Users\Nichole\Downloads\AOL_Edition_for_Firefox.exe
2012-06-11 09:58 - 2012-03-22 06:12 - 00000006 ____A C:\Windows\msoffice.ini
2012-06-11 09:47 - 2012-03-19 13:14 - 00001945 ____A C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2012-06-10 17:39 - 2012-06-10 17:39 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-04 16:31 - 2012-06-04 16:31 - 00001998 ____A C:\Users\Nichole\Desktop\Kindle.lnk
2012-06-02 06:47 - 2012-03-17 11:26 - 00001532 ____A C:\Windows\System32\reimage.rep
2012-06-02 06:38 - 2012-03-17 10:14 - 00000320 ____A C:\Windows\reimage.ini
2012-06-02 05:54 - 2012-03-17 10:34 - 00009728 ____A C:\Windows\System32\Native.exe
2012-05-10 13:19 - 2009-07-13 20:45 - 02218472 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-09 06:57 - 2012-03-19 13:58 - 00065640 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-05-03 02:42 - 2012-03-17 12:19 - 00000000 ____A C:\Windows\V7PTMPPR.SGTMP
2012-05-01 10:13 - 2012-05-01 10:13 - 00024738 ____A C:\Users\Nichole\Documents\SALONPACKAGES.zip
2012-04-28 08:48 - 2012-04-28 08:48 - 09649120 ____A C:\Users\Nichole\Documents\LasioKeratinTreatments.zip
2012-04-26 16:03 - 2011-05-02 10:49 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-20 14:50 - 2012-04-20 14:50 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-04-20 14:50 - 2012-04-20 14:50 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-04-20 14:50 - 2012-04-20 14:50 - 00163840 ____A (America Online) C:\Windows\SysWOW64\jgdw400.dll
2012-04-20 14:50 - 2012-04-20 14:50 - 00027648 ____A (Johnson-Grace Company) C:\Windows\SysWOW64\jgpl400.dll
2012-04-12 02:42 - 2012-04-12 02:42 - 00000165 ____A C:\Users\Nichole\Documents\~$ViviscalProfessionalPriceSheet2012.xlsx
2012-04-12 02:41 - 2012-04-12 02:41 - 01519872 ____A C:\Users\Nichole\Documents\ViviscalProfessionalPriceSheet2012.xlsx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3189.57 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3180.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:279.11 GB) (Free:201.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:18.68 GB) (Free:2.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
6 Drive i: () (Removable) (Total:29.8 GB) (Free:29.52 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 29 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 279 GB 200 MB
Partition 3 Primary 18 GB 279 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 279 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 18 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT32 Removable 29 GB Healthy

==================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-06-18 13:40

======================= End Of Log ==========================


2

Hi NicholeCutajar,

 

I'm sorry, you may have already gone too far to receive assistance from our resident malware expert (Quads) - I suggest you wait until he sees your post and he will have the final say.

3

ANY other user other than the thread starter is not to use any instructions, scripts or proceedures,  The work though in cleaning a system is individual and only for that system due to a number of factors.

 


 

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
  • If I ask a Question just answer it, don't run anything unless it states.
  • Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup  (including system as a whole)

 

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :smileylol:)

  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

 

You should not run FRST on your own like that,

 

Also attach logs to posts.

 

Quads

 

4

"Windows will not load"--what, exactly, does it do?  Does it run in safe mode?

 

It looks like you have multiple security programs running at once (MSE, Norton, McAffee) and that's a no-no.

 

Additionally, System Restore is running on startup for some reason:

HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

 

What happened that prompted you to run NPE?

5

I see most of what looks out, including the infection, so that would answer the question what prompted you to run NPE,

 

But for people who can't read the logs won't know.

 

Quads