Malware or Hard drive failure

[Sheaffer1]

Hi, 

 

I am trying to determine whether I have a hard drive, windows 7 or malware issue.   The problems began when I applied Windows 7 updates on 10/17/14.   After that the computer performance degraded significantly and upon reboot, there was a Hard Drive error.  I then used a boot disk and ran chkdsk and there were no errors.  Then I restored to a prior restore point and the problem appeared solved.  After that I attempted to apply the patches and encountered the same issue on reboot.  I completed the same actions and the computer was able to boot to windows.  

 

There are some other curious symptoms.  I can not access the administrator tools from control panel nor the system tools in accessories.  There are no files there.  

 

I own Malwarebytes Premium and have run the normal scans and chameleon which didn't locate any threats.   I'm trying to rule out malware so I can decide whether to replace the hard drive. 

 

Thanks in advance for your help.  

 

 

Below are the FRST logs

 

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014

Ran by SSheaffer (administrator) on SSHEAFFER on 21-10-2014 08:46:48

Running from C:\Users\SSheaffer\Desktop

Loaded Profiles: UpdatusUser & SSheaffer (Available profiles: UpdatusUser & SSheaffer)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\CISVC.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(SafeNet, Inc.) C:\Program Files (x86)\IBM\SPSS\Concurrent Licensing Tools\9.5.0\License Manager\WinNT\lservnt.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\SSheaffer\Desktop\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-04-23] (Synaptics Incorporated)

HKLM\...\Run: [bLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2194787579-1643098916-3320488106-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1938112 2014-09-22] (Valve Corporation)

HKU\S-1-5-21-2194787579-1643098916-3320488106-1000\...\Run: [DellSystemDetect] => C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

HKU\S-1-5-21-2194787579-1643098916-3320488106-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-2194787579-1643098916-3320488106-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-2194787579-1643098916-3320488106-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-2194787579-1643098916-3320488106-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-2194787579-1643098916-3320488106-1000\...\MountPoints2: {52c9d860-d2f0-11e2-bd03-806e6f6e6963} - D:\install.EXE id= ver=1.0.0.0

HKU\S-1-5-21-2194787579-1643098916-3320488106-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-2194787579-1643098916-3320488106-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-2194787579-1643098916-3320488106-1001\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-2194787579-1643098916-3320488106-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-2194787579-1643098916-3320488106-1001\...\MountPoints2: {52c9d860-d2f0-11e2-bd03-806e6f6e6963} - D:\install.EXE id= ver=1.0.0.0

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-11-21] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-11-21] (NVIDIA Corporation)

GroupPolicyUsers\S-1-5-21-2194787579-1643098916-3320488106-1000\User: Group Policy restriction detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x986109B594DDCF01

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {B6648EB8-2460-484F-9255-9654454C4C70} https://vpn.dal01.softlayer.com/prx/000/http/localhost/arr_x.cab

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File

Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

Chrome: 

=======

CHR HomePage: Default -> 

CHR Profile: C:\Users\SSheaffer\AppData\Local\Google\Chrome\User Data\Default

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SSHEAF~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-21]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation) [File not signed]

R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation) [File not signed]

R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]

S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]

R2 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]

R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]

R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]

R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation) [File not signed]

S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]

R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-05-16] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)

R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed]

R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed]

S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation) [File not signed]

S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()

S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]

S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed]

S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]

S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]

S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed]

S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-05-31] (Intuit) [File not signed]

S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-12-06] (Intuit Inc.) [File not signed]

S4 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]

S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]

R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)

R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation) [File not signed]

S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]

S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation) [File not signed]

R2 Sentinel RMS License Manager; C:\Program Files (x86)\IBM\SPSS\Concurrent Licensing Tools\9.5.0\License Manager\WinNT\lservnt.exe [892928 2011-07-29] (SafeNet, Inc.) [File not signed]

S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]

S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]

R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]

R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]

S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]

S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]

S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]

S3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation) [File not signed]

S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]

S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]

S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]

S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation) [File not signed]

S3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]

S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation) [File not signed]

S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation) [File not signed]

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation) [File not signed]

S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)

S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions, Inc.)

R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation) [File not signed]

R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)

R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation) [File not signed]

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-03-06] (Intel Corporation)

S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]

R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-05-16] (Intel Corporation)

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-21] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]

R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]

R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation) [File not signed]

R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation) [File not signed]

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-11-21] (NVIDIA Corporation)

R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]

R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation) [File not signed]

R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]

R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation) [File not signed]

S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-23] (Synaptics Incorporated)

R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)

R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation) [File not signed]

R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]

R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed]

S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]

R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]

S3 dlcdcncm; system32\DRIVERS\dlcdcncm_x64.sys [X]

S3 dlcdcncm6_x64; system32\DRIVERS\dlcdcncm6_x64.sys [X]

S3 dlusbaudio; system32\DRIVERS\dlusbaudio_x64.sys [X]

S3 iscFlash; \??\C:\Users\SSHEAF~1\AppData\Local\Temp\7zSFAB3.tmp\iscflashx64.sys [X]

S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-21 08:46 - 2014-10-21 08:46 - 00024806 _____ () C:\Users\SSheaffer\Desktop\FRST.txt

2014-10-21 08:11 - 2014-10-21 08:11 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\SSheaffer\Desktop\tdsskiller.exe

2014-10-21 08:04 - 2014-10-21 08:04 - 02110976 _____ (Farbar) C:\Users\SSheaffer\Desktop\FRST64 (1).exe

2014-10-21 06:07 - 2014-10-21 06:07 - 00020358 _____ () C:\Users\SSheaffer\Documents\SSHEAFFER_SSheaffer_2014_10_21.csv

2014-10-20 18:01 - 2014-10-20 18:01 - 00020234 _____ () C:\Users\SSheaffer\Documents\SSHEAFFER_SSheaffer_2014_10_20.csv

2014-10-20 15:42 - 2014-10-20 15:42 - 00115352 _____ () C:\Users\SSheaffer\AppData\Local\GDIPFONTCACHEV1.DAT

2014-10-09 19:53 - 2014-10-09 19:48 - 01009664 _____ () C:\Users\SSheaffer\Desktop\FYL CLUB 1 2014.ppt

2014-10-02 15:00 - 2014-10-03 08:01 - 00465156 _____ () C:\Users\SSheaffer\Desktop\F.E. Engineering Workforce Tool Project Background and Recommendation 10.2.14.pptx

2014-10-02 09:47 - 2014-10-02 09:47 - 00431032 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-30 12:09 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-09-30 12:09 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-24 08:19 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-24 08:19 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-24 08:12 - 2014-10-01 10:33 - 00018972 _____ () C:\Users\SSheaffer\Desktop\FF spreadsheet.xlsx

2014-09-22 14:32 - 2014-09-25 09:06 - 00026250 _____ () C:\Users\SSheaffer\Downloads\Data Collection Status - Machinery 8.8.21.xlsx

2014-09-22 14:30 - 2014-09-22 14:30 - 00057134 _____ () C:\Users\SSheaffer\Downloads\Data Collection Status - Instruments 8.8.21.xlsx

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-21 08:46 - 2014-09-15 16:51 - 00000000 ____D () C:\FRST

2014-10-21 08:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing

2014-10-21 08:08 - 2013-07-12 17:49 - 00000000 ____D () C:\Users\SSheaffer\AppData\Local\PasswordSafe

2014-10-21 08:02 - 2014-07-10 08:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-21 07:57 - 2013-06-11 18:43 - 02070594 _____ () C:\Windows\WindowsUpdate.log

2014-10-21 07:56 - 2014-09-15 17:56 - 00000000 ____D () C:\Users\SSheaffer\AppData\Local\Deployment

2014-10-21 05:33 - 2014-02-19 00:47 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-20 18:39 - 2014-09-08 10:42 - 00000000 ____D () C:\ProgramData\Cloudmark

2014-10-20 18:39 - 2014-07-10 08:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-20 18:39 - 2014-05-02 17:51 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-20 18:39 - 2014-03-21 15:26 - 00000000 ___SD () C:\Users\SSheaffer\Documents\SharePoint Drafts

2014-10-20 18:39 - 2014-02-18 23:59 - 00000000 ____D () C:\Users\SSheaffer\Desktop\Z Files

2014-10-20 18:39 - 2013-12-18 09:54 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-10-20 18:39 - 2013-12-17 17:44 - 00000000 ____D () C:\Windows\SysWOW64\NV

2014-10-20 18:39 - 2013-12-17 17:44 - 00000000 ____D () C:\Windows\system32\NV

2014-10-20 18:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2014-10-20 18:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-10-20 18:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-10-20 18:37 - 2013-07-12 11:36 - 00000000 ___RD () C:\Users\SSheaffer\Dropbox (Zonesty)

2014-10-20 15:48 - 2009-07-14 00:13 - 00793004 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-20 15:48 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-20 15:48 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-20 15:42 - 2014-02-19 00:52 - 00000000 ___RD () C:\Users\SSheaffer\Google Drive

2014-10-20 15:42 - 2013-06-11 17:25 - 00000000 ____D () C:\Users\SSheaffer

2014-10-20 15:42 - 2013-06-11 17:08 - 00003228 _____ () C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager

2014-10-20 15:41 - 2013-12-05 10:32 - 00589824 _____ () C:\Windows\system32\Ikeext.etl

2014-10-20 15:41 - 2013-11-22 10:39 - 00049908 _____ () C:\Windows\setupact.log

2014-10-20 15:41 - 2013-06-11 18:44 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-10-20 15:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-19 20:16 - 2013-07-11 20:11 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-19 14:46 - 2013-06-11 19:46 - 00000000 ____D () C:\Users\SSheaffer\Documents\Outlook Files

2014-10-17 12:07 - 2014-09-15 17:31 - 00000000 ____D () C:\AdwCleaner

2014-10-01 10:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-24 21:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-09-24 09:18 - 2013-11-06 12:32 - 00007618 _____ () C:\Users\SSheaffer\AppData\Local\resmon.resmoncfg

2014-09-22 01:42 - 2010-11-20 22:27 - 00278152 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2013-09-23 20:59

 

==================== End Of Log ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014

Ran by SSheaffer at 2014-10-21 08:47:12

Running from C:\Users\SSheaffer\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)

Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)

CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)

Cloudmark DesktopOne (HKLM-x32\...\{FD3D92AB-F2EE-4141-87BA-5998A7825D37}) (Version: 1.8.0.28 - Cloudmark)

Cloudmark DesktopOne Outlook Add-in (HKCU\...\55929B5715B74A898D83469EB1FB68E492752BA7) (Version: 1.8.0.28 - Cloudmark)

Dell Custom Help (Version: 15.06.0000.0090 - Intel Corporation) Hidden

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.4.0.4 - Synaptics Incorporated)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)

EPSON WF-7520 Series Printer Uninstall (HKLM\...\EPSON WF-7520 Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)

Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

IBM SPSS Concurrent Licensing Tools - License Manager (HKLM-x32\...\IBM SPSS Concurrent Licensing Tools - License Manager) (Version: 9.5.0.0 - IBM Corp.)

IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)

Intel® PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2778 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden

Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)

Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1031 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.4.1001 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)

Intel® WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)

Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )

Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{4edd8cb6-dc33-4a43-b186-1ed94c32a5b0}) (Version: 15.6.0 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)

NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)

NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden

NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden

Password Safe (HKLM-x32\...\Password Safe) (Version:  - )

QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)

QuickBooks (x32 Version: 22.0.4014.2206 - Intuit Inc.) Hidden

QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4014.2206 - Intuit Inc.)

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)

QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.49.927.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.28094 - Realtek Semiconductor Corp.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)

XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2194787579-1643098916-3320488106-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SSheaffer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2194787579-1643098916-3320488106-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SSheaffer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2194787579-1643098916-3320488106-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SSheaffer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2194787579-1643098916-3320488106-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SSheaffer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2194787579-1643098916-3320488106-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SSheaffer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2194787579-1643098916-3320488106-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SSheaffer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2194787579-1643098916-3320488106-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SSheaffer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2194787579-1643098916-3320488106-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SSheaffer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2194787579-1643098916-3320488106-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SSheaffer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

10-10-2014 18:24:22 Windows Update

14-10-2014 04:13:12 Windows Update

17-10-2014 04:14:19 Windows Update

17-10-2014 17:18:46 Windows Update

17-10-2014 17:29:22 Windows Update

17-10-2014 18:00:26 Windows Update

17-10-2014 22:28:44 Windows Update

20-10-2014 01:06:18 Windows Update

20-10-2014 01:13:14 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2013-11-07 18:32 - 00000866 ____A C:\Windows\system32\Drivers\etc\hosts

10.61.44.130 server2

10.61.44.132 server3

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {3788ABAB-6937-4562-896E-45D3827374B1} - System32\Tasks\{A493FF93-BB3E-4283-9651-C53F0CC5CCE6} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-05-12] (Malwarebytes Corporation)

Task: {39DDC188-B15E-4519-BCF1-95B505D57AB1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {401C7AA0-9B76-4DF2-A1AE-94725052CD30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-19] (Google Inc.)

Task: {4D1F5A01-DA37-48F3-A3DF-E65810139C85} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)

Task: {82E230D0-7512-4210-B3C9-80283501037C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-19] (PC-Doctor, Inc.)

Task: {AF5B2095-29D4-4D05-AED8-5988C024C9DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-19] (Google Inc.)

Task: {BBE2E451-978D-48AE-8AA8-7443E53B1805} - System32\Tasks\{9BDA982F-55E0-47BE-93D8-3451D117ED8E} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-05-12] (Malwarebytes Corporation)

Task: {BBFF0611-8D29-4452-8D03-ADE0F101A8DF} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-19] (PC-Doctor, Inc.)

Task: {C4016A83-D502-4EFF-8581-41C1F0319822} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-05-16] (Intel)

Task: {DBEB535C-7189-4690-9BFA-1C296CCA3652} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-25] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-06-11 18:44 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-07-10 14:29 - 2012-09-05 17:58 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-10-20 15:42 - 2014-10-20 15:42 - 00098816 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32api.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00110080 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\pywintypes27.dll

2014-10-20 15:42 - 2014-10-20 15:42 - 00364544 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\pythoncom27.dll

2014-10-20 15:42 - 2014-10-20 15:42 - 00045568 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\_socket.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 01160704 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\_ssl.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00320512 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32com.shell.shell.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00713216 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\_hashlib.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 01175040 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\wx._core_.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00805888 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\wx._gdi_.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00811008 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\wx._windows_.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 01062400 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\wx._controls_.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00735232 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\wx._misc_.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00128512 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\_elementtree.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00127488 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\pyexpat.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00557056 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\pysqlite2._sqlite.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00007168 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\hashobjs_ext.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00087552 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\_ctypes.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00119808 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32file.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00108544 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32security.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00018432 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32event.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00038912 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32inet.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00070656 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\wx._html2.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00167936 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32gui.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00011264 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32crypt.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00027136 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\_multiprocessing.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00686080 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\unicodedata.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00122368 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\wx._wizard.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00010240 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\select.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00024064 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32pipe.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00025600 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32pdh.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00525640 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\windows._lib_cacheinvalidation.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00035840 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32process.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00017408 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32profile.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00022528 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\win32ts.pyd

2014-10-20 15:42 - 2014-10-20 15:42 - 00078336 _____ () C:\Users\SSheaffer\AppData\Local\Temp\_MEI4282\wx._animate.pyd

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

2014-09-10 16:16 - 2014-09-10 16:16 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\e4de568421c5068f6f28be9f6a0d1835\PSIClient.ni.dll

2013-06-11 17:16 - 2012-02-01 04:14 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-09-23 17:47 - 2014-09-03 22:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll

2014-09-23 17:47 - 2014-09-03 22:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll

2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

2014-09-23 17:47 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll

2014-09-23 17:47 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll

2014-09-23 17:47 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

2014-09-23 17:47 - 2014-09-03 22:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: ArraySSL_VPN_Service8.4.6.68 => 2

MSCONFIG\Services: Array_Utility_Service8.4.6.68 => 2

MSCONFIG\Services: QBFCService => 3

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: DellSystemDetect => C:\Users\SSheaffer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

MSCONFIG\startupreg: EPLTarget => 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2194787579-1643098916-3320488106-500 - Administrator - Disabled)

Guest (S-1-5-21-2194787579-1643098916-3320488106-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2194787579-1643098916-3320488106-1003 - Limited - Enabled)

SSheaffer (S-1-5-21-2194787579-1643098916-3320488106-1001 - Administrator - Enabled) => C:\Users\SSheaffer

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/20/2014 03:41:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/19/2014 08:35:03 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b

 

Error: (10/19/2014 08:34:57 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b

 

Error: (10/19/2014 08:33:47 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b

 

Error: (10/19/2014 08:33:41 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b

 

Error: (10/19/2014 08:30:51 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b

 

Error: (10/19/2014 08:30:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b

 

Error: (10/19/2014 08:30:08 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b

 

Error: (10/19/2014 08:30:01 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b

 

Error: (10/19/2014 08:29:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b

 

 

System errors:

=============

Error: (10/20/2014 04:19:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.185.3652.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.6.0305.00

 

Source Path: 4.6.0305.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (10/20/2014 04:19:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.185.3652.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.6.0305.00

 

Source Path: 4.6.0305.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (10/20/2014 03:45:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2984972).

 

Error: (10/20/2014 03:44:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2977292).

 

Error: (10/20/2014 03:44:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2984976).

 

Error: (10/20/2014 03:44:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB3000988).

 

Error: (10/20/2014 03:44:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2979570).

 

Error: (10/20/2014 03:44:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2984981).

 

Error: (10/20/2014 03:44:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2987107).

 

Error: (10/20/2014 03:44:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2952664).

 

 

Microsoft Office Sessions:

=========================

Error: (10/20/2014 03:41:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/19/2014 08:35:03 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b 

PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (10/19/2014 08:34:57 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b 

PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (10/19/2014 08:33:47 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b 

PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (10/19/2014 08:33:41 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b 

PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (10/19/2014 08:30:51 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b 

PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (10/19/2014 08:30:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b 

PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (10/19/2014 08:30:08 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b 

PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (10/19/2014 08:30:01 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b 

PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (10/19/2014 08:29:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8007000b 

PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-20 15:41:06.896

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-20 15:41:06.850

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-20 15:12:27.335

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-20 15:12:27.288

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-20 15:12:27.210

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-20 15:12:27.164

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-20 15:12:26.399

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ndproxy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-20 15:12:26.352

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ndproxy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-20 15:12:26.290

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ndproxy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-20 15:12:26.228

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ndproxy.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-3612QM CPU @ 2.10GHz

Percentage of memory in use: 44%

Total physical RAM: 8074.31 MB

Available physical RAM: 4487.7 MB

Total Pagefile: 16146.8 MB

Available Pagefile: 12132.88 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:668.93 GB) (Free:532.94 GB) NTFS

Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.19 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 720A2987)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=668.9 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=8 GB) - (Type=84)

 

==================== End Of Log ============================

 

[gringo_pr]

Hello

We are very sorry for the delay in responding to your request, If you are still in need of assistance please let me know and I will get started in helping you with your request.

Regards,

Gringo

Malwareremoval

Malwarebytes

[gringo_pr]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!