poweliks virus please help with removal

iefpro01 · October 29, 2014

My wife's laptop is getting constant blocks related to fffe5.com. I have the premium Malware bytes loaded. I have attached the key txt files asked for in other posts. I appreciate any time and consideration you can afford me.

Addition.txt

FRST.txt

malwarescan.txt

Naathim · October 30, 2014

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.

Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Accept the disclaimer and agree if prompted to install Recovery Console.
Do not take any actions while ComboFix goes through your System - it may cause it to stall!
This scan may take some time!
When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Don't forget to re-enable your previously switched-off protection software!

iefpro01 · October 30, 2014

thanks combofix.txt is attached. Really appreciate your help!

ComboFix.txt

Naathim · October 30, 2014

Hi

Fix with ComboFix

Let's prepare a Script for ComboFix to mark some things for being deleted.

Press the + R on your keyboard at the same time.
A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.

In the shown window paste in the following script:

Folder::c:\program files (x86)\WSE_Astromendac:\users\Carrie Shea\AppData\Roaming\WSE_Astromendac:\users\Carrie Shea\AppData\Roaming\DigitalSites

Go to File menu and select Save as.
Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
Name the file CFScript and select Save.

Your CFScript.txt file should appear on your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Now drag your CFScript file and drop it onto the icon:
This will start ComboFix. Let it run uninterrupted!
A reboot may be needed during this run. Allow it.
When finished, it shall produce a log for you at C:\ComboFix.txt and display it.

Please include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
Do not forget to turn on your previously switched-off protection software!

iefpro01 · October 31, 2014

Thanks again completed and combofix file attached

ComboFix.txt

Naathim · October 31, 2014

Could you please post your logs instead of attaching them? I asked about it in my first post, this makes my work harder. Use multiple posts if necesary.

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and let this process run uninterrupted.
This scan can take a while, depending on your System specs.
Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
The program will begin to update the database (if internet connection is operational). Please wait a little bit.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.

iefpro01 · October 31, 2014

Thanks, I appoligize for the attachments. I could not copy and paste with IE. So finally got it work with Firefox. I did make a donation for your hard work - thanks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Carrie Shea on Fri 10/31/2014 at 16:09:56.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{65838780-06D0-4E3A-8E4E-71C26EB71EEB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E7C991E0-8E85-4F82-8D6F-12B534963C43}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E7C991E0-8E85-4F82-8D6F-12B534963C43}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/31/2014 at 16:13:43.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# AdwCleaner v3.311 - Report created 31/10/2014 at 16:25:53
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Carrie Shea - CARRIESHEA-PC
# Running from : C:\Users\Carrie Shea\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKLM\SOFTWARE\InstallCore

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

*************************

AdwCleaner[R0].txt - [1394 octets] - [31/10/2014 16:25:00]
AdwCleaner[s0].txt - [1035 octets] - [31/10/2014 16:25:53]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1095 octets] ##########

Naathim · November 1, 2014

OK, now this one to get them, especially that crappy astromenda.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

createsrpoint;autoclean;emptyfolderscheck;deleteprocess;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!

iefpro01 · November 1, 2014

Hre is the text from zoek-results

Zoek.exe v5.0.0.0 Updated 31-10-2014
Tool run by Carrie Shea on Fri 10/31/2014 at 21:55:19.12.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Carrie Shea\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

10/31/2014 9:57:29 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Users\Carrie Shea\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Carrie Shea\AppData\Local\Intel WiDi deleted successfully
C:\Users\Carrie Shea\AppData\Local\LogMeIn Rescue Applet deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

Accidental Damage Services Agreement
Adobe Flash Player 15 ActiveX
Adobe Reader X (10.1.12) MUI
Apple Application Support
Apple Software Update
Banctec Service Agreement
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell Edoc Viewer
Dell Home Systems Service Agreement
Dell System Detect
Dell System Detect Bootstrapper
Dell Touchpad
eBay
Install LoJack for Laptops
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® WiDi
Intel® Wireless Display
Intelr PROSet/Wireless WiFi Software
Intelr Trusted Connect Service Client
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.3.1025
McAfee SecurityCenter
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Home and Business 2013 - en-us
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
My Dell
NVIDIA Control Panel 331.65
NVIDIA Graphics Driver 331.65
NVIDIA Install Application
NVIDIA Optimus 1.15.2
NVIDIA Update 1.15.2
NVIDIA Update Components
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PCmover Professional
Photo Common
Photo Gallery
Premium Service Agreement
QualxServ Service Agreement
Quickset64
QuickTime
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SkypeT 6.3
Term Tutor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\TermTutor\Service\ttsvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Carrie Shea\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AMPPALR3] - Intel® Centrino® Wireless Bluetooth® + High Speed Service - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
R2 - [bluetooth Device Monitor] - Bluetooth Device Monitor - "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
R2 - [bluetooth Media Service] - Bluetooth Media Service - "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
R2 - [bluetooth OBEX Service] - Bluetooth OBEX Service - "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
R2 - [bTHSSecurityMgr] - Intel® Centrino® Wireless Bluetooth® + High Speed Security Service - "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
R2 - [EvtEng] - Intel® PROSet/Wireless Event Log - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"
R2 - [intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
R2 - [McAPExe] - McAfee AP Service - "C:\Program Files\McAfee\MSC\McAPExe.exe"
R2 - [McShield] - McAfee McShield - "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"
R2 - [mfecore] - McAfee Anti-Malware Core - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
R2 - [mfefire] - McAfee Firewall Core Service - "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
R2 - [mfevtp] - McAfee Validation Trust Protection Service - "C:\Windows\system32\mfevtps.exe"
R2 - [nvsvc] - NVIDIA Display Driver Service - "C:\Windows\system32\nvvsvc.exe"
R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
R2 - [RegSrvc] - Intel® PROSet/Wireless Registry Service - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
R2 - [sftService] - SoftThinks Agent Service - "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE"
R2 - [sTacSV] - Audio Service - C:\Program Files\IDT\WDM\STacSV64.exe
R2 - [ttsvc] - Term Tutor Client Service - "C:\Program Files (x86)\TermTutor\Service\ttsvc.exe"
R2 - [uNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R2 - [ZeroConfigService] - Intel® PROSet/Wireless Zero Configuration Service - "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [skypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [McAWFwk] - McAfee Activation Service - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
S3 - [McODS] - McAfee Scanner - "C:\Program Files\mcafee\VirusScan\mcods.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [sNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [TurboBoost] - Intel® Turbo Boost Technology Monitor 2.0 - "C:\Program Files\Intel\TurboBoost\TurboBoost.exe"
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ttnfd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ttnfd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ttsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ttsvc deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~2\TermTutor deleted
C:\Program Files\TermTutor deleted
C:\windows\SysNative\drivers\ttnfd.sys deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== System Specs ======================

Operating System: Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 64-bit
Manufacturer: Dell Inc.          - Model: Inspiron 7720
Install Date: 4/20/2013 10:10:21 AM
Last Boot: 10/31/2014 4:33:01 PM
Processor: Intel® Core i7-3630QM CPU @ 2.40GHz
Number of Processors: 8
Work Station
Bootmode: Normal boot
Total RAM: 8052 MB (free 5266 MB - 65)
Computername: CARRIESHEA-PC
Domain: WORKGROUP
User: Carrie Shea (Administrator account)
Local Disk:        C:\ - NTFS - 919 GB (free 835 GB)
CD \ DVD Drive:    D:\
Bootdevice: \Device\HarddiskVolume2
Windows update:
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: McAfee Anti-Virus and Anti-Spyware On-access scanning disabled (Outdated)
Anti-Virus: McAfee Anti-Virus and Anti-Spyware On-access scanning disabled (Outdated)
Anti-Spyware: McAfee Anti-Virus and Anti-Spyware disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: McAfee Anti-Virus and Anti-Spyware disabled (Outdated)
Firewall: McAfee Firewall disabled
Firewall: McAfee Firewall disabled
Internet Explorer Version: 11.0.9600.17358
Adobe Reader version: 10.1.12.15

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-10-30 20:59:36   F042EE4C8D66248D9B86DCF52ABAE416   256000   ----a-w-   C:\Windows\PEV.exe
2014-10-30 20:59:36   9E05A9C264C8A908A8E79450FCBFF047   80412   ----a-w-   C:\Windows\grep.exe
2014-10-30 20:59:36   5E832F4FAF5F481F2EAF3B3A48F603B8   68096   ----a-w-   C:\Windows\zip.exe
2014-10-30 20:59:36   0297C72529807322B152F517FDB0A9FC   406528   ----a-w-   C:\Windows\SWSC.exe
2014-10-30 20:59:36   0277C027A26428DB64EF4F64F52BB4FD   208896   ----a-w-   C:\Windows\MBR.exe
====== C:\Users\CARRIE~1\AppData\Local\Temp ====
2014-10-31 21:09:22   E0DC8C6BBC787B972A9A468648DBFD85   1008128   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\libiconv2.dll
2014-10-31 21:09:22   D202BAA425176287017FFE1FB5D1B77C   103424   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\libintl3.dll
2014-10-31 21:09:22   57CAC848FA14AE38F14F9441F8933282   140288   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\pcre3.dll
2014-10-31 21:09:22   547C43567AB8C08EB30F6C6BACB479A3   79360   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\regex2.dll
2014-10-31 21:09:22   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-10-29 12:58:57   26C43960C99EE861A5D0EDC4DCF3B1C3   129752   ----a-w-   C:\Windows\Sysnative\drivers\29962D9D.sys
2014-10-16 00:08:55   FE571E088C2D83619D2D48D4E961BF41   212480   ----a-w-   C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-16 00:08:55   E232A3B43A894BB327FC161529BD9ED1   39936   ----a-w-   C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Carrie Shea\AppData\Roaming ======
2014-10-31 02:42:39   --------   d-----w-   C:\Users\UpdatusUser\AppData\Local\temp
2014-10-31 02:42:39   --------   d-----w-   C:\Users\Public\AppData\Local\temp
2014-10-31 02:42:39   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2014-10-31 02:42:39   --------   d-----w-   C:\Users\Default User\AppData\Local\temp
====== C:\Users\Carrie Shea ======
2014-10-31 21:07:23   12EFD5FA51597F188E5DB50BE20EE597   1375089   ----a-w-   C:\Users\Carrie Shea\Desktop\AdwCleaner.exe
2014-10-31 21:06:57   27A4F18F1BB9F05D71128BADD4DCD5C3   1706144   ----a-w-   C:\Users\Carrie Shea\Desktop\JRT.exe
2014-10-30 21:10:27   --------   d-----w-   C:\Users\Public\AppData

====== C: exe-files ==
2014-10-31 21:09:22   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-31 21:07:23   12EFD5FA51597F188E5DB50BE20EE597   1375089   ----a-w-   C:\Users\Carrie Shea\Desktop\AdwCleaner.exe
2014-10-31 21:06:57   27A4F18F1BB9F05D71128BADD4DCD5C3   1706144   ----a-w-   C:\Users\Carrie Shea\Desktop\JRT.exe
2014-10-30 20:59:36   F042EE4C8D66248D9B86DCF52ABAE416   256000   ----a-w-   C:\Windows\PEV.exe
2014-10-30 20:59:36   9E05A9C264C8A908A8E79450FCBFF047   80412   ----a-w-   C:\Windows\grep.exe
2014-10-30 20:59:36   5E832F4FAF5F481F2EAF3B3A48F603B8   68096   ----a-w-   C:\Windows\zip.exe
2014-10-30 20:59:36   0297C72529807322B152F517FDB0A9FC   406528   ----a-w-   C:\Windows\SWSC.exe
2014-10-30 20:59:36   0277C027A26428DB64EF4F64F52BB4FD   208896   ----a-w-   C:\Windows\MBR.exe
=== C: other files ==
2014-11-01 03:10:08   A29030FB93B2E48EDD124749881406CE   943211   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\sysspec\SysSpec.zip
2014-11-01 02:54:10   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXQ33QMC\smartconsumerrewards[1].com
2014-11-01 02:50:58   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PN0RNHOC\www.network54[1].com
2014-11-01 02:44:23   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PN0RNHOC\coreclickhoo[1].com
2014-11-01 02:43:38   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COEAJBX8\forums.gardenweb[1].com
2014-11-01 02:36:41   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WRO7T0B\abradora[1].com
2014-11-01 02:25:40   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXQ33QMC\clashdaily[1].com
2014-11-01 02:25:37   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP1DRX2H\p.display-trk[1].com
2014-11-01 02:25:37   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COEAJBX8\click.dealshark[1].com
2014-10-31 21:09:22   F56A319979F631C141F5FF02DF87FDB1   43563   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\prelim.bat
2014-10-31 21:09:22   DD1E4D974B1672ABD09EFFB225791C4A   1230   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\TDL4.bat
2014-10-31 21:09:22   AD2F52DC72B10AF331692E4A4DD80DFC   18670   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\medfos.bat
2014-10-31 21:09:22   AA0C656F898523BEDF2DA6923197BB80   1264   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\surfvox.bat
2014-10-31 21:09:22   8E6020C14F982CF11B3FE7DBB0CB8EDE   24738   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\searchlnk.bat
2014-10-31 21:09:22   86707BCE5CBB65D9B1C41E249B4423BA   152733   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\firefox.bat
2014-10-31 21:09:22   83F691D8398F0E37E71E9355BF730DB9   719   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\ev_clear.bat
2014-10-31 21:09:22   7F7A362CC9FBF3AD1D1E7C37DD825C0F   14957   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\get.bat
2014-10-31 21:09:22   730313487A4CF7DCAA4039643F72A1BE   184027   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\misc.bat
2014-10-31 21:09:22   4D80C7010E2CE44AB25FA25B013649E4   8085   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\mws.bat
2014-10-31 21:09:22   38A0BDF322ACCC968B0A824C38D50157   29635   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\ask.bat
2014-10-31 21:09:22   335DFF8F23E5EC02B5426362F0F8509B   31401   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\iexplore.bat
2014-10-31 21:09:22   323C58D6693BEC9A6A37566F37D81B22   9469   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\runvalues.bat
2014-10-31 21:09:22   0C4649A62845AB5D5DBCC4998477FF6D   1813   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\delfolders.bat
2014-10-31 21:09:22   048407135C9B1FB6A355E256BD96160D   14192   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Temp\jrt\chrome.bat
2014-10-31 21:06:22   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQNFEL4Y\www.ascentive[1].com
2014-10-31 18:55:52   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WRO7T0B\www.theblaze[1].com
2014-10-31 18:30:02   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WRO7T0B\humanevents[1].com
2014-10-31 18:18:49   683DCEACBA76AA3477DF67A8515F0EE2   18192   ----a-w-   C:\ProgramData\PCDr\6426\AddOnDownloaderCache\zipped\1335285b-7802-4713-a3f7-9bd8198c76e0.zip
2014-10-31 18:18:49   5783305B08B976ECF2605A704998CEE6   51812   ----a-w-   C:\ProgramData\PCDr\6426\AddOnDownloaderCache\zipped\c234a47d-843f-4a61-889b-e1538e961da5.zip
2014-10-31 18:18:49   473F66CE242F0997AC8C51A7D7889726   37115   ----a-w-   C:\ProgramData\PCDr\6426\AddOnDownloaderCache\zipped\caac49ab-d9d8-4f29-a409-2a9a30ae62af.zip
2014-10-31 18:18:49   17C0D3A31E5682B74A7A5A4F9868E2A1   17978   ----a-w-   C:\ProgramData\PCDr\6426\AddOnDownloaderCache\zipped\8996ad0f-b495-44ab-a09b-997642f10f32.zip
2014-10-31 18:11:22   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQRC1C01\conservativebyte[1].com
2014-10-31 18:07:37   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQRC1C01\www.al[1].com
2014-10-31 18:06:01   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UFVJE3O\savingourfuture[1].com
2014-10-31 18:00:39   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UFVJE3O\godfatherpolitics[1].com
2014-10-31 17:28:51   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UFVJE3O\radar.cbslocal[1].com
2014-10-31 17:28:08   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQRC1C01\axp.zedo[1].com
2014-10-31 17:28:03   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKH9UDVJ\weather.dfw.cbslocal[1].com
2014-10-31 16:52:27   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXOAPMM8\get.adobe[1].com
2014-10-31 16:52:17   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKH9UDVJ\bleacherreport[1].com
2014-10-31 14:22:57   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQRC1C01\neilsperry[1].com
2014-10-31 14:22:18   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQRC1C01\campaign.r20.constantcontact[1].com
2014-10-31 14:21:28   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQRC1C01\libertyalliance[1].com
2014-10-31 14:06:47   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWQYSA5Z\www.godvine[1].com
2014-10-31 13:56:55   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP1DRX2H\www.youtube[1].com
2014-10-31 13:56:01   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP1DRX2H\trees.ancestry[1].com
2014-10-31 13:50:59   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXQ33QMC\www.gardenweb[1].com
2014-10-31 13:37:06   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXQ33QMC\www.newsmax[1].com
2014-10-31 13:32:45   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXQ33QMC\teapartyeconomist[1].com
2014-10-31 13:29:31   8A80554C91D9FCA8ACB82F023DE02F11   3   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP1DRX2H\www.jacquielawson[1].com
2014-10-31 13:29:31   4CE3D20B90718BFF7BB46BAEB9171379   14   ----a-w-   C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N43960N2\jacquielawson[1].com
2014-10-29 12:58:57   26C43960C99EE861A5D0EDC4DCF3B1C3   129752   ----a-w-   C:\Windows\System32\drivers\29962D9D.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3289117787-2884422777-419211814-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3289117787-2884422777-419211814-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\System32\\nvinitx.dll"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BLEServicesCtrl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BLEServicesCtrl"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Intel\\Bluetooth\\BleServicesCtrl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BTMTrayAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BTMTrayAgent"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\Program Files (x86)\\Intel\\Bluetooth\\btmshell.dll\",TrayApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellSystemDetect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DellSystemDetect"
"hkey"="HKCU"
"command"="C:\\Users\\Carrie Shea\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Dell\\Dell System Detect.appref-ms"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/24/2014 07:27 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{D19CA586-DD6C-4a0a-96F8-14644F340D60}"="C:\Program Files (x86)\Common Files\McAfee\SystemCore" [07/26/2014 07:46 AM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.yahoo.com/search?fr=mcafee&p=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{AFCC4785-04BA-4889-A595-722256D2B0C3} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3289117787-2884422777-419211814-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_USERS\S-1-5-21-3289117787-2884422777-419211814-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Carrie Shea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=13 folders=7 1004403 bytes)

==== Empty Temp Folders ======================

C:\Users\Carrie Shea\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\CARRIE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 10/31/2014 at 22:16:12.93 ======================

Naathim · November 1, 2014

ZOEK cleaned some more things, so let's see where are we now

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

iefpro01 · November 3, 2014

Here is the latest Farbar results. I will be traveling the rest of the week. I hope the machine is clean now. it doesnt seem to ahve any symptoms anymore... I greatly appreciate your help on this.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Carrie Shea (administrator) on CARRIESHEA-PC on 02-11-2014 20:12:23
Running from C:\Users\Carrie Shea\Desktop
Loaded Profiles: UpdatusUser & Carrie Shea (Available profiles: UpdatusUser & Carrie Shea)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-04-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3289117787-2884422777-419211814-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {3B369D47-D259-4114-90CB-0DE3D0690668} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKLM - {E7C991E0-8E85-4F82-8D6F-12B534963C43} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {3B369D47-D259-4114-90CB-0DE3D0690668} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-04-08]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-08]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2012-05-21] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
U3 mfeapfk01; No ImagePath
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 20:12 - 2014-11-02 20:12 - 00015559 _____ () C:\Users\Carrie Shea\Desktop\FRST.txt
2014-11-02 20:11 - 2014-11-02 20:11 - 02114560 _____ (Farbar) C:\Users\Carrie Shea\Desktop\FRST64.exe
2014-11-02 20:02 - 2014-11-02 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-02 07:16 - 2014-11-02 07:16 - 00006390 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-10-31 21:20 - 2014-10-31 21:20 - 00034965 _____ () C:\Users\Carrie Shea\Desktop\zoek-results.txt
2014-10-31 21:14 - 2014-10-31 20:55 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-31 20:57 - 2014-10-31 21:16 - 00034962 _____ () C:\zoek-results.log
2014-10-31 20:55 - 2014-10-31 21:10 - 00000000 ____D () C:\zoek_backup
2014-10-31 20:54 - 2014-10-31 20:54 - 01292800 _____ () C:\Users\Carrie Shea\Desktop\zoek.exe
2014-10-31 15:28 - 2014-10-31 15:28 - 00001179 _____ () C:\Users\Carrie Shea\Desktop\AdwCleaner[s0].txt
2014-10-31 15:24 - 2014-10-31 15:32 - 00000000 ____D () C:\AdwCleaner
2014-10-31 15:13 - 2014-10-31 15:13 - 00001222 _____ () C:\Users\Carrie Shea\Desktop\JRT.txt
2014-10-31 15:09 - 2014-10-31 15:09 - 00000000 ____D () C:\Windows\ERUNT
2014-10-31 15:07 - 2014-10-31 15:07 - 01375089 _____ () C:\Users\Carrie Shea\Desktop\AdwCleaner.exe
2014-10-31 15:06 - 2014-10-31 15:06 - 01706144 _____ (Thisisu) C:\Users\Carrie Shea\Desktop\JRT.exe
2014-10-30 20:42 - 2014-10-30 20:42 - 00027524 _____ () C:\ComboFix.txt
2014-10-30 14:59 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-30 14:59 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-30 14:59 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-30 14:59 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-30 14:59 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-30 14:59 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-30 14:59 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-30 14:59 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-30 14:58 - 2014-10-30 20:42 - 00000000 ____D () C:\Qoobox
2014-10-30 14:58 - 2014-10-30 15:09 - 00000000 ____D () C:\Windows\erdnt
2014-10-30 14:51 - 2014-10-30 14:51 - 00000000 _____ () C:\Users\Carrie Shea\Downloads\ComboFix.exe.pq7d8v6.partial
2014-10-29 15:40 - 2014-10-29 15:40 - 00073556 _____ () C:\Users\Carrie Shea\Desktop\malwarescan.txt
2014-10-29 15:38 - 2014-10-29 15:38 - 00033642 _____ () C:\Users\Carrie Shea\Desktop\FRST1.txt
2014-10-29 15:38 - 2014-10-29 15:38 - 00024197 _____ () C:\Users\Carrie Shea\Desktop\1.txt
2014-10-29 15:21 - 2014-11-02 20:12 - 00000000 ____D () C:\FRST
2014-10-29 06:58 - 2014-10-29 15:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\29962D9D.sys
2014-10-15 18:10 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 18:10 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 18:10 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 18:10 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 18:10 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 18:10 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 18:10 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 18:10 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 18:09 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 18:09 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 18:09 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 18:09 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 18:09 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 18:09 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 18:09 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 18:09 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 18:09 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 18:09 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 18:09 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 18:09 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 18:09 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 18:09 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 18:09 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 18:09 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 18:09 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 18:09 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 18:09 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 18:09 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 18:09 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 18:09 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 18:09 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 18:09 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 18:09 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 18:09 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 18:09 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 18:09 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 18:09 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 18:09 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 18:09 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 18:09 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 18:09 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 18:09 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 18:09 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 18:09 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 18:09 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 18:09 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 18:09 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 18:09 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 18:09 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 18:09 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 18:09 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 18:09 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 18:09 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 18:09 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 18:09 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 18:09 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 18:09 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 18:09 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 18:09 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 18:09 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 18:09 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 18:09 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 18:09 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 18:09 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 18:09 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 18:09 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 18:09 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 18:09 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 18:09 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 18:08 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 18:08 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 18:08 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 18:08 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 18:08 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 18:08 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 18:08 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 18:08 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 18:08 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 18:08 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 18:08 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 18:08 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 18:08 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 18:08 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 18:08 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 18:08 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 18:08 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 19:38 - 2014-07-10 13:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 19:27 - 2013-04-08 08:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 13:00 - 2013-05-21 15:05 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-11-02 08:05 - 2013-04-08 09:53 - 01517853 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 07:20 - 2009-07-13 22:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 07:20 - 2009-07-13 22:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 07:09 - 2013-04-08 08:55 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-02 07:09 - 2013-04-08 08:55 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-02 07:09 - 2013-04-08 08:37 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-02 07:09 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 07:09 - 2009-07-13 22:51 - 00084928 _____ () C:\Windows\setupact.log
2014-10-31 21:15 - 2010-11-20 21:47 - 00344330 _____ () C:\Windows\PFRO.log
2014-10-31 15:18 - 2011-02-10 10:10 - 00801912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-31 06:44 - 2009-07-13 23:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 20:41 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-30 15:07 - 2013-04-20 09:10 - 00000000 ____D () C:\Users\Carrie Shea
2014-10-30 08:00 - 2013-04-08 08:51 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-29 18:19 - 2013-04-08 08:51 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-10-22 06:56 - 2013-04-20 11:44 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-18 07:17 - 2014-07-10 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-18 07:17 - 2014-07-10 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 08:06 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 06:44 - 2009-07-13 22:45 - 00327096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 06:42 - 2014-05-06 19:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 20:05 - 2013-07-19 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 20:03 - 2013-04-20 09:50 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-11 06:27 - 2013-07-13 06:21 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-10-11 06:27 - 2013-04-08 08:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 07:14

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Carrie Shea at 2014-11-02 20:12:58
Running from C:\Users\Carrie Shea\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.1.0.41 - Dell)
Dell System Detect Bootstrapper (HKCU\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.217 - ALPS ELECTRIC CO., LTD.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Install LoJack for Laptops (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0.39 - Absolute Software)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{A10B1524-63B5-40F2-B272-D841CF671C16}) (Version: 2.2.0.0266 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
PCmover Professional (HKLM-x32\...\{E3E4E333-3906-4D2F-9F11-CEB556D5BCC2}) (Version: 8.00.631.0 - Laplink Software, Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.37 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Term Tutor (HKLM-x32\...\TermTutor) (Version: 1.9.0.8 - Term Tutor) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3289117787-2884422777-419211814-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Carrie Shea\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3289117787-2884422777-419211814-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Carrie Shea\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3289117787-2884422777-419211814-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Carrie Shea\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3289117787-2884422777-419211814-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Carrie Shea\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3289117787-2884422777-419211814-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Carrie Shea\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

16-10-2014 02:02:50 Windows Update
23-10-2014 14:42:03 Scheduled Checkpoint
30-10-2014 19:49:49 Scheduled Checkpoint
01-11-2014 02:57:14 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-10-30 20:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {177A0160-96AF-412C-87E8-D251D0B40517} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {255752E3-5DC1-47A0-8B51-CC325D597D83} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {31519E67-07E2-4D08-90E6-3D659F0F412F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {66E13F09-8D76-4502-89F2-1516AD61CB91} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {FC278CCE-C18C-450A-920C-382F6DAB899D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-04-08 09:53 - 2013-10-23 02:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-29 06:01 - 2014-09-09 08:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 06:41 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-08 09:33 - 2012-03-26 19:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-08 08:37 - 2012-01-26 20:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-10-16 07:26 - 2014-10-16 07:26 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\192740d8e29e7df387d0d7686ae2b535\PSIClient.ni.dll
2013-04-08 08:23 - 2012-01-20 10:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Carrie Shea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-3289117787-2884422777-419211814-500 - Administrator - Disabled)
Carrie Shea (S-1-5-21-3289117787-2884422777-419211814-1002 - Administrator - Enabled) => C:\Users\Carrie Shea
Guest (S-1-5-21-3289117787-2884422777-419211814-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3289117787-2884422777-419211814-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-3289117787-2884422777-419211814-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 07:16:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 22464. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/02/2014 07:16:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/02/2014 07:16:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 22464. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/02/2014 07:09:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 07:09:33 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (11/01/2014 02:03:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x30bdb160
Faulting process id: 0x2590
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/01/2014 07:17:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 07:17:33 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (10/31/2014 09:17:47 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (10/31/2014 09:15:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/02/2014 07:10:32 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/31/2014 09:09:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/31/2014 09:09:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/31/2014 09:09:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/31/2014 09:09:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/31/2014 09:09:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/31/2014 09:09:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/31/2014 09:09:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/31/2014 09:09:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/31/2014 09:09:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (11/02/2014 07:16:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: 2246416C0570000BE570000BF570000B8010000

Error: (11/02/2014 07:16:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (11/02/2014 07:16:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: 2246416C0570000BE570000BF57000068010000

Error: (11/02/2014 07:09:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 07:09:33 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (11/01/2014 02:03:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63unknown0.0.0.000000000c000000530bdb160259001cff60ecd7bcf0fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown2c7cf6e4-6202-11e4-b050-5cf9dd5c9dd4

Error: (11/01/2014 07:17:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 07:17:33 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (10/31/2014 09:17:47 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (10/31/2014 09:15:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2014-10-30 21:40:30.281
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 21:40:30.219
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 21:40:30.157
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 21:40:30.110
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 16:07:40.860
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-30 16:07:40.798
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8052.06 MB
Available physical RAM: 5292.08 MB
Total Pagefile: 16102.3 MB
Available Pagefile: 12778.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.71 GB) (Free:835.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: C2D369AA)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

AdvancedSetup · January 9, 2015

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

poweliks virus please help with removal

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information