Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Trouble with Poweshell - DLLHost


Recommended Posts

I am hoping that I may be able to get some advanced help. I have been having an issue with Powershell, DLLhost.exe 
I have seen numerous requests so hopfuly this might be a fairly easy straight forward fix..

Please find below, the logs from FRST64..

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Barb (administrator) on BARB-PC on 06-11-2014 18:30:13
Running from C:\Users\Barb\Desktop
Loaded Profile: Barb (Available profiles: Barb)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1586852538-242742460-451405244-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1586852538-242742460-451405244-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {306C0EDA-ADD3-40D8-8EBE-0177CB30BCB0} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {306C0EDA-ADD3-40D8-8EBE-0177CB30BCB0} URL = https://www.google.com/search?q={searchTerms}
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20141105174024.dll (McAfee, Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20141105174024.dll (McAfee, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-11-05]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-11-05] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-11-05] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-11-05] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-11-05] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-11-05] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-11-05] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-11-05] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 18:30 - 2014-11-06 18:31 - 00008930 _____ () C:\Users\Barb\Desktop\FRST.txt
2014-11-06 18:29 - 2014-11-06 18:30 - 00000000 ____D () C:\FRST
2014-11-06 17:29 - 2014-11-06 17:49 - 00000000 ____D () C:\Tools
2014-11-06 17:27 - 2014-11-06 17:12 - 02114560 _____ (Farbar) C:\Users\Barb\Desktop\FRST64.exe
2014-11-05 17:41 - 2014-11-05 17:41 - 00000000 ____D () C:\Users\Barb\AppData\Roaming\McAfee
2014-11-05 17:40 - 2014-11-05 17:39 - 00782968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-11-05 17:40 - 2014-11-05 17:39 - 00311600 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2014-11-05 17:40 - 2014-11-05 17:39 - 00180272 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2014-11-05 17:40 - 2014-11-05 17:39 - 00107032 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2014-11-05 17:40 - 2014-11-05 17:39 - 00011208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2014-11-05 17:39 - 2014-11-05 17:39 - 00344176 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2014-11-05 17:39 - 2014-11-05 17:39 - 00185280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-11-05 17:39 - 2014-11-05 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-05 17:38 - 2014-11-05 17:39 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-05 15:58 - 2014-11-06 17:47 - 00000336 _____ () C:\Windows\setupact.log
2014-11-05 15:58 - 2014-11-05 15:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-05 15:09 - 2014-11-05 15:11 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-11-05 15:06 - 2014-11-05 15:09 - 00000000 ____D () C:\Program Files\stinger
2014-11-05 14:28 - 2014-11-05 14:28 - 00000000 ____D () C:\646ddcd2ef15a4b648cb8a467d
2014-11-05 14:09 - 2014-11-06 17:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 14:07 - 2014-11-05 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 14:07 - 2014-11-05 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-05 14:07 - 2014-11-05 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-05 14:07 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-05 14:07 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-05 14:07 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-05 14:06 - 2014-11-06 17:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-05 14:06 - 2014-11-05 14:06 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-05 14:06 - 2014-11-05 14:06 - 00000000 ____D () C:\Users\Barb\AppData\Roaming\SUPERAntiSpyware.com
2014-11-05 14:06 - 2014-11-05 14:06 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-05 14:06 - 2014-11-05 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-05 09:39 - 2014-11-05 15:58 - 00000000 ____D () C:\ProgramData\HojizGamvo
2014-11-05 09:39 - 2014-11-05 15:58 - 00000000 ____D () C:\ProgramData\BufekXeqya
2014-10-31 19:53 - 2014-11-05 09:39 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-29 15:14 - 2014-10-29 15:14 - 00262144 _____ () C:\Windows\system32\config\ELAM
2014-10-29 15:12 - 2014-11-05 17:39 - 00121896 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2014-10-29 15:12 - 2014-11-05 17:39 - 00094080 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
2014-10-29 15:00 - 2014-11-05 17:39 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-10-29 14:58 - 2014-11-05 17:39 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-29 14:36 - 2014-10-29 14:36 - 00000000 ____D () C:\Users\Barb\AppData\Roaming\VS Revo Group
2014-10-29 14:27 - 2014-10-29 14:27 - 00000000 ____D () C:\Users\Barb\AppData\Local\VS Revo Group
2014-10-29 14:27 - 2014-10-29 14:27 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-10-29 14:27 - 2014-10-29 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-10-29 14:27 - 2014-10-29 14:27 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-29 14:27 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-10-16 08:43 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 08:43 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 08:43 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 08:43 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 08:43 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 08:43 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 08:43 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 08:43 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 08:43 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 08:43 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 08:43 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 08:42 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 08:42 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 08:42 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 08:42 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 08:42 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 08:42 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 08:42 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 08:42 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 08:42 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 08:42 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 08:42 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 08:42 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 08:42 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 08:42 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 08:42 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 08:42 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 08:42 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 08:42 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 08:42 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 08:42 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 08:42 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 08:42 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 08:42 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 08:42 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 08:42 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 08:42 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 08:42 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 08:42 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 08:42 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 08:42 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 08:42 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 08:42 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 08:42 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 08:42 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 08:42 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 08:42 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 08:42 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 08:42 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 08:42 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 08:42 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 08:42 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 08:42 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 08:42 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 08:42 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 08:42 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 08:42 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 08:42 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 08:42 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 08:42 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 08:42 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 08:42 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 08:42 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 08:42 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 08:42 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 08:42 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 08:41 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 08:41 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 08:40 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 08:40 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 08:40 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 08:40 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 08:40 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 08:40 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 08:40 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 08:40 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 08:40 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 08:40 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 08:40 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 08:40 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 08:40 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 08:40 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 08:39 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 08:39 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 08:39 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 08:39 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 17:57 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 17:57 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 17:56 - 2014-08-03 13:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 17:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 17:44 - 2014-08-03 00:28 - 01440020 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 17:43 - 2014-08-04 23:47 - 198861824 _____ () C:\Users\Barb\Documents\Outlook.pst
2014-11-06 17:29 - 2014-09-23 18:56 - 00000000 ____D () C:\QUARANTINE
2014-11-06 17:28 - 2009-07-14 00:13 - 00785302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 15:59 - 2014-08-04 21:35 - 36840448 _____ () C:\Users\Barb\Documents\archive.pst
2014-11-06 15:53 - 2014-08-03 01:50 - 00798048 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-05 17:39 - 2008-09-29 07:07 - 00025088 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
2014-11-05 17:16 - 2014-08-04 19:46 - 00000000 ____D () C:\Users\Barb\Documents\Gayle
2014-11-05 15:58 - 2010-11-20 22:47 - 00012508 _____ () C:\Windows\PFRO.log
2014-11-05 15:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2014-11-05 13:42 - 2014-08-02 21:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-03 13:01 - 2014-08-04 11:37 - 00000000 ____D () C:\Users\Barb\Documents\Family Tree Maker
2014-10-29 14:55 - 2014-08-04 21:34 - 00000000 ____D () C:\Users\Barb\Documents\WPLG-10 Miami_files
2014-10-29 14:55 - 2014-08-04 21:34 - 00000000 ____D () C:\Users\Barb\Documents\Wow
2014-10-29 14:55 - 2014-08-04 21:34 - 00000000 ____D () C:\Users\Barb\Documents\WindowPace
2014-10-29 14:55 - 2014-08-04 21:33 - 00000000 ____D () C:\Users\Barb\Documents\Wilda
2014-10-29 14:55 - 2014-08-04 21:32 - 00000000 ____D () C:\Users\Barb\Documents\WeddingMegMatt
2014-10-29 14:55 - 2014-08-04 21:32 - 00000000 ____D () C:\Users\Barb\Documents\WallimannMichael
2014-10-29 14:55 - 2014-08-04 21:30 - 00000000 ____D () C:\Users\Barb\Documents\WallimannDavid
2014-10-29 14:55 - 2014-08-04 21:25 - 00000000 ____D () C:\Users\Barb\Documents\Wallimann
2014-10-29 14:55 - 2014-08-04 21:25 - 00000000 ____D () C:\Users\Barb\Documents\UtterDwayne50
2014-10-29 14:55 - 2014-08-04 21:25 - 00000000 ____D () C:\Users\Barb\Documents\ThetaDeltaRho
2014-10-29 14:55 - 2014-08-04 21:22 - 00000000 ____D () C:\Users\Barb\Documents\The Diana Chronicles
2014-10-29 14:55 - 2014-08-04 21:21 - 00000000 ____D () C:\Users\Barb\Documents\TaxIncome
2014-10-29 14:55 - 2014-08-04 21:21 - 00000000 ____D () C:\Users\Barb\Documents\SusanRodden_2
2014-10-29 14:55 - 2014-08-04 21:21 - 00000000 ____D () C:\Users\Barb\Documents\StreetArt&Misc
2014-10-29 14:55 - 2014-08-04 21:21 - 00000000 ____D () C:\Users\Barb\Documents\SmithJesseEmma
2014-10-29 14:55 - 2014-08-04 21:11 - 00000000 ____D () C:\Users\Barb\Documents\Skip
2014-10-29 14:55 - 2014-08-04 21:10 - 00000000 ____D () C:\Users\Barb\Documents\RobertsonMacFamily
2014-10-29 14:55 - 2014-08-04 21:10 - 00000000 ____D () C:\Users\Barb\Documents\RobertsonEarl3
2014-10-29 14:55 - 2014-08-04 21:10 - 00000000 ____D () C:\Users\Barb\Documents\RobertsonClarence
2014-10-29 14:55 - 2014-08-04 21:09 - 00000000 ____D () C:\Users\Barb\Documents\RobertsonBible
2014-10-29 14:55 - 2014-08-04 21:09 - 00000000 ____D () C:\Users\Barb\Documents\Pictures Gayle's computer
2014-10-29 14:55 - 2014-08-04 21:08 - 00000000 ____D () C:\Users\Barb\Documents\Passports
2014-10-29 14:55 - 2014-08-04 21:08 - 00000000 ____D () C:\Users\Barb\Documents\Night Owl Trader Kodak_files
2014-10-29 14:55 - 2014-08-04 19:59 - 00000000 ____D () C:\Users\Barb\Documents\My Media
2014-10-29 14:54 - 2014-08-04 23:53 - 00000000 ____D () C:\Users\Barb\Documents\BatesHanfordWill
2014-10-29 14:54 - 2014-08-04 23:53 - 00000000 ____D () C:\Users\Barb\Documents\BabyBarbara
2014-10-29 14:54 - 2014-08-04 23:52 - 00000000 ____D () C:\Users\Barb\Documents\Apollo11
2014-10-29 14:54 - 2014-08-04 23:52 - 00000000 ____D () C:\Users\Barb\Documents\AlbumMartinRobertson
2014-10-29 14:54 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\Barb\Documents\AlbumFullerGladys
2014-10-29 14:54 - 2014-08-04 19:58 - 00000000 ___SD () C:\Users\Barb\Documents\My Data Sources
2014-10-29 14:54 - 2014-08-04 19:57 - 00000000 ____D () C:\Users\Barb\Documents\Munson
2014-10-29 14:54 - 2014-08-04 19:57 - 00000000 ____D () C:\Users\Barb\Documents\Mulley
2014-10-29 14:54 - 2014-08-04 19:57 - 00000000 ____D () C:\Users\Barb\Documents\MueckSculpture
2014-10-29 14:54 - 2014-08-04 19:54 - 00000000 ____D () C:\Users\Barb\Documents\Mackay
2014-10-29 14:54 - 2014-08-04 19:53 - 00000000 ____D () C:\Users\Barb\Documents\Letchwworth
2014-10-29 14:54 - 2014-08-04 19:52 - 00000000 ____D () C:\Users\Barb\Documents\LarsenTodd
2014-10-29 14:54 - 2014-08-04 19:51 - 00000000 ____D () C:\Users\Barb\Documents\KodakDownsize
2014-10-29 14:54 - 2014-08-04 19:50 - 00000000 ____D () C:\Users\Barb\Documents\KeukaSummer'04
2014-10-29 14:54 - 2014-08-04 19:50 - 00000000 ____D () C:\Users\Barb\Documents\JohnsonJenniferL
2014-10-29 14:54 - 2014-08-04 19:50 - 00000000 ____D () C:\Users\Barb\Documents\Jean-Marc&wedding
2014-10-29 14:54 - 2014-08-04 19:48 - 00000000 ____D () C:\Users\Barb\Documents\Hsdiv06
2014-10-29 14:54 - 2014-08-04 19:47 - 00000000 ____D () C:\Users\Barb\Documents\Hsd
2014-10-29 14:54 - 2014-08-04 19:47 - 00000000 ____D () C:\Users\Barb\Documents\Hoffmann
2014-10-29 14:54 - 2014-08-04 19:47 - 00000000 ____D () C:\Users\Barb\Documents\HimesRod
2014-10-29 14:54 - 2014-08-04 19:47 - 00000000 ____D () C:\Users\Barb\Documents\HerringtonHouse
2014-10-29 14:54 - 2014-08-04 19:47 - 00000000 ____D () C:\Users\Barb\Documents\Hartmann-HerrickWedding.JPEG
2014-10-29 14:54 - 2014-08-04 19:46 - 00000000 ____D () C:\Users\Barb\Documents\HandArtStewart
2014-10-29 14:54 - 2014-08-04 19:46 - 00000000 ____D () C:\Users\Barb\Documents\HagenSue
2014-10-29 14:54 - 2014-08-04 19:46 - 00000000 ____D () C:\Users\Barb\Documents\Gayle's computer
2014-10-29 14:54 - 2014-08-04 19:45 - 00000000 ____D () C:\Users\Barb\Documents\FTW New entered
2014-10-29 14:54 - 2014-08-04 11:36 - 00000000 ____D () C:\Users\Barb\Documents\EZ File
2014-10-29 14:54 - 2014-08-04 11:35 - 00000000 ____D () C:\Users\Barb\Documents\Elwell
2014-10-29 14:54 - 2014-08-04 11:32 - 00000000 ____D () C:\Users\Barb\Documents\DraftRegis
2014-10-29 14:54 - 2014-08-04 11:30 - 00000000 ____D () C:\Users\Barb\Documents\CHS Reunion
2014-10-29 14:54 - 2014-08-04 11:30 - 00000000 ____D () C:\Users\Barb\Documents\Cemeteries
2014-10-29 14:54 - 2014-08-04 11:30 - 00000000 ____D () C:\Users\Barb\Documents\Cats&CoolPics!!!
2014-10-29 14:54 - 2014-08-04 11:28 - 00000000 ____D () C:\Users\Barb\Documents\Belguim1945_files
2014-10-28 05:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-17 13:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 19:07 - 2009-07-13 23:45 - 00412504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 19:06 - 2014-08-03 10:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 18:37 - 2014-08-02 21:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 18:32 - 2014-08-03 00:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 18:31 - 2014-08-03 00:27 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-11 18:40 - 2014-08-04 21:25 - 00000000 ____D () C:\Users\Barb\Documents\USPS_Label_US_Akron_14001
2014-10-10 19:28 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 13:12
 
==================== End Of Log ============================
 
Now the additional log
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Barb at 2014-11-06 18:41:52
Running from C:\Users\Barb\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510gm_Help (x32 Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{1FDB8EC6-BAF1-42F9-8E09-4D9AB369F1B5}) (Version: 4.8.0.887 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OverDrive Media Console (HKLM-x32\...\{7A9AB748-A66C-46C2-84CA-D3185727C9B0}) (Version: 3.3.1 - OverDrive, Inc.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1586852538-242742460-451405244-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {FBEE13BB-0008-4528-B410-BDD24A95242F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1586852538-242742460-451405244-500 - Administrator - Disabled)
Barb (S-1-5-21-1586852538-242742460-451405244-1000 - Administrator - Enabled) => C:\Users\Barb
Guest (S-1-5-21-1586852538-242742460-451405244-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2014 06:07:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x134
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/06/2014 05:48:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/06/2014 05:34:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/06/2014 03:53:21 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error: (11/06/2014 03:53:21 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error: (11/06/2014 03:53:19 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error: (11/06/2014 03:53:19 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error: (11/06/2014 03:40:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/06/2014 03:14:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2014 05:53:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/06/2014 05:48:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/06/2014 05:47:55 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (11/06/2014 05:47:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:46:28 PM on ‎11/‎6/‎2014 was unexpected.
 
Error: (11/06/2014 05:36:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Security Center service terminated with the following error: 
%%16389
 
Error: (11/06/2014 05:33:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/06/2014 05:33:04 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (11/06/2014 05:30:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/06/2014 05:30:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/06/2014 05:30:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/06/2014 05:30:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (10/29/2014 02:10:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3468 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (09/10/2014 08:21:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (09/10/2014 08:20:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 771 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (08/20/2014 03:43:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 65157 seconds with 1080 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 450 @ 2.20GHz
Percentage of memory in use: 22%
Total physical RAM: 8156.98 MB
Available physical RAM: 6306.19 MB
Total Pagefile: 16312.15 MB
Available Pagefile: 14362.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:851.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2F937938)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 

 

Link to post
Share on other sites

Welcome to the forum....give this a try:

Download Malwarebytes Anti-Rootkit from HERE

Run the file and follow the onscreen instructions to extract it to a location of your choosing (your desktop by default)

Malwarebytes Anti-Rootkit will then open, follow the instruction in the wizard to update and allow the program to scan your computer for threats

Click on the Cleanup button to remove any threats and reboot if prompted to do so

Wait while the system shuts down and the cleanup process is performed

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process

MrC

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.