Assistance need...anyone? IE can't open, VirusScan won't run.

mstroz14 · November 12, 2014

Internet Explorer was not working this morning. It would open, but just a blank screen and could not connect to Internet. Tried to run the McAfee Virus Scan product. I noticed that it was no longer in the systray or running in the backgound. When I went to start it up, I received the message "This program is blocked by group Policy" though there is no Group Policy in force.

I was able to install Firefox and then able to update the Malwarebytes files and ran a scan using Malwarebytes. It found approx 26 items, to which I quarantined and then deleted.

Still no improvement on Internet Explorer or McAfee product.

Thanks,

mstroz14

mstroz14 · November 12, 2014

I have tried to run the Farbar Recovery Scan Tool to post the results.

It is stuck in "Not Responding" mode upon opening the program when it's trying to get the latest updates.

So it doesn't look like I will be able to run this Scan Tool either.

mstroz14 · November 12, 2014

Upon reboot of the pc, chkdsk insisted on running.

It ran and fixed some errors.

I then tried the Farbar Recovery tool again. This time it ran ok....See logs below.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by maureen (administrator) on LAT5520-9TS0CT1 on 12-11-2014 15:08:00
Running from C:\Users\maureen.RSC\Desktop
Loaded Profile: maureen (Available profiles: maureen & maureen & insp1 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Business Technical Consulting) C:\Program Files (x86)\VizManager\VizManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [DFEPApplication] => c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [1708048 2011-02-27] (Trend Micro Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [VizManager] => C:\Program Files (x86)\VizManager\VizManager.exe [233472 2014-01-20] (Business Technical Consulting)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [VizManager] => [X]
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-09] (SUPERAntiSpyware)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [GoogleUpdate] => C:\Users\maureen.RSC\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [ucilluo] => rundll32 "C:\Users\maureen.RSC\AppData\Local\ucilluo.dll",ucilluo <===== ATTENTION
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\MountPoints2: {e4b59800-5268-11e4-90f9-d067e54fca53} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\insp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [smartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {90425496-0F29-4E1B-908D-C034F1AB632B} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140826160204.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140826160210.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} http://rsc5:8080/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://151.106.100.108/WebClient.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 151.106.100.47 151.106.100.45

FireFox:
========
FF ProfilePath: C:\Users\maureen.RSC\AppData\Roaming\Mozilla\Firefox\Profiles\d3t080qv.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012-06-12]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-07-10]

Chrome:
=======
CHR Profile: C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (YouTube) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (Google Search) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (Giant Savings) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj [2013-11-27]
CHR Extension: (Google Wallet) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-07-11] (Macrovision Europe Ltd.) [File not signed]
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2014-08-26] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2014-08-26] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1836616 2011-02-18] (Trend Micro Inc.)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2011-04-07] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060896 2011-02-18] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [596032 2010-07-21] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917840 2010-07-21] (Trend Micro Inc.)
S3 VISUAL Exchange Service 1.2.101.145; c:\infor\visual enterprise\visual .net\bin\vxcservice.exe [28672 2010-08-18] (Infor Global Solutions, Inc.) [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed]
S3 InforVisualDrillback; "C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe" -p 9090 -n InforVisualDrillback webserversrvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2014-08-26] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2014-08-26] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2014-08-26] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2014-08-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2014-08-26] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [310032 2011-03-24] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42768 2011-03-24] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [1988368 2011-03-24] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 15:08 - 2014-11-12 15:13 - 00026308 _____ () C:\Users\maureen.RSC\Desktop\FRST.txt
2014-11-12 15:07 - 2014-11-12 15:08 - 00000000 ____D () C:\FRST
2014-11-12 15:01 - 2014-11-12 15:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-11-12 14:59 - 2014-11-12 14:59 - 00003408 ____N () C:\bootsqm.dat
2014-11-12 14:56 - 2014-11-12 14:56 - 00000000 __SHD () C:\found.000
2014-11-12 14:24 - 2014-11-12 14:25 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\maureen.RSC\Desktop\tdsskiller.exe
2014-11-12 14:00 - 2014-11-12 14:01 - 02140160 _____ () C:\Users\maureen.RSC\Downloads\AdwCleaner.exe
2014-11-12 13:33 - 2014-11-12 13:34 - 02116096 _____ (Farbar) C:\Users\maureen.RSC\Desktop\FRST64.exe
2014-11-10 10:20 - 2014-11-12 08:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 10:20 - 2014-11-10 11:23 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-10 10:20 - 2014-11-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 10:20 - 2014-11-10 10:20 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Roaming\Mozilla
2014-11-10 10:20 - 2014-11-10 10:20 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Local\Mozilla
2014-11-10 10:20 - 2014-11-10 10:20 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-09 21:49 - 2014-11-09 21:49 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Local\Omqqics
2014-11-09 21:49 - 2014-11-09 21:49 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Local\ITVsoft
2014-11-09 21:48 - 2014-11-10 11:08 - 00000000 ____D () C:\ProgramData\ZekmIxub
2014-11-09 21:48 - 2014-11-10 11:08 - 00000000 ____D () C:\ProgramData\GusoyBowde
2014-11-09 15:54 - 2014-11-10 11:08 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Roaming\FrameworkUpdate7
2014-11-09 15:54 - 2014-11-09 15:54 - 00000448 ____H () C:\Users\maureen.RSC\AppData\Roaming\麽鎒駓覜
2014-11-04 14:47 - 2014-11-04 13:32 - 00050688 _____ () C:\Users\maureen.RSC\Desktop\UTS.ASD.PrePatchCleaner.exe
2014-11-04 09:58 - 2014-10-16 12:24 - 00000313 _____ () C:\Users\maureen.RSC\Desktop\license.dat
2014-10-27 10:25 - 2014-10-27 10:25 - 00012761 _____ () C:\UNPAID CHILD SUPPORT -2.xlsx
2014-10-27 09:50 - 2014-10-27 10:24 - 00012763 _____ () C:\UNPAID CHILD SUPPORT.xlsx
2014-10-20 08:07 - 2014-10-20 08:07 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-20 08:07 - 2014-10-20 08:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-20 08:07 - 2014-10-20 08:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-20 08:07 - 2014-10-20 08:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 08:07 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 08:07 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 01:31 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 01:31 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 01:30 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 01:30 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 01:30 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 01:30 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 01:30 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 01:30 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 01:30 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 01:30 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 01:30 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 01:30 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 01:30 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 01:30 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 01:30 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 01:30 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 01:30 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 01:30 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 01:30 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 01:30 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 01:30 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 01:30 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 01:30 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 01:30 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 01:30 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 01:30 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 01:30 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 01:30 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 01:30 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 01:30 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 01:30 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 01:30 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 01:30 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 01:30 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 01:30 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 01:30 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 01:30 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 01:30 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 01:30 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 01:30 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 01:30 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 01:30 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 01:30 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 01:30 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 01:30 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 01:30 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 01:30 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 01:30 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 01:30 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 01:30 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 01:30 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 01:30 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 01:30 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 01:30 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 01:30 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 01:30 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 01:30 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 01:30 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 01:30 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 01:30 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 01:30 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 01:29 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 01:29 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 01:28 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 01:28 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 01:28 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 01:28 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 01:28 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 01:28 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 01:28 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 01:28 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 01:28 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 01:28 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 01:27 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 01:27 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 01:27 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 15:08 - 2012-06-12 00:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 15:07 - 2009-07-13 23:13 - 00816182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 15:07 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 15:07 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 15:04 - 2012-06-12 02:29 - 02008231 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 15:01 - 2014-03-18 15:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 15:00 - 2012-07-10 10:15 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-12 15:00 - 2012-06-12 01:34 - 00000031 _____ () C:\tmuninst.ini
2014-11-12 15:00 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 15:00 - 2009-07-13 22:51 - 00074860 _____ () C:\Windows\setupact.log
2014-11-12 14:59 - 2010-11-20 21:47 - 00655370 _____ () C:\Windows\PFRO.log
2014-11-12 14:48 - 2013-06-28 15:24 - 00000864 _____ () C:\Windows\TMFilter.log
2014-11-12 14:33 - 2014-03-18 15:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 10:45 - 2012-10-24 08:15 - 00000109 _____ () C:\Windows\cdlli40.INI
2014-11-12 09:11 - 2012-06-12 00:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 09:11 - 2012-06-12 00:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 09:11 - 2012-06-12 00:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 09:10 - 2014-07-15 13:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 11:12 - 2014-07-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 10:28 - 2014-07-15 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-10 10:28 - 2012-09-04 08:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 16:11 - 2014-08-26 13:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-06 15:36 - 2012-07-10 14:03 - 00002294 ____H () C:\Users\maureen.RSC\Documents\Default.rdp
2014-11-05 12:08 - 2012-11-08 14:28 - 00000000 _____ () C:\comp_cat.txt
2014-10-30 12:54 - 2012-11-08 14:28 - 00002842 _____ () C:\Windows\SysWOW64\DrDwg.prf
2014-10-30 12:54 - 2012-11-08 14:28 - 00001117 _____ () C:\Users\Public\Desktop\Advanced Spring Design 7.lnk
2014-10-30 12:54 - 2012-11-08 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UTS
2014-10-27 12:42 - 2012-09-18 12:13 - 00000000 ____D () C:\ProgramData\pdf995
2014-10-21 07:45 - 2012-06-12 01:28 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-20 08:10 - 2014-08-27 13:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 04:28 - 2014-03-18 15:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 04:28 - 2014-03-18 15:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 14:12 - 2013-01-28 13:48 - 00000163 _____ () C:\Windows\Ppviewer.INI
2014-10-16 03:30 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:36 - 2009-07-13 22:45 - 00495224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:33 - 2014-05-06 15:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:15 - 2012-07-10 13:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:07 - 2013-08-27 01:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2012-07-10 09:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\maureen.RSC\AppData\Local\Temp\H2Reg.exe
C:\Users\maureen.RSC\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\maureen.RSC\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 00:51

==================== End Of Log ============================

ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by maureen at 2014-11-12 15:14:03
Running from C:\Users\maureen.RSC\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Trend Micro Client/Server Security Agent Antivirus (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Acrobat 8.1.0 Standard (HKLM-x32\...\Adobe Acrobat 8 Standard) (Version: 8.1.0 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Advanced Spring Design 7 (HKLM-x32\...\{F162D60A-6741-4CFE-98A9-07E3B9D3A067}) (Version: 7.13 - UTS/SMI)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Crystal Reports 2008 (HKLM-x32\...\{068857D8-FDD1-4F29-8F74-E9DE91E8A587}) (Version: 12.0.0.683 - Business Objects)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4822 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.2.1 - Dell Inc.)
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.1.000 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.125 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version: - SEIKO EPSON Corporation)
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Gupta Runtime 4.0 (HKLM-x32\...\{A22AD9CB-45C1-4EF1-A6A1-615CF87A0B9C}) (Version: 4.00 - Gupta Corp)
HP LaserJet 400 MFP M425 (HKLM-x32\...\{568705AA-DD8A-4134-B8B9-9609721FBBCE}) (Version: 5.0.12200.1138 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{3082CB96-66E8-456D-8326-118A4F5DC0C6}) (Version: 32.0.90.45518 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM425DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
Intel® Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.40.1161 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}) (Version: 2.1.4.210GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.210GS - O2Micro) Hidden
Passware Kit Basic Demo 11.7 (HKLM-x32\...\{FCB8B83D-A1A4-403B-B297-20EBA171DACC}) (Version: 11.7.5498 - Passware)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Pdf995 (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version: - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Pick Ticket (HKLM-x32\...\ST6UNST #1) (Version: - )
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmartFTP Client (HKLM\...\{EF1608D5-83AC-4444-8D48-85BD9A185360}) (Version: 4.1.1336.0 - SmartSoft Ltd.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
Trend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.5.1163 - Trend Micro)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VISUAL Enterprise 6.5.4 SP3 (HKLM-x32\...\{3F654DC2-E9E9-4D23-824A-622BF224E807}) (Version: 1.02.0000 - Infor Global Solutions)
VISUAL Enterprise for .NET Common Files - 1.1.0 (18.8.508.688) (HKLM-x32\...\{AE34501E-1303-461a-8025-98E5989BA4AE}) (Version: 1.1.0 - Infor Global Solutions)
VISUAL Exchange - 1.2.101 (18.8.508.688) (HKLM-x32\...\{F5AA90ED-B3A3-4bce-8704-9B399245A599}) (Version: 1.2.101 - Infor Global Solutions)
VISUAL Manufacturing .NET Interface - 6.3.102 (18.8.508.688) (HKLM-x32\...\{46904F81-8F3E-4f2f-9592-EA1A0FA9AE09}) (Version: 6.3.102 - Infor Global Solutions)
VISUAL Payroll 6.5.2 SP2 (HKLM-x32\...\{083DC2A7-FEC9-4DE1-9E79-CDD39EAD566D}) (Version: 1.00.0000 - Infor Global Solutions)
VISUAL Time and Attendance - 1.0.102 (18.8.508.688) (HKLM-x32\...\{2D3DA510-F922-4f82-87BD-F91D489BB11F}) (Version: 1.0.102 - Infor Global Solutions)
VizManager 2.4.8 (HKLM-x32\...\{9ADE98AA-355A-4E55-98E1-FBD2F925B7C7}) (Version: 2.4.8 - Business Technical Consulting)
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
ZebraNet Utilities (HKLM-x32\...\{3D3C6E58-7BAA-11D5-8F8F-0010A4EC0ADE}) (Version: - Zebra Technologies Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points =========================

08-10-2014 15:20:33 Scheduled Checkpoint
13-10-2014 21:30:18 Windows Update
16-10-2014 08:00:39 Windows Update
20-10-2014 14:05:42 Installed Java 7 Update 71
27-10-2014 17:10:48 Scheduled Checkpoint
03-11-2014 19:13:57 Scheduled Checkpoint
12-11-2014 18:18:59 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3493D7F8-DF56-4892-AEBE-956A5680166E} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2011-03-17] (Dell Inc.)
Task: {7056941D-EC19-417F-AB9E-636CB174F196} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {8EDBD0DF-2E5B-4727-971F-5BFE03C0C488} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {97F13AC1-74B2-4A12-8830-60A16B864056} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {9BDD2D61-CC8C-4387-95EF-1E19B6BF3767} - System32\Tasks\ScanToPCActivationApp.exe_{8C7394B4-021A-4FC7-A206-1FAFBD831434} => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [2013-09-11] (Hewlett-Packard Co.)
Task: {B08DEB62-64E8-4982-801F-DFFD5DADBDAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-18 12:13 - 2006-10-19 20:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2009-03-26 21:36 - 2009-03-26 21:36 - 01489408 _____ () c:\Program Files (x86)\Trend Micro\Client Server Security Agent\LIBEAY32.dll
2009-03-26 21:37 - 2009-03-26 21:37 - 00318464 _____ () c:\Program Files (x86)\Trend Micro\Client Server Security Agent\SSLEAY32.dll
2012-06-12 01:01 - 2003-04-18 20:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe
2011-02-26 23:58 - 2011-02-26 23:58 - 00094736 _____ () c:\Program Files (x86)\Trend Micro\Client Server Security Agent\zlibwapi.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-17 09:35 - 2010-11-17 09:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-08-14 19:08 - 2012-08-14 19:08 - 00150328 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2010-11-24 21:44 - 2010-11-24 21:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3229250485-3891980472-3512595277-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3229250485-3891980472-3512595277-1002 - Limited - Enabled)
Guest (S-1-5-21-3229250485-3891980472-3512595277-501 - Limited - Disabled)
maureen (S-1-5-21-3229250485-3891980472-3512595277-1000 - Administrator - Enabled) => C:\Users\maureen

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 375 Bluetooth Module
Description: Dell Wireless 375 Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 03:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: AcroPDF.dll, version: 8.1.0.0, time stamp: 0x46440c98
Exception code: 0xc0000005
Fault offset: 0x000140d6
Faulting process id: 0x25dc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/12/2014 03:00:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 02:47:32 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3664) WebCacheLocal: An attempt to open the file "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/12/2014 02:47:22 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3664) WebCacheLocal: An attempt to open the file "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (3664) WebCacheLocal: Database recovery/restore failed with unexpected error -1022.

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 413) (User: )
Description: taskhost (3664) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1022.

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 486) (User: )
Description: taskhost (3664) WebCacheLocal: An attempt to move the file "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\V0109D02.log" to "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ". The move file operation will fail with error -1022 (0xfffffc02).

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3664) WebCacheLocal: An attempt to open the file "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/12/2014 02:47:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 10.11.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1760

Start Time: 01cffeb901c8c831

Termination Time: 0

Application Path: C:\Users\maureen.RSC\Desktop\FRST64.exe

Report Id: 087c3cfb-6aad-11e4-ad8f-d067e54fca53

Error: (11/12/2014 02:47:02 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3664) WebCacheLocal: An attempt to open the file "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (11/12/2014 03:01:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/12/2014 03:00:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (11/12/2014 02:47:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:46:42 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:46:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:45:42 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:45:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:44:42 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:44:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (11/12/2014 02:43:41 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Microsoft Office Sessions:
=========================
Error: (11/12/2014 03:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7AcroPDF.dll8.1.0.046440c98c0000005000140d625dc01cffebc372033e9C:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dllcbb1b4af-6aaf-11e4-af79-d067e54fca53

Error: (11/12/2014 03:00:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 02:47:32 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3664WebCacheLocal: C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/12/2014 02:47:22 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3664WebCacheLocal: C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost3664WebCacheLocal: -1022

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 413) (User: )
Description: taskhost3664WebCacheLocal: -1022

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 486) (User: )
Description: taskhost3664WebCacheLocal: C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\V0109D02.logC:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3664WebCacheLocal: C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/12/2014 02:47:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe10.11.2014.0176001cffeb901c8c8310C:\Users\maureen.RSC\Desktop\FRST64.exe087c3cfb-6aad-11e4-ad8f-d067e54fca53

Error: (11/12/2014 02:47:02 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3664WebCacheLocal: C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

==================== Memory info ===========================

Processor: Intel® Core i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 3992.93 MB
Available physical RAM: 1313.39 MB
Total Pagefile: 7984.05 MB
Available Pagefile: 4314.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:216.69 GB) (Free:132.07 GB) NTFS
Drive j: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive l: (Backup) (Network) (Total:528.49 GB) (Free:303.14 GB) NTFS
Drive n: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive o: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive q: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive r: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive s: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive v: (Backup) (Network) (Total:528.49 GB) (Free:303.14 GB) NTFS
Drive x: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive y: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: E4C4B3EC)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=216.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Naathim · November 12, 2014

Hi,

bumping the topic is the un-smartest thing to do... We are volunteers and have our limitations.

Go ahead and post also the Addition.txt file.

mstroz14 · November 12, 2014

Thank you for the response Naathim...

I posted the Addition.txt file as well...thank you for your help

Naathim · November 12, 2014

Sorry, forgot to include it earlier.

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save the file to your desktop.

Note that the tool is still in its BETA stage, therefore not all functionalities may be added.

Right-click on icon and select Run as Administrator to start the tool.
It will ask you for an extraction place - make sure you will unpack it to your desktop.
After the extraction, the tool should start itself (no action required).
On the Introduction screen click Next.
On the Update screen click Update.
When prompted about the succesful update, click Next.
On the Scan System screen, make sure that all three options
- Drivers
- Sectors
- System
are checked for scanning and press Scan.

Wait patiently and don't do anything on your machine while MBAR goes through your system!

If no infection is found, just close the tool.
If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.

When finished (either with or without cleanup), please navigate to the MBAR directory.

Search there for these two files:

> mbar-log-date(time).txt

> system-log.txt

Please include the content of both files in your reply.

mstroz14 · November 14, 2014

Sorry, I was not available yesterday...family issues.

Ran the above, it found 3 items, I did the recommended reboot as well.

Here is mbar_log.txt

Malwarebytes Anti-Rootkit BETA 1.08.1.1001
www.malwarebytes.org

Database version: v2014.11.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
maureen :: LAT5520-9TS0CT1 [administrator]

11/14/2014 9:16:09 AM
mbar-log-2014-11-14 (09-16-09).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [2a83b883225ac0766e27cd3530d03dc3]
HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ (Trojan.Poweliks) -> Delete on reboot. [109d43f8f58715216533c9392ad68a76]

Registry Values Detected: 1
HKU\S-1-5-21-758252316-122362781-1648912389-1126\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleUpdate (Trojan.Agent.IGen) -> Data: C:\Users\maureen.RSC\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe -> Delete on reboot. [fab3c576aececb6ba7611cfd2fd548b8]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4186894336, free: 1946886144

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4186894336, free: 1937653760

Downloaded database version: v2014.11.14.05
Downloaded database version: v2014.11.12.01
=======================================
Initializing...
------------ Kernel report ------------
11/14/2014 09:15:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\PBADRV.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\tmlwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\DRIVERS\tmtdi.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\o2sdjw7x64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\O2MDRw7x64.sys
\SystemRoot\system32\DRIVERS\b57nd60a.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\accelern.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
\??\c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
\??\c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tmwfp.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\BCM42RLY.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\ole32.dll
\Windows\System32\nsi.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006367060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80050c7050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006367060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006367b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006367060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80061f0cb0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa80050c3550, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80050c7050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E4C4B3EC

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920 Numsec = 33873920
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 33955840 Numsec = 454434816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Infected: HKU\S-1-5-21-758252316-122362781-1648912389-1126\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleUpdate --> [Trojan.Agent.IGen]
Infected: HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Infected: HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ --> [Trojan.Poweliks]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Naathim · November 14, 2014

Hi

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on the icon and select Run as Administrator to start the tool.
Allow virtualisation if offered.
If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
Click the AV Scan: drop down box and select C:\.
Select scan.
Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!

A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.

Do not forget to re-enable your previously switched-off protection software!

mstroz14 · November 14, 2014

SECOND Farbar Recovery Logs:

Was I supposed to get a new Addition.txt? Couldn't find one dated 11/14???

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
Ran by maureen (administrator) on LAT5520-9TS0CT1 on 14-11-2014 13:49:18
Running from C:\Users\maureen.RSC\Desktop
Loaded Profile: maureen (Available profiles: maureen & maureen & insp1 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Business Technical Consulting) C:\Program Files (x86)\VizManager\VizManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [DFEPApplication] => c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [1708048 2011-02-27] (Trend Micro Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [VizManager] => C:\Program Files (x86)\VizManager\VizManager.exe [233472 2014-01-20] (Business Technical Consulting)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [VizManager] => [X]
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-09] (SUPERAntiSpyware)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [ucilluo] => rundll32 "C:\Users\maureen.RSC\AppData\Local\ucilluo.dll",ucilluo <===== ATTENTION
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\MountPoints2: {e4b59800-5268-11e4-90f9-d067e54fca53} - E:\VZW_Software_upgrade_assistant.exe
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\insp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [smartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)