Jump to content

Assistance need...anyone? IE can't open, VirusScan won't run.


mstroz14
 Share

Recommended Posts

Internet Explorer was not working this morning.  It would open, but just a blank screen and could not connect to Internet.  Tried to run the McAfee Virus Scan product.  I noticed that it was no longer in the systray or running in the backgound.  When I went to start it up, I received the message "This program is blocked by group Policy"  though there is no Group Policy in force.

I was able to install Firefox and then able to update the Malwarebytes files and ran a scan using Malwarebytes.  It found approx 26 items, to which I quarantined and then deleted.

Still no improvement on Internet Explorer or McAfee product.

 

Thanks,

 

mstroz14

Link to post
Share on other sites

Upon reboot of the pc, chkdsk insisted on running. 

It ran and fixed some errors.

I then tried the Farbar Recovery tool again.  This time it ran ok....See logs below.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by maureen (administrator) on LAT5520-9TS0CT1 on 12-11-2014 15:08:00
Running from C:\Users\maureen.RSC\Desktop
Loaded Profile: maureen (Available profiles: maureen & maureen & insp1 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Business Technical Consulting) C:\Program Files (x86)\VizManager\VizManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [DFEPApplication] => c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [1708048 2011-02-27] (Trend Micro Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [VizManager] => C:\Program Files (x86)\VizManager\VizManager.exe [233472 2014-01-20] (Business Technical Consulting)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [VizManager] => [X]
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-09] (SUPERAntiSpyware)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [GoogleUpdate] => C:\Users\maureen.RSC\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe                                                          
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [ucilluo] => rundll32 "C:\Users\maureen.RSC\AppData\Local\ucilluo.dll",ucilluo <===== ATTENTION
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\MountPoints2: {e4b59800-5268-11e4-90f9-d067e54fca53} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\insp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [smartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {90425496-0F29-4E1B-908D-C034F1AB632B} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140826160204.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140826160210.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} http://rsc5:8080/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://151.106.100.108/WebClient.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 151.106.100.47 151.106.100.45

FireFox:
========
FF ProfilePath: C:\Users\maureen.RSC\AppData\Roaming\Mozilla\Firefox\Profiles\d3t080qv.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012-06-12]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-07-10]

Chrome:
=======
CHR Profile: C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (YouTube) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (Google Search) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (Giant Savings) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj [2013-11-27]
CHR Extension: (Google Wallet) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-07-11] (Macrovision Europe Ltd.) [File not signed]
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2014-08-26] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2014-08-26] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1836616 2011-02-18] (Trend Micro Inc.)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2011-04-07] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060896 2011-02-18] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [596032 2010-07-21] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917840 2010-07-21] (Trend Micro Inc.)
S3 VISUAL Exchange Service 1.2.101.145; c:\infor\visual enterprise\visual .net\bin\vxcservice.exe [28672 2010-08-18] (Infor Global Solutions, Inc.) [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed]
S3 InforVisualDrillback; "C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe" -p 9090 -n InforVisualDrillback webserversrvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2014-08-26] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2014-08-26] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2014-08-26] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2014-08-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2014-08-26] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [310032 2011-03-24] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42768 2011-03-24] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [1988368 2011-03-24] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 15:08 - 2014-11-12 15:13 - 00026308 _____ () C:\Users\maureen.RSC\Desktop\FRST.txt
2014-11-12 15:07 - 2014-11-12 15:08 - 00000000 ____D () C:\FRST
2014-11-12 15:01 - 2014-11-12 15:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-11-12 14:59 - 2014-11-12 14:59 - 00003408 ____N () C:\bootsqm.dat
2014-11-12 14:56 - 2014-11-12 14:56 - 00000000 __SHD () C:\found.000
2014-11-12 14:24 - 2014-11-12 14:25 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\maureen.RSC\Desktop\tdsskiller.exe
2014-11-12 14:00 - 2014-11-12 14:01 - 02140160 _____ () C:\Users\maureen.RSC\Downloads\AdwCleaner.exe
2014-11-12 13:33 - 2014-11-12 13:34 - 02116096 _____ (Farbar) C:\Users\maureen.RSC\Desktop\FRST64.exe
2014-11-10 10:20 - 2014-11-12 08:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 10:20 - 2014-11-10 11:23 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-10 10:20 - 2014-11-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 10:20 - 2014-11-10 10:20 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Roaming\Mozilla
2014-11-10 10:20 - 2014-11-10 10:20 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Local\Mozilla
2014-11-10 10:20 - 2014-11-10 10:20 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-09 21:49 - 2014-11-09 21:49 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Local\Omqqics
2014-11-09 21:49 - 2014-11-09 21:49 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Local\ITVsoft
2014-11-09 21:48 - 2014-11-10 11:08 - 00000000 ____D () C:\ProgramData\ZekmIxub
2014-11-09 21:48 - 2014-11-10 11:08 - 00000000 ____D () C:\ProgramData\GusoyBowde
2014-11-09 15:54 - 2014-11-10 11:08 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Roaming\FrameworkUpdate7
2014-11-09 15:54 - 2014-11-09 15:54 - 00000448 ____H () C:\Users\maureen.RSC\AppData\Roaming\麽鎒駓覜
2014-11-04 14:47 - 2014-11-04 13:32 - 00050688 _____ () C:\Users\maureen.RSC\Desktop\UTS.ASD.PrePatchCleaner.exe
2014-11-04 09:58 - 2014-10-16 12:24 - 00000313 _____ () C:\Users\maureen.RSC\Desktop\license.dat
2014-10-27 10:25 - 2014-10-27 10:25 - 00012761 _____ () C:\UNPAID CHILD SUPPORT -2.xlsx
2014-10-27 09:50 - 2014-10-27 10:24 - 00012763 _____ () C:\UNPAID CHILD SUPPORT.xlsx
2014-10-20 08:07 - 2014-10-20 08:07 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-20 08:07 - 2014-10-20 08:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-20 08:07 - 2014-10-20 08:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-20 08:07 - 2014-10-20 08:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 08:07 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 08:07 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 01:31 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 01:31 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 01:30 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 01:30 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 01:30 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 01:30 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 01:30 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 01:30 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 01:30 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 01:30 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 01:30 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 01:30 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 01:30 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 01:30 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 01:30 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 01:30 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 01:30 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 01:30 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 01:30 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 01:30 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 01:30 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 01:30 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 01:30 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 01:30 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 01:30 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 01:30 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 01:30 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 01:30 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 01:30 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 01:30 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 01:30 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 01:30 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 01:30 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 01:30 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 01:30 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 01:30 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 01:30 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 01:30 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 01:30 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 01:30 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 01:30 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 01:30 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 01:30 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 01:30 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 01:30 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 01:30 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 01:30 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 01:30 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 01:30 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 01:30 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 01:30 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 01:30 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 01:30 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 01:30 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 01:30 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 01:30 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 01:30 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 01:30 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 01:30 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 01:30 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 01:30 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 01:29 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 01:29 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 01:28 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 01:28 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 01:28 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 01:28 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 01:28 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 01:28 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 01:28 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 01:28 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 01:28 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 01:28 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 01:27 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 01:27 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 01:27 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 15:08 - 2012-06-12 00:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 15:07 - 2009-07-13 23:13 - 00816182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 15:07 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 15:07 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 15:04 - 2012-06-12 02:29 - 02008231 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 15:01 - 2014-03-18 15:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 15:00 - 2012-07-10 10:15 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-12 15:00 - 2012-06-12 01:34 - 00000031 _____ () C:\tmuninst.ini
2014-11-12 15:00 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 15:00 - 2009-07-13 22:51 - 00074860 _____ () C:\Windows\setupact.log
2014-11-12 14:59 - 2010-11-20 21:47 - 00655370 _____ () C:\Windows\PFRO.log
2014-11-12 14:48 - 2013-06-28 15:24 - 00000864 _____ () C:\Windows\TMFilter.log
2014-11-12 14:33 - 2014-03-18 15:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 10:45 - 2012-10-24 08:15 - 00000109 _____ () C:\Windows\cdlli40.INI
2014-11-12 09:11 - 2012-06-12 00:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 09:11 - 2012-06-12 00:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 09:11 - 2012-06-12 00:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 09:10 - 2014-07-15 13:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 11:12 - 2014-07-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 10:28 - 2014-07-15 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-10 10:28 - 2012-09-04 08:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 16:11 - 2014-08-26 13:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-06 15:36 - 2012-07-10 14:03 - 00002294 ____H () C:\Users\maureen.RSC\Documents\Default.rdp
2014-11-05 12:08 - 2012-11-08 14:28 - 00000000 _____ () C:\comp_cat.txt
2014-10-30 12:54 - 2012-11-08 14:28 - 00002842 _____ () C:\Windows\SysWOW64\DrDwg.prf
2014-10-30 12:54 - 2012-11-08 14:28 - 00001117 _____ () C:\Users\Public\Desktop\Advanced Spring Design 7.lnk
2014-10-30 12:54 - 2012-11-08 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UTS
2014-10-27 12:42 - 2012-09-18 12:13 - 00000000 ____D () C:\ProgramData\pdf995
2014-10-21 07:45 - 2012-06-12 01:28 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-20 08:10 - 2014-08-27 13:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 04:28 - 2014-03-18 15:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 04:28 - 2014-03-18 15:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 14:12 - 2013-01-28 13:48 - 00000163 _____ () C:\Windows\Ppviewer.INI
2014-10-16 03:30 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:36 - 2009-07-13 22:45 - 00495224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:33 - 2014-05-06 15:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:15 - 2012-07-10 13:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:07 - 2013-08-27 01:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2012-07-10 09:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\maureen.RSC\AppData\Local\Temp\H2Reg.exe
C:\Users\maureen.RSC\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\maureen.RSC\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:51

==================== End Of Log ============================

 

ADDITION.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by maureen at 2014-11-12 15:14:03
Running from C:\Users\maureen.RSC\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Trend Micro Client/Server Security Agent Antivirus (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Acrobat 8.1.0 Standard (HKLM-x32\...\Adobe Acrobat  8 Standard) (Version: 8.1.0 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Advanced Spring Design 7 (HKLM-x32\...\{F162D60A-6741-4CFE-98A9-07E3B9D3A067}) (Version: 7.13 - UTS/SMI)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Crystal Reports 2008 (HKLM-x32\...\{068857D8-FDD1-4F29-8F74-E9DE91E8A587}) (Version: 12.0.0.683 - Business Objects)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4822 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.2.1 - Dell Inc.)
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.1.000 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.125 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Gupta Runtime 4.0 (HKLM-x32\...\{A22AD9CB-45C1-4EF1-A6A1-615CF87A0B9C}) (Version: 4.00 - Gupta Corp)
HP LaserJet 400 MFP M425 (HKLM-x32\...\{568705AA-DD8A-4134-B8B9-9609721FBBCE}) (Version: 5.0.12200.1138 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{3082CB96-66E8-456D-8326-118A4F5DC0C6}) (Version: 32.0.90.45518 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM425DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
Intel® Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.40.1161 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}) (Version: 2.1.4.210GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.210GS - O2Micro) Hidden
Passware Kit Basic Demo 11.7 (HKLM-x32\...\{FCB8B83D-A1A4-403B-B297-20EBA171DACC}) (Version: 11.7.5498 - Passware)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version:  - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Pick Ticket (HKLM-x32\...\ST6UNST #1) (Version:  - )
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SmartFTP Client (HKLM\...\{EF1608D5-83AC-4444-8D48-85BD9A185360}) (Version: 4.1.1336.0 - SmartSoft Ltd.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
Trend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.5.1163 - Trend Micro)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VISUAL Enterprise 6.5.4 SP3 (HKLM-x32\...\{3F654DC2-E9E9-4D23-824A-622BF224E807}) (Version: 1.02.0000 - Infor Global Solutions)
VISUAL Enterprise for .NET Common Files - 1.1.0 (18.8.508.688) (HKLM-x32\...\{AE34501E-1303-461a-8025-98E5989BA4AE}) (Version: 1.1.0 - Infor Global Solutions)
VISUAL Exchange - 1.2.101 (18.8.508.688) (HKLM-x32\...\{F5AA90ED-B3A3-4bce-8704-9B399245A599}) (Version: 1.2.101 - Infor Global Solutions)
VISUAL Manufacturing .NET Interface - 6.3.102 (18.8.508.688) (HKLM-x32\...\{46904F81-8F3E-4f2f-9592-EA1A0FA9AE09}) (Version: 6.3.102 - Infor Global Solutions)
VISUAL Payroll 6.5.2 SP2 (HKLM-x32\...\{083DC2A7-FEC9-4DE1-9E79-CDD39EAD566D}) (Version: 1.00.0000 - Infor Global Solutions)
VISUAL Time and Attendance - 1.0.102 (18.8.508.688) (HKLM-x32\...\{2D3DA510-F922-4f82-87BD-F91D489BB11F}) (Version: 1.0.102 - Infor Global Solutions)
VizManager 2.4.8 (HKLM-x32\...\{9ADE98AA-355A-4E55-98E1-FBD2F925B7C7}) (Version: 2.4.8 - Business Technical Consulting)
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
ZebraNet Utilities (HKLM-x32\...\{3D3C6E58-7BAA-11D5-8F8F-0010A4EC0ADE}) (Version:  - Zebra Technologies Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

08-10-2014 15:20:33 Scheduled Checkpoint
13-10-2014 21:30:18 Windows Update
16-10-2014 08:00:39 Windows Update
20-10-2014 14:05:42 Installed Java 7 Update 71
27-10-2014 17:10:48 Scheduled Checkpoint
03-11-2014 19:13:57 Scheduled Checkpoint
12-11-2014 18:18:59 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3493D7F8-DF56-4892-AEBE-956A5680166E} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2011-03-17] (Dell Inc.)
Task: {7056941D-EC19-417F-AB9E-636CB174F196} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {8EDBD0DF-2E5B-4727-971F-5BFE03C0C488} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {97F13AC1-74B2-4A12-8830-60A16B864056} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {9BDD2D61-CC8C-4387-95EF-1E19B6BF3767} - System32\Tasks\ScanToPCActivationApp.exe_{8C7394B4-021A-4FC7-A206-1FAFBD831434} => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [2013-09-11] (Hewlett-Packard Co.)
Task: {B08DEB62-64E8-4982-801F-DFFD5DADBDAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-18 12:13 - 2006-10-19 20:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2009-03-26 21:36 - 2009-03-26 21:36 - 01489408 _____ () c:\Program Files (x86)\Trend Micro\Client Server Security Agent\LIBEAY32.dll
2009-03-26 21:37 - 2009-03-26 21:37 - 00318464 _____ () c:\Program Files (x86)\Trend Micro\Client Server Security Agent\SSLEAY32.dll
2012-06-12 01:01 - 2003-04-18 20:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe
2011-02-26 23:58 - 2011-02-26 23:58 - 00094736 _____ () c:\Program Files (x86)\Trend Micro\Client Server Security Agent\zlibwapi.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-17 09:35 - 2010-11-17 09:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-08-14 19:08 - 2012-08-14 19:08 - 00150328 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2010-11-24 21:44 - 2010-11-24 21:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3229250485-3891980472-3512595277-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3229250485-3891980472-3512595277-1002 - Limited - Enabled)
Guest (S-1-5-21-3229250485-3891980472-3512595277-501 - Limited - Disabled)
maureen (S-1-5-21-3229250485-3891980472-3512595277-1000 - Administrator - Enabled) => C:\Users\maureen

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 375 Bluetooth Module
Description: Dell Wireless 375 Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 03:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: AcroPDF.dll, version: 8.1.0.0, time stamp: 0x46440c98
Exception code: 0xc0000005
Fault offset: 0x000140d6
Faulting process id: 0x25dc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/12/2014 03:00:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 02:47:32 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3664) WebCacheLocal: An attempt to open the file "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/12/2014 02:47:22 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3664) WebCacheLocal: An attempt to open the file "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (3664) WebCacheLocal: Database recovery/restore failed with unexpected error -1022.

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 413) (User: )
Description: taskhost (3664) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1022.

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 486) (User: )
Description: taskhost (3664) WebCacheLocal: An attempt to move the file "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\V0109D02.log" to "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The move file operation will fail with error -1022 (0xfffffc02).

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3664) WebCacheLocal: An attempt to open the file "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/12/2014 02:47:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 10.11.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1760

Start Time: 01cffeb901c8c831

Termination Time: 0

Application Path: C:\Users\maureen.RSC\Desktop\FRST64.exe

Report Id: 087c3cfb-6aad-11e4-ad8f-d067e54fca53

Error: (11/12/2014 02:47:02 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3664) WebCacheLocal: An attempt to open the file "C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (11/12/2014 03:01:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/12/2014 03:00:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (11/12/2014 02:47:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:46:42 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:46:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:45:42 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:45:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:44:42 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (11/12/2014 02:44:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (11/12/2014 02:43:41 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.


Microsoft Office Sessions:
=========================
Error: (11/12/2014 03:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7AcroPDF.dll8.1.0.046440c98c0000005000140d625dc01cffebc372033e9C:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dllcbb1b4af-6aaf-11e4-af79-d067e54fca53

Error: (11/12/2014 03:00:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 02:47:32 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3664WebCacheLocal: C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/12/2014 02:47:22 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3664WebCacheLocal: C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost3664WebCacheLocal: -1022

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 413) (User: )
Description: taskhost3664WebCacheLocal: -1022

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 486) (User: )
Description: taskhost3664WebCacheLocal: C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\V0109D02.logC:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.

Error: (11/12/2014 02:47:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3664WebCacheLocal: C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/12/2014 02:47:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe10.11.2014.0176001cffeb901c8c8310C:\Users\maureen.RSC\Desktop\FRST64.exe087c3cfb-6aad-11e4-ad8f-d067e54fca53

Error: (11/12/2014 02:47:02 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3664WebCacheLocal: C:\Users\maureen.RSC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.


==================== Memory info ===========================

Processor: Intel® Core i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 3992.93 MB
Available physical RAM: 1313.39 MB
Total Pagefile: 7984.05 MB
Available Pagefile: 4314.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:216.69 GB) (Free:132.07 GB) NTFS
Drive j: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive l: (Backup) (Network) (Total:528.49 GB) (Free:303.14 GB) NTFS
Drive n: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive o: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive q: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive r: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive s: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive v: (Backup) (Network) (Total:528.49 GB) (Free:303.14 GB) NTFS
Drive x: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS
Drive y: (Data) (Network) (Total:1114.71 GB) (Free:816.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: E4C4B3EC)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=216.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Sorry, forgot to include it earlier.

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


MalwarebytesAntiRootkit.png Scan with Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save the file to your desktop.

Note that the tool is still in its BETA stage, therefore not all functionalities may be added.

  • Right-click on MalwarebytesAntiRootkit.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you for an extraction place - make sure you will unpack it to your desktop.
  • After the extraction, the tool should start itself (no action required).
  • On the Introduction screen click Next.
  • On the Update screen click Update.
  • When prompted about the succesful update, click Next.
  • On the Scan System screen, make sure that all three options
    • Drivers
    • Sectors
    • System
    are checked for scanning and press Scan.
Wait patiently and don't do anything on your machine while MBAR goes through your system!
  • If no infection is found, just close the tool.
  • If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.
When finished (either with or without cleanup), please navigate to the MBAR directory.

Search there for these two files:

> mbar-log-date(time).txt

> system-log.txt

Please include the content of both files in your reply.

Link to post
Share on other sites

Sorry, I was not available yesterday...family issues.

 

Ran the above, it found 3 items, I did the recommended reboot as well.

Here is mbar_log.txt

 

Malwarebytes Anti-Rootkit BETA 1.08.1.1001
www.malwarebytes.org

Database version: v2014.11.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
maureen :: LAT5520-9TS0CT1 [administrator]

11/14/2014 9:16:09 AM
mbar-log-2014-11-14 (09-16-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 481685
Time elapsed: 37 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [2a83b883225ac0766e27cd3530d03dc3]
HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ (Trojan.Poweliks) -> Delete on reboot. [109d43f8f58715216533c9392ad68a76]

Registry Values Detected: 1
HKU\S-1-5-21-758252316-122362781-1648912389-1126\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleUpdate (Trojan.Agent.IGen) -> Data: C:\Users\maureen.RSC\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe -> Delete on reboot. [fab3c576aececb6ba7611cfd2fd548b8]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4186894336, free: 1946886144

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4186894336, free: 1937653760

Downloaded database version: v2014.11.14.05
Downloaded database version: v2014.11.12.01
=======================================
Initializing...
------------ Kernel report ------------
     11/14/2014 09:15:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\PBADRV.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\tmlwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\DRIVERS\tmtdi.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\o2sdjw7x64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\O2MDRw7x64.sys
\SystemRoot\system32\DRIVERS\b57nd60a.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\accelern.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
\??\c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
\??\c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tmwfp.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\BCM42RLY.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\ole32.dll
\Windows\System32\nsi.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006367060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80050c7050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006367060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006367b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006367060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80061f0cb0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa80050c3550, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80050c7050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E4C4B3EC

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 33873920
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 33955840  Numsec = 454434816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Infected: HKU\S-1-5-21-758252316-122362781-1648912389-1126\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleUpdate --> [Trojan.Agent.IGen]
Infected: HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Infected: HKU\S-1-5-21-758252316-122362781-1648912389-1126_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ --> [Trojan.Poweliks]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Link to post
Share on other sites

Hi :)

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.

aswMBR.png Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • Click the AV Scan: drop down box and select C:\.
  • Select scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.
Do NOT click Fix or FixMBR!

A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.

Do not forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites

SECOND Farbar Recovery Logs:

 

Was I supposed to get a new Addition.txt?  Couldn't find one dated 11/14???

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
Ran by maureen (administrator) on LAT5520-9TS0CT1 on 14-11-2014 13:49:18
Running from C:\Users\maureen.RSC\Desktop
Loaded Profile: maureen (Available profiles: maureen & maureen & insp1 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Business Technical Consulting) C:\Program Files (x86)\VizManager\VizManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [DFEPApplication] => c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [1708048 2011-02-27] (Trend Micro Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [VizManager] => C:\Program Files (x86)\VizManager\VizManager.exe [233472 2014-01-20] (Business Technical Consulting)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [VizManager] => [X]
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-09] (SUPERAntiSpyware)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Run: [ucilluo] => rundll32 "C:\Users\maureen.RSC\AppData\Local\ucilluo.dll",ucilluo <===== ATTENTION
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-758252316-122362781-1648912389-1126\...\MountPoints2: {e4b59800-5268-11e4-90f9-d067e54fca53} - E:\VZW_Software_upgrade_assistant.exe
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\insp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [smartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {90425496-0F29-4E1B-908D-C034F1AB632B} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140826160204.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140826160210.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} http://rsc5:8080/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://151.106.100.108/WebClient.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 151.106.100.47 151.106.100.45

FireFox:
========
FF ProfilePath: C:\Users\maureen.RSC\AppData\Roaming\Mozilla\Firefox\Profiles\d3t080qv.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012-06-12]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-07-10]

Chrome:
=======
CHR Profile: C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (YouTube) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (Google Search) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (Giant Savings) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj [2013-11-27]
CHR Extension: (Google Wallet) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-07-11] (Macrovision Europe Ltd.) [File not signed]
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2014-08-26] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2014-08-26] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1836616 2011-02-18] (Trend Micro Inc.)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2011-04-07] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060896 2011-02-18] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [596032 2010-07-21] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917840 2010-07-21] (Trend Micro Inc.)
S3 VISUAL Exchange Service 1.2.101.145; c:\infor\visual enterprise\visual .net\bin\vxcservice.exe [28672 2010-08-18] (Infor Global Solutions, Inc.) [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed]
S3 InforVisualDrillback; "C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe" -p 9090 -n InforVisualDrillback webserversrvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2014-08-26] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2014-08-26] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2014-08-26] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2014-08-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2014-08-26] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [310032 2011-03-24] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42768 2011-03-24] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [1988368 2011-03-24] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 13:49 - 2014-11-14 13:49 - 00000000 ____D () C:\Users\maureen.RSC\Desktop\FRST-OlderVersion
2014-11-14 10:32 - 2014-11-14 10:32 - 00000000 __SHD () C:\Users\maureen.RSC\AppData\Local\EmieBrowserModeList
2014-11-14 10:02 - 2014-11-14 10:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-11-14 09:15 - 2014-11-14 10:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-14 09:12 - 2014-11-14 09:57 - 00000000 ____D () C:\Users\maureen.RSC\Desktop\mbar
2014-11-14 09:07 - 2014-11-14 09:10 - 14439696 _____ (Malwarebytes Corp.) C:\Users\maureen.RSC\Desktop\mbar-1.08.1.1001(1).exe
2014-11-12 15:46 - 2014-11-14 09:08 - 14439696 _____ (Malwarebytes Corp.) C:\Users\maureen.RSC\Downloads\mbar-1.08.1.1001.exe
2014-11-12 15:14 - 2014-11-12 15:15 - 00031543 _____ () C:\Users\maureen.RSC\Desktop\Addition.txt
2014-11-12 15:08 - 2014-11-14 13:49 - 00025961 _____ () C:\Users\maureen.RSC\Desktop\FRST.txt
2014-11-12 15:07 - 2014-11-14 13:49 - 00000000 ____D () C:\FRST
2014-11-12 14:56 - 2014-11-12 14:56 - 00000000 __SHD () C:\found.000
2014-11-12 14:24 - 2014-11-12 14:25 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\maureen.RSC\Desktop\tdsskiller.exe
2014-11-12 14:16 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 14:16 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 14:16 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 14:16 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 14:16 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 14:16 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 14:16 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 14:16 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 14:16 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 14:16 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 14:16 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 14:16 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 14:16 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 14:16 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 14:16 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 14:16 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 14:16 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 14:16 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 14:16 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 14:16 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 14:16 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 14:16 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 14:16 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 14:16 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 14:16 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 14:16 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 14:16 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 14:16 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 14:16 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 14:16 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 14:16 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 14:16 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 14:16 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 14:16 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 14:16 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 14:16 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 14:16 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 14:16 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 14:16 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 14:16 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 14:16 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 14:16 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 14:16 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 14:16 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 14:16 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 14:16 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 14:16 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 14:16 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 14:16 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 14:16 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 14:16 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 14:16 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 14:16 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 14:16 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 14:16 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 14:16 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 14:11 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 14:11 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 14:11 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 14:11 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 14:11 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 14:10 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 14:10 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 14:10 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 14:10 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 14:10 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 14:10 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 14:10 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 14:06 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 14:06 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 14:06 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 14:06 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 14:06 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 14:06 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 14:06 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 14:06 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 14:06 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 14:06 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 14:06 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 14:06 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 14:06 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 14:06 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 14:06 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 14:06 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 14:06 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 14:06 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 14:06 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 14:06 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 14:06 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 14:06 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 14:06 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 14:05 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 14:05 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 14:05 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 14:05 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 14:05 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 14:05 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 14:05 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 14:05 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 14:05 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 14:05 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 14:05 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 14:05 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 14:00 - 2014-11-12 14:01 - 02140160 _____ () C:\Users\maureen.RSC\Downloads\AdwCleaner.exe
2014-11-12 13:33 - 2014-11-14 13:49 - 02116608 _____ (Farbar) C:\Users\maureen.RSC\Desktop\FRST64.exe
2014-11-10 10:20 - 2014-11-12 08:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 10:20 - 2014-11-10 11:23 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-10 10:20 - 2014-11-10 11:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 10:20 - 2014-11-10 10:20 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Roaming\Mozilla
2014-11-10 10:20 - 2014-11-10 10:20 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Local\Mozilla
2014-11-10 10:20 - 2014-11-10 10:20 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-09 21:49 - 2014-11-09 21:49 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Local\Omqqics
2014-11-09 21:49 - 2014-11-09 21:49 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Local\ITVsoft
2014-11-09 21:48 - 2014-11-10 11:08 - 00000000 ____D () C:\ProgramData\ZekmIxub
2014-11-09 21:48 - 2014-11-10 11:08 - 00000000 ____D () C:\ProgramData\GusoyBowde
2014-11-09 15:54 - 2014-11-10 11:08 - 00000000 ____D () C:\Users\maureen.RSC\AppData\Roaming\FrameworkUpdate7
2014-11-09 15:54 - 2014-11-09 15:54 - 00000448 ____H () C:\Users\maureen.RSC\AppData\Roaming\麽鎒駓覜
2014-11-04 14:47 - 2014-11-04 13:32 - 00050688 _____ () C:\Users\maureen.RSC\Desktop\UTS.ASD.PrePatchCleaner.exe
2014-11-04 09:58 - 2014-10-16 12:24 - 00000313 _____ () C:\Users\maureen.RSC\Desktop\license.dat
2014-10-27 10:25 - 2014-10-27 10:25 - 00012761 _____ () C:\UNPAID CHILD SUPPORT -2.xlsx
2014-10-27 09:50 - 2014-10-27 10:24 - 00012763 _____ () C:\UNPAID CHILD SUPPORT.xlsx
2014-10-20 08:07 - 2014-10-20 08:07 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-20 08:07 - 2014-10-20 08:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-20 08:07 - 2014-10-20 08:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-20 08:07 - 2014-10-20 08:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 08:07 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 08:07 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 01:31 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 01:31 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 01:28 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 01:28 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 01:28 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 01:28 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 01:28 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 01:28 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 01:28 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 01:28 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 01:28 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 01:27 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 13:37 - 2012-07-10 10:15 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-14 13:33 - 2014-03-18 15:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 13:08 - 2012-06-12 00:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 12:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 11:58 - 2012-10-24 08:15 - 00000109 _____ () C:\Windows\cdlli40.INI
2014-11-14 10:10 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 10:10 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 10:09 - 2009-07-13 23:13 - 00816182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 10:04 - 2012-06-12 01:34 - 00000031 _____ () C:\tmuninst.ini
2014-11-14 10:03 - 2014-08-26 13:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-14 10:02 - 2014-03-18 15:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 10:01 - 2010-11-20 21:47 - 00655870 _____ () C:\Windows\PFRO.log
2014-11-14 10:01 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 10:01 - 2009-07-13 22:51 - 00074972 _____ () C:\Windows\setupact.log
2014-11-14 10:00 - 2013-06-28 15:24 - 00000931 _____ () C:\Windows\TMFilter.log
2014-11-14 09:59 - 2012-06-12 02:29 - 01805060 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 09:15 - 2014-07-15 13:55 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 09:13 - 2014-07-15 13:55 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-14 08:41 - 2012-07-10 10:21 - 00142736 _____ () C:\Users\maureen.RSC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 08:38 - 2009-07-13 22:45 - 00495224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 08:35 - 2014-05-06 15:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 16:25 - 2012-07-10 13:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 16:19 - 2013-08-27 01:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 16:16 - 2012-07-10 09:52 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 09:11 - 2012-06-12 00:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 09:11 - 2012-06-12 00:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 09:11 - 2012-06-12 00:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-10 11:12 - 2014-07-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 10:28 - 2014-07-15 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-10 10:28 - 2012-09-04 08:25 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-06 15:36 - 2012-07-10 14:03 - 00002294 ____H () C:\Users\maureen.RSC\Documents\Default.rdp
2014-11-05 12:08 - 2012-11-08 14:28 - 00000000 _____ () C:\comp_cat.txt
2014-10-30 12:54 - 2012-11-08 14:28 - 00002842 _____ () C:\Windows\SysWOW64\DrDwg.prf
2014-10-30 12:54 - 2012-11-08 14:28 - 00001117 _____ () C:\Users\Public\Desktop\Advanced Spring Design 7.lnk
2014-10-30 12:54 - 2012-11-08 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UTS
2014-10-27 12:42 - 2012-09-18 12:13 - 00000000 ____D () C:\ProgramData\pdf995
2014-10-21 07:45 - 2012-06-12 01:28 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-20 08:10 - 2014-08-27 13:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 04:28 - 2014-03-18 15:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 04:28 - 2014-03-18 15:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 14:12 - 2013-01-28 13:48 - 00000163 _____ () C:\Windows\Ppviewer.INI

Some content of TEMP:
====================
C:\Users\maureen.RSC\AppData\Local\Temp\H2Reg.exe
C:\Users\maureen.RSC\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\maureen.RSC\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:51

==================== End Of Log ============================

Link to post
Share on other sites

I couldn't tell if this program was done scanning...here is the log file.

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-14 13:58:42
-----------------------------
13:58:42.897    OS Version: Windows x64 6.1.7601 Service Pack 1
13:58:42.897    Number of processors: 4 586 0x2A07
13:58:42.897    ComputerName: LAT5520-9TS0CT1  UserName: maureen
13:58:45.299    Initialize success
13:58:45.471    VM: initialized successfully
13:58:45.471    VM: Intel CPU supported
13:58:52.389    VM: supported disk I/O iaStor.sys
14:17:05.711    AVAST engine defs: 14111400
14:21:36.401    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:21:36.407    Disk 0 Vendor: ST250LT0 0003 Size: 238475MB BusType: 3
14:21:36.575    VM: Disk 0 MBR read successfully
14:21:36.582    Disk 0 MBR scan
14:21:36.604    Disk 0 Windows VISTA default MBR code
14:21:36.613    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
14:21:36.646    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        16540 MB offset 81920
14:21:36.668    Disk 0 default boot code
14:21:36.713    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       221892 MB offset 33955840
14:21:36.793    Disk 0 scanning C:\Windows\system32\drivers
14:22:07.595    Service scanning
14:22:53.787    Modules scanning
14:22:53.787    Disk 0 trace - called modules:
14:22:53.818    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
14:22:53.834    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800636c060]
14:22:53.834    3 CLASSPNP.SYS[fffff88000f3543f] -> nt!IofCallDriver -> [0xfffffa80061f9cb0]
14:22:53.834    5 stdcfltn.sys[fffff880019f2d12] -> nt!IofCallDriver -> [0xfffffa80050c5550]
14:22:53.834    7 ACPI.sys[fffff880011297a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80050ca050]
14:22:54.942    AVAST engine scan C:\
15:16:05.991    Disk 0 MBR has been saved successfully to "C:\Users\maureen.RSC\Desktop\MBR.dat"
15:16:06.007    The log file has been saved successfully to "C:\Users\maureen.RSC\Desktop\aswMBR.txt"

Link to post
Share on other sites

Hm, looks like the bad one called for some colleagues. That made me mad - I'm pulling out the sledgehammer.

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.

Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Link to post
Share on other sites

Hi there!

Ok, I finally ran the ComboFix as advised.  The ComboFix did identify that McAfee was running, but I had no way of closing it because I cannot see it in the systray, nor were the McAfee processes listed in Task Manager.  ComboFix ran regardless.  Below is the log results.  Also, after it completed, I am still receiving the message for McAfee that the program is blocked by group policy when I try to run the McAfee product.  I don't have a group policy set up?!?

Do you think we need a bigger sledgehammer????

 

Thanks for your help!!!

 

ComboFix 14-11-18.01 - maureen 11/20/2014  13:48:55.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3993.2092 [GMT -6:00]
Running from: c:\users\maureen.RSC\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0\3
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\background.html
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\background.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\crossriderManifest.json
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\extension.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\icons\actions\icon1.png
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\icons\icon128.png
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\icons\icon16.png
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\icons\icon48.png
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\icons\notifications\icon1.png
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\icons\notifications\icon48.png
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\api\chrome.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\api\cookie.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\api\message.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\api\push.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\background.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\lib\app_api.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\lib\async_api.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\lib\bg_app_api.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\lib\cookie_store.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\lib\data_store.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\lib\faye-browser-min.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\js\lib\util.js
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\manifest.json
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\popup.html
c:\users\maureen.RSC\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\maureen.RSC\AppData\Roaming\FrameworkUpdate7
c:\users\maureen.RSC\g2mdlhlpx.exe
c:\windows\SysWow64\9450.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-20 to 2014-11-20  )))))))))))))))))))))))))))))))
.
.
2014-11-20 20:21 . 2014-11-20 20:21 -------- d-----w- c:\users\maureen~RSC\AppData\Local\temp
2014-11-20 20:21 . 2014-11-20 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-20 20:21 . 2014-11-20 20:21 -------- d-----w- c:\users\maureen\AppData\Local\temp
2014-11-20 20:21 . 2014-11-20 20:21 -------- d-----w- c:\users\insp1\AppData\Local\temp
2014-11-20 20:21 . 2014-11-20 20:21 -------- d-----w- c:\users\administrator\AppData\Local\temp
2014-11-19 14:52 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 14:52 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 14:52 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 14:52 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-18 21:47 . 2014-11-18 21:47 -------- d-----w- c:\users\maureen.RSC\AppData\Local\Macromedia
2014-11-14 21:23 . 2014-11-14 21:23 140288 ----a-w- c:\windows\SysWow64\temp.000
2014-11-14 16:32 . 2014-11-14 16:32 -------- d-sh--w- c:\users\maureen.RSC\AppData\Local\EmieBrowserModeList
2014-11-14 15:15 . 2014-11-15 04:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-12 21:07 . 2014-11-14 19:50 -------- d-----w- C:\FRST
2014-11-12 20:56 . 2014-11-12 20:56 -------- d-----w- C:\found.000
2014-11-12 20:11 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 20:11 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 20:11 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 20:11 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 20:11 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 20:10 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 20:10 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 20:10 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-12 20:10 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-12 20:10 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-12 20:10 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-12 20:10 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-12 20:05 . 2014-09-19 09:42 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-12 20:05 . 2014-09-19 09:23 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-11-12 20:05 . 2014-09-19 09:23 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-11-12 20:05 . 2014-09-19 09:42 22016 ----a-w- c:\windows\system32\credssp.dll
2014-11-12 20:05 . 2014-09-19 09:23 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-11-12 20:05 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-12 20:05 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-12 20:05 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 20:05 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-12 20:05 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-12 20:05 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 20:05 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-10 16:20 . 2014-11-10 16:20 -------- d-----w- c:\users\maureen.RSC\AppData\Local\Mozilla
2014-11-10 16:20 . 2014-11-12 14:34 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-11-10 03:49 . 2014-11-10 03:49 -------- d-----w- c:\users\maureen.RSC\AppData\Local\Omqqics
2014-11-10 03:49 . 2014-11-10 03:49 -------- d-----w- c:\users\maureen.RSC\AppData\Local\ITVsoft
2014-11-10 03:48 . 2014-11-10 17:08 -------- d-----w- c:\programdata\GusoyBowde
2014-11-10 03:48 . 2014-11-10 17:08 -------- d-----w- c:\programdata\ZekmIxub
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-18 21:42 . 2012-06-12 06:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-18 21:42 . 2012-06-12 06:38 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-17 21:07 . 2014-07-15 19:55 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-14 21:21 . 2013-02-20 19:34 286720 ------w- c:\windows\Setup1.exe
2014-11-14 21:21 . 2013-02-20 19:34 73216 ----a-w- c:\windows\ST6UNST.EXE
2014-11-14 15:13 . 2014-07-15 19:55 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-12 22:16 . 2012-07-10 15:52 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-10-20 14:07 . 2014-10-20 14:07 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-01 17:11 . 2014-07-15 19:55 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 17:11 . 2012-09-04 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 02:08 . 2014-10-01 03:32 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 03:32 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-29 02:43 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-29 02:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-05 02:11 . 2014-10-16 07:28 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-16 07:27 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-09-04 05:23 . 2014-10-16 07:28 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 07:28 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-09-01 14:39 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-29 02:07 . 2014-10-16 07:28 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-08-26 21:00 . 2014-08-26 21:01 303464 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-08-26 21:00 . 2014-08-26 21:01 170440 ----a-w- c:\windows\system32\mfevtps.exe
2014-08-26 21:00 . 2014-08-26 21:02 101200 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2014-08-26 21:00 . 2012-07-10 18:35 99352 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2014-08-26 21:00 . 2014-08-26 21:01 665768 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-08-26 21:00 . 2014-08-26 21:02 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2014-08-26 21:00 . 2014-08-26 21:02 274880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-08-26 21:00 . 2014-08-26 21:02 160952 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-08-26 21:00 . 2012-07-10 18:35 75656 ----a-w- c:\windows\SysWow64\MfeOtlkAddin.dll
2014-08-26 21:00 . 2012-07-10 18:35 23112 ----a-w- c:\windows\SysWow64\MFEOtlk.dll
2014-08-23 02:07 . 2014-08-28 13:59 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 13:59 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-10-10 7767832]
"HP Officejet Pro 8610 (NET)"="c:\program files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" [2013-09-11 3485728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2011-02-27 1708048]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"VizManager"="c:\program files (x86)\VizManager\VizManager.exe" [2014-01-20 233472]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2012-09-05 333416]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-15 215656]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
c:\users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
c:\users\insp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
c:\users\maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 InforVisualDrillback;InforVisualDrillback;C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe -p 9090 -n InforVisualDrillback webserversrvc;C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe -p 9090 -n InforVisualDrillback webserversrvc [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VISUAL Exchange Service 1.2.101.145;VISUAL Exchange Service 1.2.101.145;c:\infor\visual enterprise\visual .net\bin\vxcservice.exe;c:\infor\visual enterprise\visual .net\bin\vxcservice.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys;c:\windows\SYSNATIVE\DRIVERS\accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 21:42]
.
2014-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18 21:04]
.
2014-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18 21:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 7077272]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: livemeeting.com\www307
Trusted Zone: sauer-danfoss.com\suppliers
TCP: DhcpNameServer = 151.106.100.47 151.106.100.45
DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} - hxxp://rsc5:8080/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://151.106.100.108/WebClient.cab
FF - ProfilePath - c:\users\maureen.RSC\AppData\Roaming\Mozilla\Firefox\Profiles\d3t080qv.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-VizManager - (no file)
Wow6432Node-HKCU-Run-TWC.Win7 - c:\program files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
Wow6432Node-HKCU-Run-ucilluo - c:\users\maureen.RSC\AppData\Local\ucilluo.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\InforVisualDrillback]
"ImagePath"="\"C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe\" -p 9090 -n InforVisualDrillback webserversrvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\InforVisualDrillback]
"ImagePath"="\"C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe\" -p 9090 -n InforVisualDrillback webserversrvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2014-11-20  14:48:35 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-20 20:48
.
Pre-Run: 140,744,704,000 bytes free
Post-Run: 145,294,172,160 bytes free
.
- - End Of File - - 9011E388CD5211C5E913EB07A7869B35

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.