Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Astromenda has taken over II. Help!!!!

  1. #1
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default Astromenda has taken over II. Help!!!!

    I have been receiving popups recently and couldn't understand why. after opening up google chrome, I noticed that Astromenda was showing up in a tab. After looking up Astromenda on the internet, I learned that it is a malware software, which I need to clean off of my system. About a week ago, I did a system restore, which I think that it restored my system back to 8/17/2014. I've submitted the requested logs below. Please help me rid the my system of the unwanted malware. Thanks!

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
    Ran by RAB Office (administrator) on RABOFFICE-PC on 02-09-2014 23:32:37
    Running from C:\Users\RAB Office\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAA905.tmp
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    (Plantronics) C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
    (Nikon Corporation) C:\Program Files (x86)\Nikon\NkView5\NkvMon.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
    HKLM\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [78336 2013-02-13] (Plantronics)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [76872 2012-03-27] (cyberlink)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {4fa5e575-59e2-11e3-a479-844bf55a5328} - E:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {d35b07a3-860a-11e3-8b1b-844bf55a5328} - E:\setup.exe -a
    HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {de4f57e1-ea6a-11e1-8d0c-844bf55a5328} - E:\Autorun.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NkvMon.exe.lnk
    ShortcutTarget: NkvMon.exe.lnk -> C:\Program Files (x86)\Nikon\NkView5\NkvMon.exe (Nikon Corporation)
    ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/channel/START
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=58&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
    SearchScopes: HKCU - {493C3539-470D-418F-B38F-3AF736CB70EB} URL =
    SearchScopes: HKCU - {C51434D8-8DFF-481C-9C62-204368E109D1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0FtCyC0EyDzztGyByE0CtCtGyCtAzztDtGzytAzzyBtGtAtByD0C0F0AyD0EyCyB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=935455904&ir=
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc32.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...detect1263.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
    FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-09-24]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=", "hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=55&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&SSPV="
    CHR DefaultSearchKeyword: Default -> astromenda.com
    CHR DefaultSearchProvider: Default -> Astromenda
    CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Profile: C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
    CHR Extension: (Google Wallet) - C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 0273541409705604mcinstcleanup; C:\Windows\TEMP\027354~1.EXE [836168 2014-03-13] (McAfee, Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
    S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [242448 2012-03-27] (CyberLink)
    S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-08-02] (Dell Products, LP.) [File not signed]
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
    S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2013-02-13] (CSR/PLT)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
    U3 mfencbdc01; No ImagePath
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
    S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-11-13] ()
    S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-08-30] (Windows (R) Win 7 DDK provider)
    S1 ttnfd; system32\drivers\ttnfd.sys [X]
    S3 __FOX__UNI_DRIVER__; \??\C:\Users\RABOFF~1\AppData\Local\Temp\FoxG1Driver.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-02 23:32 - 2014-09-02 23:33 - 00028460 _____ () C:\Users\RAB Office\Desktop\FRST.txt
    2014-09-02 23:32 - 2014-09-02 23:32 - 00000000 ____D () C:\FRST
    2014-09-02 23:23 - 2014-09-02 23:23 - 04057608 _____ () C:\Users\RAB Office\Desktop\tweaking.com_registry_backup_setup.exe
    2014-09-02 23:18 - 2014-09-02 23:18 - 02104832 _____ (Farbar) C:\Users\RAB Office\Desktop\FRST64.exe
    2014-09-02 22:00 - 2014-09-02 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-09-02 20:29 - 2014-09-02 20:32 - 00003264 _____ () C:\Windows\System32\Tasks\Trojan Killer
    2014-09-02 20:29 - 2014-09-02 20:32 - 00000946 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
    2014-09-02 20:29 - 2014-09-02 20:32 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
    2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
    2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\GridinSoft
    2014-09-02 18:35 - 2014-09-02 18:35 - 00000000 ___RD () C:\Users\RAB Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-09-02 10:45 - 2014-09-02 10:45 - 00000000 ___RD () C:\Users\Gayle.RABOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-08-30 11:34 - 2014-08-30 11:34 - 00016640 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
    2014-08-28 09:31 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-28 09:31 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-28 09:31 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-25 11:04 - 2014-08-25 11:04 - 00016918 _____ () C:\Users\Gayle.RABOffice-PC\Documents\biggs-dance.xlsx
    2014-08-24 12:30 - 2014-08-24 12:30 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Adobe
    2014-08-22 21:12 - 2014-08-22 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Google
    2014-08-20 14:05 - 2014-08-20 14:05 - 00024306 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (6).html
    2014-08-20 10:35 - 2014-08-20 10:35 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (5).html
    2014-08-20 10:32 - 2014-08-20 10:32 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (4).html
    2014-08-17 21:19 - 2014-08-17 21:19 - 00000000 ____D () C:\ProgramData\374311380
    2014-08-17 21:17 - 2014-08-17 21:17 - 00003272 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
    2014-08-17 21:17 - 2014-08-17 21:17 - 00000000 ____D () C:\Users\RAB Office\Documents\Optimizer Pro
    2014-08-17 21:12 - 2014-08-19 23:36 - 00000264 _____ () C:\Users\RAB Office\Desktop\Cut the Rope.url
    2014-08-17 21:12 - 2014-08-17 21:16 - 00000000 ____D () C:\Program Files (x86)\Astromenda
    2014-08-17 21:12 - 2014-08-17 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Astromenda
    2014-08-15 20:27 - 2014-08-15 20:34 - 00000000 ____D () C:\Users\RAB Office\Desktop\Speechwise
    2014-08-14 19:50 - 2014-09-02 20:09 - 00026306 _____ () C:\Users\RAB Office\Documents\TSP Tracking - 2014.xlsx
    2014-08-14 19:49 - 2014-09-02 20:09 - 00028000 _____ () C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - 2014.xlsx
    2014-08-13 21:52 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-08-13 21:52 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2014-08-13 21:52 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-08-13 21:52 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-08-13 21:52 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2014-08-13 21:52 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2014-08-13 21:51 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2014-08-13 21:51 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-08-13 07:55 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-13 07:55 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-08-13 07:55 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-13 07:55 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-13 07:55 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-13 07:55 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-08-13 07:55 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-13 07:55 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-13 07:55 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-13 07:55 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-13 07:55 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-13 07:55 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-13 07:55 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-13 07:55 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-08-13 07:55 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-13 07:55 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-13 07:55 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-13 07:55 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-13 07:55 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-13 07:55 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-13 07:55 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-08-13 07:55 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-08-13 07:55 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-08-13 07:55 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-08-13 07:55 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-13 07:55 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-13 07:55 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-08-13 07:55 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-13 07:55 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-08-13 07:55 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-13 07:55 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-08-13 07:55 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-08-13 07:55 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-13 07:55 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-08-13 07:55 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-08-13 07:55 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-08-13 07:55 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-08-13 07:55 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-13 07:55 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-13 07:55 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-13 07:55 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-13 07:55 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-13 07:55 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-08-13 07:55 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-08-13 07:55 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-08-13 07:55 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-13 07:55 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-08-13 07:55 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-08-13 07:55 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-08-13 07:55 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-08-13 07:55 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-13 07:55 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-13 07:55 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-08-13 07:55 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-08-13 07:55 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-08-13 07:55 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-08-13 07:55 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-08-13 07:55 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-08-13 07:55 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-08-13 07:55 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-08-13 07:55 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-08-13 07:55 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-08-13 07:55 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-08-13 07:55 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-08-13 07:55 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-08-13 07:55 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-08-13 07:55 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-08-13 07:55 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-08-13 07:55 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-08-13 07:55 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-08-13 07:55 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-08-13 07:55 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-08-13 07:55 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2014-08-13 07:54 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-13 07:54 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-13 07:54 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-08-13 07:54 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2014-08-10 17:06 - 2014-08-10 17:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iTunes
    2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iPod
    2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-08-09 00:15 - 2014-08-09 00:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-08-09 00:15 - 2014-08-09 00:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-08-08 23:14 - 2014-08-08 23:14 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC\Desktop\Meat
    2014-08-08 23:07 - 2014-08-08 23:08 - 00000000 ____D () C:\Users\RAB Office\Desktop\Meat

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-02 23:33 - 2014-09-02 23:32 - 00028460 _____ () C:\Users\RAB Office\Desktop\FRST.txt
    2014-09-02 23:32 - 2014-09-02 23:32 - 00000000 ____D () C:\FRST
    2014-09-02 23:26 - 2012-08-14 04:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-09-02 23:23 - 2014-09-02 23:23 - 04057608 _____ () C:\Users\RAB Office\Desktop\tweaking.com_registry_backup_setup.exe
    2014-09-02 23:23 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-02 23:23 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-02 23:18 - 2014-09-02 23:18 - 02104832 _____ (Farbar) C:\Users\RAB Office\Desktop\FRST64.exe
    2014-09-02 22:37 - 2012-11-16 22:20 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-02 22:00 - 2014-09-02 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-09-02 22:00 - 2012-09-24 22:48 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
    2014-09-02 21:37 - 2012-08-14 04:09 - 01242663 _____ () C:\Windows\WindowsUpdate.log
    2014-09-02 20:53 - 2012-09-24 22:48 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2014-09-02 20:32 - 2014-09-02 20:29 - 00003264 _____ () C:\Windows\System32\Tasks\Trojan Killer
    2014-09-02 20:32 - 2014-09-02 20:29 - 00000946 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
    2014-09-02 20:32 - 2014-09-02 20:29 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
    2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
    2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\GridinSoft
    2014-09-02 20:28 - 2012-08-20 12:40 - 00000000 ____D () C:\Users\RAB Office\Documents\Outlook Files
    2014-09-02 20:09 - 2014-08-14 19:50 - 00026306 _____ () C:\Users\RAB Office\Documents\TSP Tracking - 2014.xlsx
    2014-09-02 20:09 - 2014-08-14 19:49 - 00028000 _____ () C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - 2014.xlsx
    2014-09-02 20:08 - 2013-10-07 19:47 - 00005008 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-RAB Office RABOffice-PC
    2014-09-02 18:45 - 2013-05-24 14:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
    2014-09-02 18:37 - 2012-11-16 22:20 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-02 18:36 - 2013-10-09 17:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-09-02 18:35 - 2014-09-02 18:35 - 00000000 ___RD () C:\Users\RAB Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-09-02 18:35 - 2012-08-14 04:42 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
    2014-09-02 18:35 - 2012-08-14 04:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
    2014-09-02 18:35 - 2012-08-14 04:29 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-09-02 18:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-02 18:34 - 2009-07-14 00:51 - 00359045 _____ () C:\Windows\setupact.log
    2014-09-02 10:45 - 2014-09-02 10:45 - 00000000 ___RD () C:\Users\Gayle.RABOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-09-01 20:59 - 2012-08-16 18:50 - 00000000 ____D () C:\Users\RAB Office\Documents\Personal
    2014-08-30 23:34 - 2012-08-20 13:43 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\CrashDumps
    2014-08-30 11:34 - 2014-08-30 11:34 - 00016640 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
    2014-08-29 20:39 - 2013-04-15 19:07 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-08-28 17:42 - 2009-07-14 00:45 - 00435384 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-28 09:24 - 2010-11-20 23:47 - 00389700 _____ () C:\Windows\PFRO.log
    2014-08-27 18:52 - 2013-10-06 21:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-08-25 11:04 - 2014-08-25 11:04 - 00016918 _____ () C:\Users\Gayle.RABOffice-PC\Documents\biggs-dance.xlsx
    2014-08-24 20:31 - 2012-08-20 17:25 - 00000000 ____D () C:\Users\RAB Office\Desktop\OPT OUT
    2014-08-24 12:30 - 2014-08-24 12:30 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Adobe
    2014-08-23 19:40 - 2012-08-19 23:24 - 00000000 ____D () C:\Users\RAB Office\Documents\Bluetooth Folder
    2014-08-23 16:26 - 2012-08-14 04:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-08-23 14:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-08-23 14:06 - 2012-08-14 04:11 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-08-23 14:06 - 2012-08-14 04:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-08-22 22:07 - 2014-08-28 09:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-22 21:52 - 2012-11-16 22:20 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Google
    2014-08-22 21:45 - 2014-08-28 09:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-22 21:38 - 2012-08-20 00:52 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\HpUpdate
    2014-08-22 21:32 - 2012-08-19 23:15 - 00000000 ____D () C:\Users\RAB Office
    2014-08-22 21:31 - 2012-09-24 19:43 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC
    2014-08-22 21:31 - 2012-08-14 04:10 - 00000000 ____D () C:\Windows\system32\Macromed
    2014-08-22 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
    2014-08-22 21:29 - 2012-08-20 12:00 - 00000000 __RHD () C:\MSOCache
    2014-08-22 21:12 - 2014-08-22 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Google
    2014-08-22 20:59 - 2014-08-28 09:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-20 14:05 - 2014-08-20 14:05 - 00024306 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (6).html
    2014-08-20 10:35 - 2014-08-20 10:35 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (5).html
    2014-08-20 10:32 - 2014-08-20 10:32 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (4).html
    2014-08-19 23:36 - 2014-08-17 21:12 - 00000264 _____ () C:\Users\RAB Office\Desktop\Cut the Rope.url
    2014-08-17 21:19 - 2014-08-17 21:19 - 00000000 ____D () C:\ProgramData\374311380
    2014-08-17 21:17 - 2014-08-17 21:17 - 00003272 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
    2014-08-17 21:17 - 2014-08-17 21:17 - 00000000 ____D () C:\Users\RAB Office\Documents\Optimizer Pro
    2014-08-17 21:16 - 2014-08-17 21:12 - 00000000 ____D () C:\Program Files (x86)\Astromenda
    2014-08-17 21:12 - 2014-08-17 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Astromenda
    2014-08-17 14:43 - 2014-05-13 22:24 - 00004990 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-Gayle RABOffice-PC
    2014-08-15 20:34 - 2014-08-15 20:27 - 00000000 ____D () C:\Users\RAB Office\Desktop\Speechwise
    2014-08-15 14:38 - 2014-03-27 20:28 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
    2014-08-15 14:38 - 2014-03-27 20:28 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
    2014-08-15 14:38 - 2014-03-27 20:28 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
    2014-08-15 14:38 - 2014-03-27 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2014-08-14 23:26 - 2012-11-13 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-08-14 17:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-08-14 11:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-08-13 21:58 - 2013-08-13 21:22 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-13 21:55 - 2012-08-20 13:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-13 21:51 - 2014-04-28 18:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-08-10 17:06 - 2014-08-10 17:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iTunes
    2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iPod
    2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-08-09 00:16 - 2013-10-19 20:36 - 00000000 ____D () C:\ProgramData\Oracle
    2014-08-09 00:15 - 2014-08-09 00:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-08-09 00:15 - 2014-08-09 00:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-08-08 23:14 - 2014-08-08 23:14 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC\Desktop\Meat
    2014-08-08 23:13 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-08 23:08 - 2014-08-08 23:07 - 00000000 ____D () C:\Users\RAB Office\Desktop\Meat
    2014-08-06 22:06 - 2014-08-13 07:54 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-06 22:01 - 2014-08-13 07:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-06 14:21 - 2012-09-24 19:35 - 00109568 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Revised Monthly Employmenet Utilization Report 1-10-05(1)(ROGERS BRIDGE COMPANY).xls
    2014-08-05 16:48 - 2014-07-09 15:57 - 00098304 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Copy of FHWA-1391Form.xls
    2014-08-05 16:44 - 2013-11-21 11:00 - 00047584 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Copy of FHWA-1391Form.xlsx

    Some content of TEMP:
    ====================
    C:\Users\Gayle.RABOffice-PC\AppData\Local\Temp\{0565F6E5-065B-4AD5-B46D-17C5E7B624E2}-27.0.1453.93_26.0.1410.64_chrome_updater.exe
    C:\Users\RAB Office\AppData\Local\Temp\1mw2mtm2.dll
    C:\Users\RAB Office\AppData\Local\Temp\1ruqnvha.dll
    C:\Users\RAB Office\AppData\Local\Temp\4fgjnhe4.dll
    C:\Users\RAB Office\AppData\Local\Temp\83wrnnzh.dll
    C:\Users\RAB Office\AppData\Local\Temp\adobe_flash.exe
    C:\Users\RAB Office\AppData\Local\Temp\c0dzxjin.dll
    C:\Users\RAB Office\AppData\Local\Temp\cfyvjy0k.dll
    C:\Users\RAB Office\AppData\Local\Temp\COMAP.EXE
    C:\Users\RAB Office\AppData\Local\Temp\dqyjvzhw.dll
    C:\Users\RAB Office\AppData\Local\Temp\h2fvphlp.dll
    C:\Users\RAB Office\AppData\Local\Temp\isqkfkq0.dll
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\k2l_fnvx.dll
    C:\Users\RAB Office\AppData\Local\Temp\k6ka77z8.dll
    C:\Users\RAB Office\AppData\Local\Temp\klauu4_f.dll
    C:\Users\RAB Office\AppData\Local\Temp\lsu1nzcr.dll
    C:\Users\RAB Office\AppData\Local\Temp\m56dpjwy.dll
    C:\Users\RAB Office\AppData\Local\Temp\nsb8936.exe
    C:\Users\RAB Office\AppData\Local\Temp\nsl85CB.exe
    C:\Users\RAB Office\AppData\Local\Temp\nslA763.exe
    C:\Users\RAB Office\AppData\Local\Temp\nssBB6E.exe
    C:\Users\RAB Office\AppData\Local\Temp\nsvAA9E.exe
    C:\Users\RAB Office\AppData\Local\Temp\ocw5hehz.dll
    C:\Users\RAB Office\AppData\Local\Temp\OfficeSetup.exe
    C:\Users\RAB Office\AppData\Local\Temp\qok1llgl.dll
    C:\Users\RAB Office\AppData\Local\Temp\qxzz_pgm.dll
    C:\Users\RAB Office\AppData\Local\Temp\rrxe53od.dll
    C:\Users\RAB Office\AppData\Local\Temp\sdjxo7xl.dll
    C:\Users\RAB Office\AppData\Local\Temp\Setup.exe
    C:\Users\RAB Office\AppData\Local\Temp\tlhny25o.dll
    C:\Users\RAB Office\AppData\Local\Temp\tmp5C15.exe
    C:\Users\RAB Office\AppData\Local\Temp\w19k9y0e.dll
    C:\Users\RAB Office\AppData\Local\Temp\w6ju6dxc.dll
    C:\Users\RAB Office\AppData\Local\Temp\xedkpqry.dll
    C:\Users\RAB Office\AppData\Local\Temp\zm8_e-cf.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-27 19:18

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
    Ran by RAB Office at 2014-09-02 23:33:21
    Running from C:\Users\RAB Office\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
    Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
    AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
    AMD AVIVO64 Codecs (Version: 11.7.0.11025 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation)
    ArcSoft Software Suite (HKLM-x32\...\ArcSoft Software Suite) (Version: - )
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
    CDDRV_Installer (Version: 4.60 - Logitech) Hidden
    Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
    Chessmaster Grandmaster Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)
    CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.5127 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{F5E43D09-96AF-4CA0-85AE-9134E7FFA7FC}) (Version: 2.2.3000.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
    Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
    Family Tree Maker 2011 (x32 Version: 20.0.368 - Ancestry.com) Hidden
    FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
    Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: 5.0.12200.630 - Hewlett-Packard)
    HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
    HP Unified IO (Version: 1.0.1.94 - HP) Hidden
    HP Unified IO (Version: 2.0.0.404 - HP) Hidden
    HP Unified IO (x32 Version: 1.0.1.94 - HP) Hidden
    HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
    hpbM351M451DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
    HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard)
    hppM351_M451LaserJetService (x32 Version: 005.021.00132 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
    iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
    Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
    McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
    McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
    Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (HKLM\...\{88387B3B-B110-392F-B919-1A15B48F21D4}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (HKLM-x32\...\{370187B9-6964-38D0-851F-6C4898B0C2B1}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
    Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden
    Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
    Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
    Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Nikon View 5 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version: - )
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Plantronics MyHeadset Updater (x64) (HKLM\...\{11C2C550-7EB9-4E8D-B960-6DF230E73396}) (Version: 2.8.23209.0 - Plantronics, Inc.)
    QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.4.6 - GridinSoft LLC)
    Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (08/15/2010 2.1.0.2) (HKLM\...\0799181C3332EF8BCBD444BC080F9CA0737F8279) (Version: 08/15/2010 2.1.0.2 - Cambridge Silicon Radio)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
    Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
    Windows SDK IntellisenseNFX (x32 Version: 7.1.30514 - Microsoft) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    14-08-2014 01:51:00 Windows Update
    15-08-2014 03:25:41 Installed HP Update.
    18-08-2014 01:54:16 Removed Bonjour
    23-08-2014 01:26:45 Restore Operation
    25-08-2014 23:30:21 Windows Modules Installer
    28-08-2014 17:38:51 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0B03C79C-FEB7-4301-9A5B-34B680725C15} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {1E7EFB63-6EA7-4B41-9F0A-CB1A406C7B3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
    Task: {26111EEA-DC8C-492E-AAC5-0FC95E4E32F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {27EE58C6-AD23-480B-A264-FF94BB10A4C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-23] (Adobe Systems Incorporated)
    Task: {2D52AAEB-9EBD-49C5-8A74-0E912C19338D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-RAB Office RABOffice-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
    Task: {7D86545D-07C8-44CB-A192-D59392076AD3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
    Task: {882B0BC9-4920-4D6D-AD8E-4BCA919E542B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
    Task: {8A0174ED-68F6-4A2A-887A-3EDD0DE77C0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
    Task: {9BF7A557-A04A-48F7-8B04-D3380C99BFF8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-Gayle RABOffice-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
    Task: {C0187C04-2305-4AF3-91CE-C817F6B41DC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
    Task: {C1A7958B-5BC6-4A9A-A2C2-41E4E8DF0E67} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
    Task: {CABAEA8F-5223-4ED4-AF03-C8DBF11D8B28} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe [2014-08-30] (GridinSoft LLC.)
    Task: {F7BF6E96-F6D9-455C-9773-676D985082E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
    Task: {F9E5704C-756D-43EF-A6F6-FCF75F1F8C75} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-19 20:58 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-08-27 18:51 - 2014-08-27 18:51 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2012-08-14 04:30 - 2012-01-26 22:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2012-08-20 15:58 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
    2012-08-20 15:58 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    2011-10-25 22:29 - 2011-10-25 22:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-02-13 07:48 - 2013-02-13 07:48 - 00032768 _____ () C:\Program Files\Plantronics\MyHeadsetUpdater\NativeUsbLib.dll
    2014-08-14 12:27 - 2014-08-14 12:27 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5744dbc804f3ddc8c5416a9de9e8c26d\IsdiInterop.ni.dll
    2012-08-14 04:21 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2012-08-14 04:23 - 2012-01-21 07:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\2009 EEO Letter.doc:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\DEKALB COUNTY-LOCATES.doc:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\DRUG CERTIFICATION 2009.pdf:Roxio EMC Stream
    AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\McKenzie -Medical & Pharmacy.doc:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\2005 Annual Inventory Guidelines.pdf:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Alexandria's 1st Grade Report Card.pdf:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Blackberry Settings.doc:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\CA-16.pdf:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Disqualification Letters.pdf:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Duty Agent roster 2009-2010.doc:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Golf Tournament Quote.jpg:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Legal Service Agreement with Michael Beasley.pdf:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Motor Vehicle Utilization Report for August 2009.doc:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\My Eval Bullets.doc:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\PSN Photo 2006 Conference.JPG:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Redneck 911 Joke.wmv:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Sandisk Titanium 512 MB Quick Start Guide.pdf:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Staff Directory as of 11-16-2009.xls:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Sunny's Pricelist.jpg:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\The Great Black Vote.wmv:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\TSP Tracking - (Shell).xls:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - (Shell).xls:Roxio EMC Stream
    AlternateDataStreams: C:\Users\RAB Office\Documents\Welcome_to_the_family.wmv:Roxio EMC Stream

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============

    Name: ttnfd
    Description: ttnfd
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ttnfd
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/02/2014 08:32:43 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (09/02/2014 08:29:26 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (09/02/2014 06:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/02/2014 10:46:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/02/2014 08:47:51 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
    Description: McShield crashed.
    Error Code:c0000005

    Error: (09/02/2014 08:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mcshield.exe, version: 1.1.3.169, time stamp: 0x53a17f3d
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000005
    Fault offset: 0x000000000004e4e4
    Faulting process id: 0xa6c
    Faulting application start time: 0xmcshield.exe0
    Faulting application path: mcshield.exe1
    Faulting module path: mcshield.exe2
    Report Id: mcshield.exe3

    Error: (09/02/2014 08:47:49 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
    Description: McShield crashed.
    Error Code:c0000005

    Error: (09/02/2014 08:47:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/01/2014 07:37:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/01/2014 01:54:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Platform Services service failed to start due to the following error:
    %%1053

    Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

    Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Platform Services service failed to start due to the following error:
    %%1053

    Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

    Error: (09/02/2014 08:53:07 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}

    Error: (09/02/2014 08:51:56 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {209500FC-6B45-4693-8871-6296C4843751}

    Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535


    Microsoft Office Sessions:
    =========================
    Error: (09/02/2014 08:32:43 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

    Error: (09/02/2014 08:29:26 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

    Error: (09/02/2014 06:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/02/2014 10:46:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/02/2014 08:47:51 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
    Description: c0000005

    Error: (09/02/2014 08:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: mcshield.exe1.1.3.16953a17f3dntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4a6c01cfc6abce0e4b94C:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dll583ef223-329f-11e4-8395-844bf55a5328

    Error: (09/02/2014 08:47:49 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
    Description: c0000005

    Error: (09/02/2014 08:47:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/01/2014 07:37:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/01/2014 01:54:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
    Percentage of memory in use: 38%
    Total physical RAM: 8152.96 MB
    Available physical RAM: 5018.05 MB
    Total Pagefile: 16304.11 MB
    Available Pagefile: 13198.27 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:760.53 GB) NTFS
    Drive d: (CLASS_OF_2020_2) (CDROM) (Total:1.88 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 039B70F2)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=12.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-09-02 23:39:42
    -----------------------------
    23:39:42.537 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:39:42.537 Number of processors: 4 586 0x3A09
    23:39:42.537 ComputerName: RABOFFICE-PC UserName: RAB Office
    23:39:46.609 Initialize success
    23:39:46.671 VM: initialized successfully
    23:39:46.702 VM: Intel CPU supported
    23:40:30.181 VM: supported disk I/O iaStor.sys
    23:42:06.078 AVAST engine defs: 14090201
    23:43:38.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:43:38.555 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
    23:43:38.664 VM: Disk 0 MBR read successfully
    23:43:38.680 Disk 0 MBR scan
    23:43:38.695 Disk 0 Windows VISTA default MBR code
    23:43:38.695 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    23:43:38.711 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12544 MB offset 81920
    23:43:38.711 Disk 0 Boot: NTFS code=1
    23:43:38.727 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941284 MB offset 25772032
    23:43:38.758 Disk 0 scanning C:\Windows\system32\drivers
    23:43:53.484 Service scanning
    23:44:15.465 Modules scanning
    23:44:15.465 Disk 0 trace - called modules:
    23:44:15.480 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    23:44:15.480 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077bd060]
    23:44:15.496 3 CLASSPNP.SYS[fffff88001d9543f] -> nt!IofCallDriver -> [0xfffffa8007166e40]
    23:44:15.496 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007169050]
    23:44:21.689 AVAST engine scan C:\Windows
    23:44:24.762 AVAST engine scan C:\Windows\system32
    23:49:29.920 AVAST engine scan C:\Windows\system32\drivers
    23:49:48.796 AVAST engine scan C:\Users\RAB Office
    23:51:29.541 Disk 0 MBR has been saved successfully to "C:\Users\RAB Office\Desktop\MBR.dat"
    23:51:29.557 The log file has been saved successfully to "C:\Users\RAB Office\Desktop\aswMBR.txt"
    Bigalo

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Check add/remove programs first, if there try to uninstall.
    FileParade bundle uninstaller
    astromenda
    If you don't find one move to the next.

    We need to reset your browsers. Please do this before continuing with the fix below.

    Reset browsers


    Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
    If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

    Internet Explorer
    How to reset Internet Explorer settings

    Firefox
    https://support.mozilla.org/en-US/kb...-most-problems

    Chrome
    Chrome - Reset browser settings

    ************************

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=58&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
    SearchScopes: HKCU - {493C3539-470D-418F-B38F-3AF736CB70EB} URL =
    SearchScopes: HKCU - {C51434D8-8DFF-481C-9C62-204368E109D1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0FtCyC0EyDzztGyByE0CtCtGyCtAzztDtGzytAzzyBtGtAtByD0C0F0AyD0EyCyB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=935455904&ir=
    BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
    BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
    CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=", "hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=55&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&SSPV="
    CHR DefaultSearchKeyword: Default -> astromenda.com
    CHR DefaultSearchProvider: Default -> Astromenda
    CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
    C:\Windows\System32\Tasks\Optimizer Pro Schedule
    C:\Users\RAB Office\Documents\Optimizer Pro
    C:\Program Files (x86)\Astromenda
    C:\Users\RAB Office\AppData\Roaming\Astromenda
    C:\Users\Gayle.RABOffice-PC\AppData\Local\Temp\{0565F6E5-065B-4AD5-B46D-17C5E7B624E2}-27.0.1453.93_26.0.1410.64_chrome_updater.exe
    C:\Users\RAB Office\AppData\Local\Temp\1mw2mtm2.dll
    C:\Users\RAB Office\AppData\Local\Temp\1ruqnvha.dll
    C:\Users\RAB Office\AppData\Local\Temp\4fgjnhe4.dll
    C:\Users\RAB Office\AppData\Local\Temp\83wrnnzh.dll
    C:\Users\RAB Office\AppData\Local\Temp\adobe_flash.exe
    C:\Users\RAB Office\AppData\Local\Temp\c0dzxjin.dll
    C:\Users\RAB Office\AppData\Local\Temp\cfyvjy0k.dll
    C:\Users\RAB Office\AppData\Local\Temp\COMAP.EXE
    C:\Users\RAB Office\AppData\Local\Temp\dqyjvzhw.dll
    C:\Users\RAB Office\AppData\Local\Temp\h2fvphlp.dll
    C:\Users\RAB Office\AppData\Local\Temp\isqkfkq0.dll
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\k2l_fnvx.dll
    C:\Users\RAB Office\AppData\Local\Temp\k6ka77z8.dll
    C:\Users\RAB Office\AppData\Local\Temp\klauu4_f.dll
    C:\Users\RAB Office\AppData\Local\Temp\lsu1nzcr.dll
    C:\Users\RAB Office\AppData\Local\Temp\m56dpjwy.dll
    C:\Users\RAB Office\AppData\Local\Temp\nsb8936.exe
    C:\Users\RAB Office\AppData\Local\Temp\nsl85CB.exe
    C:\Users\RAB Office\AppData\Local\Temp\nslA763.exe
    C:\Users\RAB Office\AppData\Local\Temp\nssBB6E.exe
    C:\Users\RAB Office\AppData\Local\Temp\nsvAA9E.exe
    C:\Users\RAB Office\AppData\Local\Temp\ocw5hehz.dll
    C:\Users\RAB Office\AppData\Local\Temp\OfficeSetup.exe
    C:\Users\RAB Office\AppData\Local\Temp\qok1llgl.dll
    C:\Users\RAB Office\AppData\Local\Temp\qxzz_pgm.dll
    C:\Users\RAB Office\AppData\Local\Temp\rrxe53od.dll
    C:\Users\RAB Office\AppData\Local\Temp\sdjxo7xl.dll
    C:\Users\RAB Office\AppData\Local\Temp\Setup.exe
    C:\Users\RAB Office\AppData\Local\Temp\tlhny25o.dll
    C:\Users\RAB Office\AppData\Local\Temp\tmp5C15.exe
    C:\Users\RAB Office\AppData\Local\Temp\w19k9y0e.dll
    C:\Users\RAB Office\AppData\Local\Temp\w6ju6dxc.dll
    C:\Users\RAB Office\AppData\Local\Temp\xedkpqry.dll
    C:\Users\RAB Office\AppData\Local\Temp\zm8_e-cf.dll
    FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION
    Hosts:
    EmptyTemp:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    *******************

    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.



    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Please post
    Fixlog.txt
    C:\AdwCleaner.txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014
    Ran by RAB Office at 2014-09-03 19:58:40 Run:1
    Running from C:\Users\RAB Office\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=58&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
    SearchScopes: HKCU - {493C3539-470D-418F-B38F-3AF736CB70EB} URL =
    SearchScopes: HKCU - {C51434D8-8DFF-481C-9C62-204368E109D1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0FtCyC0EyDzztGyByE0CtCtGyCtAzztDtGzytAzzyBtGtAtByD0C0F0AyD0EyCyB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=935455904&ir=
    BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
    BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
    CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=", "hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=55&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&SSPV="
    CHR DefaultSearchKeyword: Default -> astromenda.com
    CHR DefaultSearchProvider: Default -> Astromenda
    CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
    C:\Windows\System32\Tasks\Optimizer Pro Schedule
    C:\Users\RAB Office\Documents\Optimizer Pro
    C:\Program Files (x86)\Astromenda
    C:\Users\RAB Office\AppData\Roaming\Astromenda
    C:\Users\Gayle.RABOffice-PC\AppData\Local\Temp\{0565F6E5-065B-4AD5-B46D-17C5E7B624E2}-27.0.1453.93_26.0.1410.64_chrome_updater.exe
    C:\Users\RAB Office\AppData\Local\Temp\1mw2mtm2.dll
    C:\Users\RAB Office\AppData\Local\Temp\1ruqnvha.dll
    C:\Users\RAB Office\AppData\Local\Temp\4fgjnhe4.dll
    C:\Users\RAB Office\AppData\Local\Temp\83wrnnzh.dll
    C:\Users\RAB Office\AppData\Local\Temp\adobe_flash.exe
    C:\Users\RAB Office\AppData\Local\Temp\c0dzxjin.dll
    C:\Users\RAB Office\AppData\Local\Temp\cfyvjy0k.dll
    C:\Users\RAB Office\AppData\Local\Temp\COMAP.EXE
    C:\Users\RAB Office\AppData\Local\Temp\dqyjvzhw.dll
    C:\Users\RAB Office\AppData\Local\Temp\h2fvphlp.dll
    C:\Users\RAB Office\AppData\Local\Temp\isqkfkq0.dll
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\RAB Office\AppData\Local\Temp\k2l_fnvx.dll
    C:\Users\RAB Office\AppData\Local\Temp\k6ka77z8.dll
    C:\Users\RAB Office\AppData\Local\Temp\klauu4_f.dll
    C:\Users\RAB Office\AppData\Local\Temp\lsu1nzcr.dll
    C:\Users\RAB Office\AppData\Local\Temp\m56dpjwy.dll
    C:\Users\RAB Office\AppData\Local\Temp\nsb8936.exe
    C:\Users\RAB Office\AppData\Local\Temp\nsl85CB.exe
    C:\Users\RAB Office\AppData\Local\Temp\nslA763.exe
    C:\Users\RAB Office\AppData\Local\Temp\nssBB6E.exe
    C:\Users\RAB Office\AppData\Local\Temp\nsvAA9E.exe
    C:\Users\RAB Office\AppData\Local\Temp\ocw5hehz.dll
    C:\Users\RAB Office\AppData\Local\Temp\OfficeSetup.exe
    C:\Users\RAB Office\AppData\Local\Temp\qok1llgl.dll
    C:\Users\RAB Office\AppData\Local\Temp\qxzz_pgm.dll
    C:\Users\RAB Office\AppData\Local\Temp\rrxe53od.dll
    C:\Users\RAB Office\AppData\Local\Temp\sdjxo7xl.dll
    C:\Users\RAB Office\AppData\Local\Temp\Setup.exe
    C:\Users\RAB Office\AppData\Local\Temp\tlhny25o.dll
    C:\Users\RAB Office\AppData\Local\Temp\tmp5C15.exe
    C:\Users\RAB Office\AppData\Local\Temp\w19k9y0e.dll
    C:\Users\RAB Office\AppData\Local\Temp\w6ju6dxc.dll
    C:\Users\RAB Office\AppData\Local\Temp\xedkpqry.dll
    C:\Users\RAB Office\AppData\Local\Temp\zm8_e-cf.dll
    FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION
    Hosts:
    EmptyTemp:
    End
    *****************

    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
    "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
    "HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
    "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{493C3539-470D-418F-B38F-3AF736CB70EB}" => Key deleted successfully.
    "HKCR\CLSID\{493C3539-470D-418F-B38F-3AF736CB70EB}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C51434D8-8DFF-481C-9C62-204368E109D1}" => Key deleted successfully.
    "HKCR\CLSID\{C51434D8-8DFF-481C-9C62-204368E109D1}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
    "HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key not found.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    CHR DefaultSearchProvider: Default -> Astromenda ==> The Chrome "Settings" can be used to fix the entry.
    Chrome DefaultSearchURL deleted successfully.
    C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
    C:\Users\RAB Office\Documents\Optimizer Pro => Moved successfully.
    C:\Program Files (x86)\Astromenda => Moved successfully.
    C:\Users\RAB Office\AppData\Roaming\Astromenda => Moved successfully.
    C:\Users\Gayle.RABOffice-PC\AppData\Local\Temp\{0565F6E5-065B-4AD5-B46D-17C5E7B624E2}-27.0.1453.93_26.0.1410.64_chrome_updater.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\1mw2mtm2.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\1ruqnvha.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\4fgjnhe4.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\83wrnnzh.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\adobe_flash.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\c0dzxjin.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\cfyvjy0k.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\COMAP.EXE => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\dqyjvzhw.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\h2fvphlp.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\isqkfkq0.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\k2l_fnvx.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\k6ka77z8.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\klauu4_f.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\lsu1nzcr.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\m56dpjwy.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\nsb8936.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\nsl85CB.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\nslA763.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\nssBB6E.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\nsvAA9E.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\ocw5hehz.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\qok1llgl.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\qxzz_pgm.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\rrxe53od.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\sdjxo7xl.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\Setup.exe => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\tlhny25o.dll => Moved successfully.
    "C:\Users\RAB Office\AppData\Local\Temp\tmp5C15.exe" => File/Directory not found.
    C:\Users\RAB Office\AppData\Local\Temp\w19k9y0e.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\w6ju6dxc.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\xedkpqry.dll => Moved successfully.
    C:\Users\RAB Office\AppData\Local\Temp\zm8_e-cf.dll => Moved successfully.
    FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION => Error: No automatic fix found for this entry.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 6.7 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

    # AdwCleaner v3.309 - Report created 03/09/2014 at 20:27:16
    # Updated 02/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : RAB Office - RABOFFICE-PC
    # Running from : C:\Users\RAB Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WA356GEC\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\RAB Office\Favorites\Search
    Folder Deleted : C:\ProgramData\374311380
    Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
    Folder Deleted : C:\Users\RAB Office\Documents\iMesh
    Folder Deleted : C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae

    ***** [ Scheduled Tasks ] *****

    Task Deleted : Optimizer Pro Schedule

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\SweetIM
    Key Deleted : HKCU\Software\WSE_Astromenda
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\SweetIM
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Google Chrome v37.0.2062.103

    [ File : C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae

    [ File : C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=58&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&q={searchTerms}&SSPV=
    Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
    Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae

    *************************

    AdwCleaner[R0].txt - [4378 octets] - [03/09/2014 20:25:14]
    AdwCleaner[S0].txt - [3990 octets] - [03/09/2014 20:27:16]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4050 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by RAB Office on Wed 09/03/2014 at 20:36:50.22
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 09/03/2014 at 20:42:12.77
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Bigalo

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    That took out quite a bit.

    Let's check and see if that extension is still present.

    Follow the steps outlined in the link below, check and see if Astromenda is listed follow the instructions then remove
    https://support.google.com/chrome/answer/113907?hl=en


    **********************

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes


    ***************************************

    How's your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default

    My computer appear to be running pretty good, and I haven't noticed any astromenda popups. the log reflects three items that were detected, which were as follows:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/4/2014
    Scan Time: 8:18:38 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.04.03
    Rootkit Database: v2014.08.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: RAB Office

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 373081
    Time Elapsed: 9 min, 20 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, , [049f6881df9c9c9a9387ab46a55d9b65],

    Registry Values: 1
    PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, , [049f6881df9c9c9a9387ab46a55d9b65]

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.Astromenda, C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, , [4c573dac6a1145f18a4a8a62758dbd43],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    Bigalo

  6. #6
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default

    Also, do I need to act on the threats in the log?
    Bigalo

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Registry Keys: 1
    PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, , [049f6881df9c9c9a9387ab46a55d9b65],

    Registry Values: 1
    PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, , [049f6881df9c9c9a9387ab46a55d9b65]

    These 2 I'm getting mixed suggestions what to do
    Is it something you downloaded?

    http://www.herdprotect.com/termtutor...0c0e4b335.aspx
    http://www.shouldiremoveit.com/term-...2-program.aspx

    Read over those topics and I'll have to leave that up to you. Maybe it can be downloaded again if needed?, but, if you run these scans again I'm sure it will show up.

    Folders: 1
    PUP.Optional.Astromenda, C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, , [4c573dac6a1145f18a4a8a62758dbd43],

    Definitely, run the scan again and allow it to completely quarantine and delete this folder.

    This next scan should be the last one we need to do.

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.


    *************************************
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/4/2014
    Scan Time: 7:24:52 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.04.11
    Rootkit Database: v2014.08.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: RAB Office

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 373643
    Time Elapsed: 7 min, 50 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, , [f1bac128a9d2e551bb99d71bdd2509f7],

    Registry Values: 1
    PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, , [f1bac128a9d2e551bb99d71bdd2509f7]

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.Astromenda, C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, , [03a821c8d5a660d6c4b46f7ee51dcf31],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
    C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
    C:\Windows\Installer\115b7b.msi a variant of Win32/HiddenStart.A potentially unsafe application
    Bigalo

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
    This is in quarantine, we'll remove it when we close out.

    C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
    This is a Dell computer application, if your computer is a Dell, leave it alone.





    Did you allow MBAM to remove this?
    Folders: 1
    PUP.Optional.Astromenda, C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, , [03a821c8d5a660d6c4b46f7ee51dcf31],
    Let's check for a malicious extension in Google Chrome

    Click on Chrome’s main menu button, represented by three horizontal lines. When the drop-down menu appears, select the option labeled Settings.

    Chrome’s Settings should now be displayed in a new tab or window, depending on your configuration. Next, scroll to the bottom of the page and click on the Show advanced settings link.

    Chrome’s advanced Settings should now be displayed. Scroll down until the Reset browser settings section is visible.
    Next, click on the Reset browser settings button.

    A confirmation dialog should now be displayed, detailing the components that will be restored to their default state should you continue on with the reset process. To complete the restoration process, click on the Reset button.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Member
    Join Date
    Oct 2005
    Posts
    92

    Default

    I've completed the steps that you outlined as it relates to Chrome in your most recent post. As to the three items below, I don't understand what, or if, you intend for me to do. As for your question relating to the PUP, I can't recall if I allowed the MBAM program to remove the folder. However, I got to believe that I followed all of your outlined instructions. Finally, I do have a Dell computer.
    Bigalo

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •