PDA

View Full Version : Astromenda has taken over II. Help!!!!



Bigalo
2014-09-03, 07:13
I have been receiving popups recently and couldn't understand why. after opening up google chrome, I noticed that Astromenda was showing up in a tab. After looking up Astromenda on the internet, I learned that it is a malware software, which I need to clean off of my system. About a week ago, I did a system restore, which I think that it restored my system back to 8/17/2014. I've submitted the requested logs below. Please help me rid the my system of the unwanted malware. Thanks!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by RAB Office (administrator) on RABOFFICE-PC on 02-09-2014 23:32:37
Running from C:\Users\RAB Office\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAA905.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Plantronics) C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Nikon Corporation) C:\Program Files (x86)\Nikon\NkView5\NkvMon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [78336 2013-02-13] (Plantronics)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [76872 2012-03-27] (cyberlink)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {4fa5e575-59e2-11e3-a479-844bf55a5328} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {d35b07a3-860a-11e3-8b1b-844bf55a5328} - E:\setup.exe -a
HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {de4f57e1-ea6a-11e1-8d0c-844bf55a5328} - E:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NkvMon.exe.lnk
ShortcutTarget: NkvMon.exe.lnk -> C:\Program Files (x86)\Nikon\NkView5\NkvMon.exe (Nikon Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/channel/START
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=58&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
SearchScopes: HKCU - {493C3539-470D-418F-B38F-3AF736CB70EB} URL =
SearchScopes: HKCU - {C51434D8-8DFF-481C-9C62-204368E109D1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0FtCyC0EyDzztGyByE0CtCtGyCtAzztDtGzytAzzyBtGtAtByD0C0F0AyD0EyCyB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=935455904&ir=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-09-24]

Chrome:
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=", "hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=55&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&SSPV="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchProvider: Default -> Astromenda
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (Google Wallet) - C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0273541409705604mcinstcleanup; C:\Windows\TEMP\027354~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [242448 2012-03-27] (CyberLink)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-08-02] (Dell Products, LP.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2013-02-13] (CSR/PLT)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
U3 mfencbdc01; No ImagePath
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-11-13] ()
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-08-30] (Windows (R) Win 7 DDK provider)
S1 ttnfd; system32\drivers\ttnfd.sys [X]
S3 __FOX__UNI_DRIVER__; \??\C:\Users\RABOFF~1\AppData\Local\Temp\FoxG1Driver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 23:32 - 2014-09-02 23:33 - 00028460 _____ () C:\Users\RAB Office\Desktop\FRST.txt
2014-09-02 23:32 - 2014-09-02 23:32 - 00000000 ____D () C:\FRST
2014-09-02 23:23 - 2014-09-02 23:23 - 04057608 _____ () C:\Users\RAB Office\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-02 23:18 - 2014-09-02 23:18 - 02104832 _____ (Farbar) C:\Users\RAB Office\Desktop\FRST64.exe
2014-09-02 22:00 - 2014-09-02 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-02 20:29 - 2014-09-02 20:32 - 00003264 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:32 - 00000946 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-09-02 20:29 - 2014-09-02 20:32 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-09-02 18:35 - 2014-09-02 18:35 - 00000000 ___RD () C:\Users\RAB Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-02 10:45 - 2014-09-02 10:45 - 00000000 ___RD () C:\Users\Gayle.RABOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-30 11:34 - 2014-08-30 11:34 - 00016640 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-08-28 09:31 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:31 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:31 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 11:04 - 2014-08-25 11:04 - 00016918 _____ () C:\Users\Gayle.RABOffice-PC\Documents\biggs-dance.xlsx
2014-08-24 12:30 - 2014-08-24 12:30 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Adobe
2014-08-22 21:12 - 2014-08-22 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Google
2014-08-20 14:05 - 2014-08-20 14:05 - 00024306 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (6).html
2014-08-20 10:35 - 2014-08-20 10:35 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (5).html
2014-08-20 10:32 - 2014-08-20 10:32 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (4).html
2014-08-17 21:19 - 2014-08-17 21:19 - 00000000 ____D () C:\ProgramData\374311380
2014-08-17 21:17 - 2014-08-17 21:17 - 00003272 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-08-17 21:17 - 2014-08-17 21:17 - 00000000 ____D () C:\Users\RAB Office\Documents\Optimizer Pro
2014-08-17 21:12 - 2014-08-19 23:36 - 00000264 _____ () C:\Users\RAB Office\Desktop\Cut the Rope.url
2014-08-17 21:12 - 2014-08-17 21:16 - 00000000 ____D () C:\Program Files (x86)\Astromenda
2014-08-17 21:12 - 2014-08-17 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Astromenda
2014-08-15 20:27 - 2014-08-15 20:34 - 00000000 ____D () C:\Users\RAB Office\Desktop\Speechwise
2014-08-14 19:50 - 2014-09-02 20:09 - 00026306 _____ () C:\Users\RAB Office\Documents\TSP Tracking - 2014.xlsx
2014-08-14 19:49 - 2014-09-02 20:09 - 00028000 _____ () C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - 2014.xlsx
2014-08-13 21:52 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 21:52 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 21:52 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 21:52 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 21:52 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 21:52 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:51 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 21:51 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 07:55 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 07:55 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 07:55 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 07:55 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 07:55 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 07:55 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 07:55 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 07:55 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 07:55 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 07:55 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 07:55 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 07:55 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 07:55 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 07:55 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 07:55 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 07:55 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 07:55 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 07:55 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 07:55 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 07:55 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 07:55 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 07:55 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 07:55 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 07:55 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 07:55 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 07:55 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 07:55 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 07:55 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 07:55 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 07:55 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 07:55 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 07:55 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 07:55 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 07:55 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 07:55 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 07:55 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 07:55 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 07:55 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 07:55 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 07:55 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 07:55 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 07:55 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 07:55 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 07:55 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 07:55 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 07:55 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 07:55 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 07:55 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 07:55 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 07:55 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 07:55 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 07:55 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 07:55 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 07:55 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 07:55 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 07:55 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 07:55 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 07:55 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 07:55 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 07:55 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 07:55 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 07:55 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 07:55 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 07:55 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 07:55 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 07:55 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 07:55 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 07:55 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 07:55 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 07:55 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 07:54 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 07:54 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 07:54 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 07:54 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-10 17:06 - 2014-08-10 17:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iPod
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-09 00:15 - 2014-08-09 00:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-08 23:14 - 2014-08-08 23:14 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC\Desktop\Meat
2014-08-08 23:07 - 2014-08-08 23:08 - 00000000 ____D () C:\Users\RAB Office\Desktop\Meat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 23:33 - 2014-09-02 23:32 - 00028460 _____ () C:\Users\RAB Office\Desktop\FRST.txt
2014-09-02 23:32 - 2014-09-02 23:32 - 00000000 ____D () C:\FRST
2014-09-02 23:26 - 2012-08-14 04:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 23:23 - 2014-09-02 23:23 - 04057608 _____ () C:\Users\RAB Office\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-02 23:23 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 23:23 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 23:18 - 2014-09-02 23:18 - 02104832 _____ (Farbar) C:\Users\RAB Office\Desktop\FRST64.exe
2014-09-02 22:37 - 2012-11-16 22:20 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 22:00 - 2014-09-02 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-02 22:00 - 2012-09-24 22:48 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-09-02 21:37 - 2012-08-14 04:09 - 01242663 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 20:53 - 2012-09-24 22:48 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-09-02 20:32 - 2014-09-02 20:29 - 00003264 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-09-02 20:32 - 2014-09-02 20:29 - 00000946 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-09-02 20:32 - 2014-09-02 20:29 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-09-02 20:28 - 2012-08-20 12:40 - 00000000 ____D () C:\Users\RAB Office\Documents\Outlook Files
2014-09-02 20:09 - 2014-08-14 19:50 - 00026306 _____ () C:\Users\RAB Office\Documents\TSP Tracking - 2014.xlsx
2014-09-02 20:09 - 2014-08-14 19:49 - 00028000 _____ () C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - 2014.xlsx
2014-09-02 20:08 - 2013-10-07 19:47 - 00005008 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-RAB Office RABOffice-PC
2014-09-02 18:45 - 2013-05-24 14:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-09-02 18:37 - 2012-11-16 22:20 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 18:36 - 2013-10-09 17:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-02 18:35 - 2014-09-02 18:35 - 00000000 ___RD () C:\Users\RAB Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-02 18:35 - 2012-08-14 04:42 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-02 18:35 - 2012-08-14 04:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-02 18:35 - 2012-08-14 04:29 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-02 18:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 18:34 - 2009-07-14 00:51 - 00359045 _____ () C:\Windows\setupact.log
2014-09-02 10:45 - 2014-09-02 10:45 - 00000000 ___RD () C:\Users\Gayle.RABOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-01 20:59 - 2012-08-16 18:50 - 00000000 ____D () C:\Users\RAB Office\Documents\Personal
2014-08-30 23:34 - 2012-08-20 13:43 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\CrashDumps
2014-08-30 11:34 - 2014-08-30 11:34 - 00016640 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-08-29 20:39 - 2013-04-15 19:07 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-28 17:42 - 2009-07-14 00:45 - 00435384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 09:24 - 2010-11-20 23:47 - 00389700 _____ () C:\Windows\PFRO.log
2014-08-27 18:52 - 2013-10-06 21:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-25 11:04 - 2014-08-25 11:04 - 00016918 _____ () C:\Users\Gayle.RABOffice-PC\Documents\biggs-dance.xlsx
2014-08-24 20:31 - 2012-08-20 17:25 - 00000000 ____D () C:\Users\RAB Office\Desktop\OPT OUT
2014-08-24 12:30 - 2014-08-24 12:30 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Adobe
2014-08-23 19:40 - 2012-08-19 23:24 - 00000000 ____D () C:\Users\RAB Office\Documents\Bluetooth Folder
2014-08-23 16:26 - 2012-08-14 04:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-23 14:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-23 14:06 - 2012-08-14 04:11 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-23 14:06 - 2012-08-14 04:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-22 22:07 - 2014-08-28 09:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:52 - 2012-11-16 22:20 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Google
2014-08-22 21:45 - 2014-08-28 09:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 21:38 - 2012-08-20 00:52 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\HpUpdate
2014-08-22 21:32 - 2012-08-19 23:15 - 00000000 ____D () C:\Users\RAB Office
2014-08-22 21:31 - 2012-09-24 19:43 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC
2014-08-22 21:31 - 2012-08-14 04:10 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-22 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-22 21:29 - 2012-08-20 12:00 - 00000000 __RHD () C:\MSOCache
2014-08-22 21:12 - 2014-08-22 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Google
2014-08-22 20:59 - 2014-08-28 09:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:05 - 2014-08-20 14:05 - 00024306 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (6).html
2014-08-20 10:35 - 2014-08-20 10:35 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (5).html
2014-08-20 10:32 - 2014-08-20 10:32 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (4).html
2014-08-19 23:36 - 2014-08-17 21:12 - 00000264 _____ () C:\Users\RAB Office\Desktop\Cut the Rope.url
2014-08-17 21:19 - 2014-08-17 21:19 - 00000000 ____D () C:\ProgramData\374311380
2014-08-17 21:17 - 2014-08-17 21:17 - 00003272 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-08-17 21:17 - 2014-08-17 21:17 - 00000000 ____D () C:\Users\RAB Office\Documents\Optimizer Pro
2014-08-17 21:16 - 2014-08-17 21:12 - 00000000 ____D () C:\Program Files (x86)\Astromenda
2014-08-17 21:12 - 2014-08-17 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Astromenda
2014-08-17 14:43 - 2014-05-13 22:24 - 00004990 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-Gayle RABOffice-PC
2014-08-15 20:34 - 2014-08-15 20:27 - 00000000 ____D () C:\Users\RAB Office\Desktop\Speechwise
2014-08-15 14:38 - 2014-03-27 20:28 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-15 14:38 - 2014-03-27 20:28 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-15 14:38 - 2014-03-27 20:28 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-15 14:38 - 2014-03-27 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-14 23:26 - 2012-11-13 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-14 17:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 11:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 21:58 - 2013-08-13 21:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 21:55 - 2012-08-20 13:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 21:51 - 2014-04-28 18:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-10 17:06 - 2014-08-10 17:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iPod
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-09 00:16 - 2013-10-19 20:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-09 00:15 - 2014-08-09 00:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-08 23:14 - 2014-08-08 23:14 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC\Desktop\Meat
2014-08-08 23:13 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 23:08 - 2014-08-08 23:07 - 00000000 ____D () C:\Users\RAB Office\Desktop\Meat
2014-08-06 22:06 - 2014-08-13 07:54 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-13 07:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 14:21 - 2012-09-24 19:35 - 00109568 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Revised Monthly Employmenet Utilization Report 1-10-05(1)(ROGERS BRIDGE COMPANY).xls
2014-08-05 16:48 - 2014-07-09 15:57 - 00098304 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Copy of FHWA-1391Form.xls
2014-08-05 16:44 - 2013-11-21 11:00 - 00047584 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Copy of FHWA-1391Form.xlsx

Some content of TEMP:
====================
C:\Users\Gayle.RABOffice-PC\AppData\Local\Temp\{0565F6E5-065B-4AD5-B46D-17C5E7B624E2}-27.0.1453.93_26.0.1410.64_chrome_updater.exe
C:\Users\RAB Office\AppData\Local\Temp\1mw2mtm2.dll
C:\Users\RAB Office\AppData\Local\Temp\1ruqnvha.dll
C:\Users\RAB Office\AppData\Local\Temp\4fgjnhe4.dll
C:\Users\RAB Office\AppData\Local\Temp\83wrnnzh.dll
C:\Users\RAB Office\AppData\Local\Temp\adobe_flash.exe
C:\Users\RAB Office\AppData\Local\Temp\c0dzxjin.dll
C:\Users\RAB Office\AppData\Local\Temp\cfyvjy0k.dll
C:\Users\RAB Office\AppData\Local\Temp\COMAP.EXE
C:\Users\RAB Office\AppData\Local\Temp\dqyjvzhw.dll
C:\Users\RAB Office\AppData\Local\Temp\h2fvphlp.dll
C:\Users\RAB Office\AppData\Local\Temp\isqkfkq0.dll
C:\Users\RAB Office\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\k2l_fnvx.dll
C:\Users\RAB Office\AppData\Local\Temp\k6ka77z8.dll
C:\Users\RAB Office\AppData\Local\Temp\klauu4_f.dll
C:\Users\RAB Office\AppData\Local\Temp\lsu1nzcr.dll
C:\Users\RAB Office\AppData\Local\Temp\m56dpjwy.dll
C:\Users\RAB Office\AppData\Local\Temp\nsb8936.exe
C:\Users\RAB Office\AppData\Local\Temp\nsl85CB.exe
C:\Users\RAB Office\AppData\Local\Temp\nslA763.exe
C:\Users\RAB Office\AppData\Local\Temp\nssBB6E.exe
C:\Users\RAB Office\AppData\Local\Temp\nsvAA9E.exe
C:\Users\RAB Office\AppData\Local\Temp\ocw5hehz.dll
C:\Users\RAB Office\AppData\Local\Temp\OfficeSetup.exe
C:\Users\RAB Office\AppData\Local\Temp\qok1llgl.dll
C:\Users\RAB Office\AppData\Local\Temp\qxzz_pgm.dll
C:\Users\RAB Office\AppData\Local\Temp\rrxe53od.dll
C:\Users\RAB Office\AppData\Local\Temp\sdjxo7xl.dll
C:\Users\RAB Office\AppData\Local\Temp\Setup.exe
C:\Users\RAB Office\AppData\Local\Temp\tlhny25o.dll
C:\Users\RAB Office\AppData\Local\Temp\tmp5C15.exe
C:\Users\RAB Office\AppData\Local\Temp\w19k9y0e.dll
C:\Users\RAB Office\AppData\Local\Temp\w6ju6dxc.dll
C:\Users\RAB Office\AppData\Local\Temp\xedkpqry.dll
C:\Users\RAB Office\AppData\Local\Temp\zm8_e-cf.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 19:18

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
Ran by RAB Office at 2014-09-02 23:33:21
Running from C:\Users\RAB Office\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11025 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation)
ArcSoft Software Suite (HKLM-x32\...\ArcSoft Software Suite) (Version: - )
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
Chessmaster Grandmaster Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.5127 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
Dell Digital Delivery (HKLM-x32\...\{F5E43D09-96AF-4CA0-85AE-9134E7FFA7FC}) (Version: 2.2.3000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.368 - Ancestry.com) Hidden
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: 5.0.12200.630 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Unified IO (Version: 1.0.1.94 - HP) Hidden
HP Unified IO (Version: 2.0.0.404 - HP) Hidden
HP Unified IO (x32 Version: 1.0.1.94 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM351M451DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard)
hppM351_M451LaserJetService (x32 Version: 005.021.00132 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (HKLM\...\{88387B3B-B110-392F-B919-1A15B48F21D4}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (HKLM-x32\...\{370187B9-6964-38D0-851F-6C4898B0C2B1}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nikon View 5 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Plantronics MyHeadset Updater (x64) (HKLM\...\{11C2C550-7EB9-4E8D-B960-6DF230E73396}) (Version: 2.8.23209.0 - Plantronics, Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.4.6 - GridinSoft LLC)
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (08/15/2010 2.1.0.2) (HKLM\...\0799181C3332EF8BCBD444BC080F9CA0737F8279) (Version: 08/15/2010 2.1.0.2 - Cambridge Silicon Radio)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows SDK IntellisenseNFX (x32 Version: 7.1.30514 - Microsoft) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

14-08-2014 01:51:00 Windows Update
15-08-2014 03:25:41 Installed HP Update.
18-08-2014 01:54:16 Removed Bonjour
23-08-2014 01:26:45 Restore Operation
25-08-2014 23:30:21 Windows Modules Installer
28-08-2014 17:38:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B03C79C-FEB7-4301-9A5B-34B680725C15} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1E7EFB63-6EA7-4B41-9F0A-CB1A406C7B3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {26111EEA-DC8C-492E-AAC5-0FC95E4E32F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {27EE58C6-AD23-480B-A264-FF94BB10A4C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-23] (Adobe Systems Incorporated)
Task: {2D52AAEB-9EBD-49C5-8A74-0E912C19338D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-RAB Office RABOffice-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
Task: {7D86545D-07C8-44CB-A192-D59392076AD3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {882B0BC9-4920-4D6D-AD8E-4BCA919E542B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {8A0174ED-68F6-4A2A-887A-3EDD0DE77C0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {9BF7A557-A04A-48F7-8B04-D3380C99BFF8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-Gayle RABOffice-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
Task: {C0187C04-2305-4AF3-91CE-C817F6B41DC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {C1A7958B-5BC6-4A9A-A2C2-41E4E8DF0E67} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {CABAEA8F-5223-4ED4-AF03-C8DBF11D8B28} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe [2014-08-30] (GridinSoft LLC.)
Task: {F7BF6E96-F6D9-455C-9773-676D985082E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {F9E5704C-756D-43EF-A6F6-FCF75F1F8C75} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-19 20:58 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-27 18:51 - 2014-08-27 18:51 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-14 04:30 - 2012-01-26 22:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-08-20 15:58 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2012-08-20 15:58 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2011-10-25 22:29 - 2011-10-25 22:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-13 07:48 - 2013-02-13 07:48 - 00032768 _____ () C:\Program Files\Plantronics\MyHeadsetUpdater\NativeUsbLib.dll
2014-08-14 12:27 - 2014-08-14 12:27 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5744dbc804f3ddc8c5416a9de9e8c26d\IsdiInterop.ni.dll
2012-08-14 04:21 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-08-14 04:23 - 2012-01-21 07:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\2009 EEO Letter.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\DEKALB COUNTY-LOCATES.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\DRUG CERTIFICATION 2009.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\McKenzie -Medical & Pharmacy.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\2005 Annual Inventory Guidelines.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Alexandria's 1st Grade Report Card.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Blackberry Settings.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\CA-16.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Disqualification Letters.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Duty Agent roster 2009-2010.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Golf Tournament Quote.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Legal Service Agreement with Michael Beasley.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Motor Vehicle Utilization Report for August 2009.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\My Eval Bullets.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\PSN Photo 2006 Conference.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Redneck 911 Joke.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Sandisk Titanium 512 MB Quick Start Guide.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Staff Directory as of 11-16-2009.xls:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Sunny's Pricelist.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\The Great Black Vote.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\TSP Tracking - (Shell).xls:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - (Shell).xls:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Welcome_to_the_family.wmv:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: ttnfd
Description: ttnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ttnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 08:32:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2014 08:29:26 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2014 06:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 10:46:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 08:47:51 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005

Error: (09/02/2014 08:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcshield.exe, version: 1.1.3.169, time stamp: 0x53a17f3d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0xa6c
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3

Error: (09/02/2014 08:47:49 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005

Error: (09/02/2014 08:47:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 07:37:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 01:54:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (09/02/2014 08:53:07 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (09/02/2014 08:51:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (09/02/2014 08:32:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (09/02/2014 08:29:26 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (09/02/2014 06:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 10:46:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 08:47:51 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: c0000005

Error: (09/02/2014 08:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcshield.exe1.1.3.16953a17f3dntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4a6c01cfc6abce0e4b94C:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dll583ef223-329f-11e4-8395-844bf55a5328

Error: (09/02/2014 08:47:49 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: c0000005

Error: (09/02/2014 08:47:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 07:37:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 01:54:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 38%
Total physical RAM: 8152.96 MB
Available physical RAM: 5018.05 MB
Total Pagefile: 16304.11 MB
Available Pagefile: 13198.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:760.53 GB) NTFS
Drive d: (CLASS_OF_2020_2) (CDROM) (Total:1.88 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 039B70F2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-02 23:39:42
-----------------------------
23:39:42.537 OS Version: Windows x64 6.1.7601 Service Pack 1
23:39:42.537 Number of processors: 4 586 0x3A09
23:39:42.537 ComputerName: RABOFFICE-PC UserName: RAB Office
23:39:46.609 Initialize success
23:39:46.671 VM: initialized successfully
23:39:46.702 VM: Intel CPU supported
23:40:30.181 VM: supported disk I/O iaStor.sys
23:42:06.078 AVAST engine defs: 14090201
23:43:38.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:43:38.555 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
23:43:38.664 VM: Disk 0 MBR read successfully
23:43:38.680 Disk 0 MBR scan
23:43:38.695 Disk 0 Windows VISTA default MBR code
23:43:38.695 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
23:43:38.711 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12544 MB offset 81920
23:43:38.711 Disk 0 Boot: NTFS code=1
23:43:38.727 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941284 MB offset 25772032
23:43:38.758 Disk 0 scanning C:\Windows\system32\drivers
23:43:53.484 Service scanning
23:44:15.465 Modules scanning
23:44:15.465 Disk 0 trace - called modules:
23:44:15.480 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:44:15.480 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077bd060]
23:44:15.496 3 CLASSPNP.SYS[fffff88001d9543f] -> nt!IofCallDriver -> [0xfffffa8007166e40]
23:44:15.496 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007169050]
23:44:21.689 AVAST engine scan C:\Windows
23:44:24.762 AVAST engine scan C:\Windows\system32
23:49:29.920 AVAST engine scan C:\Windows\system32\drivers
23:49:48.796 AVAST engine scan C:\Users\RAB Office
23:51:29.541 Disk 0 MBR has been saved successfully to "C:\Users\RAB Office\Desktop\MBR.dat"
23:51:29.557 The log file has been saved successfully to "C:\Users\RAB Office\Desktop\aswMBR.txt"

Juliet
2014-09-03, 13:14
Check add/remove programs first, if there try to uninstall.
FileParade bundle uninstaller
astromenda
If you don't find one move to the next.

We need to reset your browsers. Please do this before continuing with the fix below.

Reset browsers


Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)

Firefox
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

Chrome
Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)

************************

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=58&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
SearchScopes: HKCU - {493C3539-470D-418F-B38F-3AF736CB70EB} URL =
SearchScopes: HKCU - {C51434D8-8DFF-481C-9C62-204368E109D1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0FtCyC0EyDzztGyByE0CtCtGyCtAzztDtGzytAzzyBtGtAtByD0C0F0AyD0EyCyB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=935455904&ir=
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=", "hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=55&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&SSPV="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchProvider: Default -> Astromenda
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
C:\Windows\System32\Tasks\Optimizer Pro Schedule
C:\Users\RAB Office\Documents\Optimizer Pro
C:\Program Files (x86)\Astromenda
C:\Users\RAB Office\AppData\Roaming\Astromenda
C:\Users\Gayle.RABOffice-PC\AppData\Local\Temp\{0565F6E5-065B-4AD5-B46D-17C5E7B624E2}-27.0.1453.93_26.0.1410.64_chrome_updater.exe
C:\Users\RAB Office\AppData\Local\Temp\1mw2mtm2.dll
C:\Users\RAB Office\AppData\Local\Temp\1ruqnvha.dll
C:\Users\RAB Office\AppData\Local\Temp\4fgjnhe4.dll
C:\Users\RAB Office\AppData\Local\Temp\83wrnnzh.dll
C:\Users\RAB Office\AppData\Local\Temp\adobe_flash.exe
C:\Users\RAB Office\AppData\Local\Temp\c0dzxjin.dll
C:\Users\RAB Office\AppData\Local\Temp\cfyvjy0k.dll
C:\Users\RAB Office\AppData\Local\Temp\COMAP.EXE
C:\Users\RAB Office\AppData\Local\Temp\dqyjvzhw.dll
C:\Users\RAB Office\AppData\Local\Temp\h2fvphlp.dll
C:\Users\RAB Office\AppData\Local\Temp\isqkfkq0.dll
C:\Users\RAB Office\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\k2l_fnvx.dll
C:\Users\RAB Office\AppData\Local\Temp\k6ka77z8.dll
C:\Users\RAB Office\AppData\Local\Temp\klauu4_f.dll
C:\Users\RAB Office\AppData\Local\Temp\lsu1nzcr.dll
C:\Users\RAB Office\AppData\Local\Temp\m56dpjwy.dll
C:\Users\RAB Office\AppData\Local\Temp\nsb8936.exe
C:\Users\RAB Office\AppData\Local\Temp\nsl85CB.exe
C:\Users\RAB Office\AppData\Local\Temp\nslA763.exe
C:\Users\RAB Office\AppData\Local\Temp\nssBB6E.exe
C:\Users\RAB Office\AppData\Local\Temp\nsvAA9E.exe
C:\Users\RAB Office\AppData\Local\Temp\ocw5hehz.dll
C:\Users\RAB Office\AppData\Local\Temp\OfficeSetup.exe
C:\Users\RAB Office\AppData\Local\Temp\qok1llgl.dll
C:\Users\RAB Office\AppData\Local\Temp\qxzz_pgm.dll
C:\Users\RAB Office\AppData\Local\Temp\rrxe53od.dll
C:\Users\RAB Office\AppData\Local\Temp\sdjxo7xl.dll
C:\Users\RAB Office\AppData\Local\Temp\Setup.exe
C:\Users\RAB Office\AppData\Local\Temp\tlhny25o.dll
C:\Users\RAB Office\AppData\Local\Temp\tmp5C15.exe
C:\Users\RAB Office\AppData\Local\Temp\w19k9y0e.dll
C:\Users\RAB Office\AppData\Local\Temp\w6ju6dxc.dll
C:\Users\RAB Office\AppData\Local\Temp\xedkpqry.dll
C:\Users\RAB Office\AppData\Local\Temp\zm8_e-cf.dll
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION
Hosts:
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

*******************

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.


Please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Bigalo
2014-09-04, 04:00
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014
Ran by RAB Office at 2014-09-03 19:58:40 Run:1
Running from C:\Users\RAB Office\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=58&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
SearchScopes: HKCU - {493C3539-470D-418F-B38F-3AF736CB70EB} URL =
SearchScopes: HKCU - {C51434D8-8DFF-481C-9C62-204368E109D1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0FtCyC0EyDzztGyByE0CtCtGyCtAzztDtGzytAzzyBtGtAtByD0C0F0AyD0EyCyB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=935455904&ir=
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=", "hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=55&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&SSPV="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchProvider: Default -> Astromenda
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
C:\Windows\System32\Tasks\Optimizer Pro Schedule
C:\Users\RAB Office\Documents\Optimizer Pro
C:\Program Files (x86)\Astromenda
C:\Users\RAB Office\AppData\Roaming\Astromenda
C:\Users\Gayle.RABOffice-PC\AppData\Local\Temp\{0565F6E5-065B-4AD5-B46D-17C5E7B624E2}-27.0.1453.93_26.0.1410.64_chrome_updater.exe
C:\Users\RAB Office\AppData\Local\Temp\1mw2mtm2.dll
C:\Users\RAB Office\AppData\Local\Temp\1ruqnvha.dll
C:\Users\RAB Office\AppData\Local\Temp\4fgjnhe4.dll
C:\Users\RAB Office\AppData\Local\Temp\83wrnnzh.dll
C:\Users\RAB Office\AppData\Local\Temp\adobe_flash.exe
C:\Users\RAB Office\AppData\Local\Temp\c0dzxjin.dll
C:\Users\RAB Office\AppData\Local\Temp\cfyvjy0k.dll
C:\Users\RAB Office\AppData\Local\Temp\COMAP.EXE
C:\Users\RAB Office\AppData\Local\Temp\dqyjvzhw.dll
C:\Users\RAB Office\AppData\Local\Temp\h2fvphlp.dll
C:\Users\RAB Office\AppData\Local\Temp\isqkfkq0.dll
C:\Users\RAB Office\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\k2l_fnvx.dll
C:\Users\RAB Office\AppData\Local\Temp\k6ka77z8.dll
C:\Users\RAB Office\AppData\Local\Temp\klauu4_f.dll
C:\Users\RAB Office\AppData\Local\Temp\lsu1nzcr.dll
C:\Users\RAB Office\AppData\Local\Temp\m56dpjwy.dll
C:\Users\RAB Office\AppData\Local\Temp\nsb8936.exe
C:\Users\RAB Office\AppData\Local\Temp\nsl85CB.exe
C:\Users\RAB Office\AppData\Local\Temp\nslA763.exe
C:\Users\RAB Office\AppData\Local\Temp\nssBB6E.exe
C:\Users\RAB Office\AppData\Local\Temp\nsvAA9E.exe
C:\Users\RAB Office\AppData\Local\Temp\ocw5hehz.dll
C:\Users\RAB Office\AppData\Local\Temp\OfficeSetup.exe
C:\Users\RAB Office\AppData\Local\Temp\qok1llgl.dll
C:\Users\RAB Office\AppData\Local\Temp\qxzz_pgm.dll
C:\Users\RAB Office\AppData\Local\Temp\rrxe53od.dll
C:\Users\RAB Office\AppData\Local\Temp\sdjxo7xl.dll
C:\Users\RAB Office\AppData\Local\Temp\Setup.exe
C:\Users\RAB Office\AppData\Local\Temp\tlhny25o.dll
C:\Users\RAB Office\AppData\Local\Temp\tmp5C15.exe
C:\Users\RAB Office\AppData\Local\Temp\w19k9y0e.dll
C:\Users\RAB Office\AppData\Local\Temp\w6ju6dxc.dll
C:\Users\RAB Office\AppData\Local\Temp\xedkpqry.dll
C:\Users\RAB Office\AppData\Local\Temp\zm8_e-cf.dll
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION
Hosts:
EmptyTemp:
End
*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{493C3539-470D-418F-B38F-3AF736CB70EB}" => Key deleted successfully.
"HKCR\CLSID\{493C3539-470D-418F-B38F-3AF736CB70EB}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C51434D8-8DFF-481C-9C62-204368E109D1}" => Key deleted successfully.
"HKCR\CLSID\{C51434D8-8DFF-481C-9C62-204368E109D1}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Astromenda ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
C:\Users\RAB Office\Documents\Optimizer Pro => Moved successfully.
C:\Program Files (x86)\Astromenda => Moved successfully.
C:\Users\RAB Office\AppData\Roaming\Astromenda => Moved successfully.
C:\Users\Gayle.RABOffice-PC\AppData\Local\Temp\{0565F6E5-065B-4AD5-B46D-17C5E7B624E2}-27.0.1453.93_26.0.1410.64_chrome_updater.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\1mw2mtm2.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\1ruqnvha.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\4fgjnhe4.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\83wrnnzh.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\adobe_flash.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\c0dzxjin.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\cfyvjy0k.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\dqyjvzhw.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\h2fvphlp.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\isqkfkq0.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\k2l_fnvx.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\k6ka77z8.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\klauu4_f.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\lsu1nzcr.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\m56dpjwy.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\nsb8936.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\nsl85CB.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\nslA763.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\nssBB6E.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\nsvAA9E.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\ocw5hehz.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\qok1llgl.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\qxzz_pgm.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\rrxe53od.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\sdjxo7xl.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\Setup.exe => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\tlhny25o.dll => Moved successfully.
"C:\Users\RAB Office\AppData\Local\Temp\tmp5C15.exe" => File/Directory not found.
C:\Users\RAB Office\AppData\Local\Temp\w19k9y0e.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\w6ju6dxc.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\xedkpqry.dll => Moved successfully.
C:\Users\RAB Office\AppData\Local\Temp\zm8_e-cf.dll => Moved successfully.
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 6.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

# AdwCleaner v3.309 - Report created 03/09/2014 at 20:27:16
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RAB Office - RABOFFICE-PC
# Running from : C:\Users\RAB Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WA356GEC\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\RAB Office\Favorites\Search
Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Users\RAB Office\Documents\iMesh
Folder Deleted : C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae

***** [ Scheduled Tasks ] *****

Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Google Chrome v37.0.2062.103

[ File : C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae

[ File : C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=58&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae

*************************

AdwCleaner[R0].txt - [4378 octets] - [03/09/2014 20:25:14]
AdwCleaner[S0].txt - [3990 octets] - [03/09/2014 20:27:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4050 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by RAB Office on Wed 09/03/2014 at 20:36:50.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/03/2014 at 20:42:12.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2014-09-04, 14:27
That took out quite a bit.

Let's check and see if that extension is still present.

Follow the steps outlined in the link below, check and see if Astromenda is listed follow the instructions then remove
https://support.google.com/chrome/answer/113907?hl=en


**********************

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


***************************************

How's your computer now?

Bigalo
2014-09-04, 15:35
My computer appear to be running pretty good, and I haven't noticed any astromenda popups. the log reflects three items that were detected, which were as follows:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/4/2014
Scan Time: 8:18:38 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.04.03
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RAB Office

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373081
Time Elapsed: 9 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, , [049f6881df9c9c9a9387ab46a55d9b65],

Registry Values: 1
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, , [049f6881df9c9c9a9387ab46a55d9b65]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Astromenda, C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, , [4c573dac6a1145f18a4a8a62758dbd43],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Bigalo
2014-09-04, 15:43
Also, do I need to act on the threats in the log?

Juliet
2014-09-04, 16:14
Registry Keys: 1
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, , [049f6881df9c9c9a9387ab46a55d9b65],

Registry Values: 1
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, , [049f6881df9c9c9a9387ab46a55d9b65]

These 2 I'm getting mixed suggestions what to do
Is it something you downloaded?

http://www.herdprotect.com/termtutor-setup-1.9.0.6.exe-309147a6dcbeb359af5213d277880340c0e4b335.aspx
http://www.shouldiremoveit.com/term-tutor-127262-program.aspx

Read over those topics and I'll have to leave that up to you. Maybe it can be downloaded again if needed?, but, if you run these scans again I'm sure it will show up.

Folders: 1
PUP.Optional.Astromenda, C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, , [4c573dac6a1145f18a4a8a62758dbd43],

Definitely, run the scan again and allow it to completely quarantine and delete this folder.

This next scan should be the last one we need to do.

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


*************************************

Bigalo
2014-09-05, 05:58
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/4/2014
Scan Time: 7:24:52 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.04.11
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RAB Office

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373643
Time Elapsed: 7 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, , [f1bac128a9d2e551bb99d71bdd2509f7],

Registry Values: 1
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, , [f1bac128a9d2e551bb99d71bdd2509f7]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Astromenda, C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, , [03a821c8d5a660d6c4b46f7ee51dcf31],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows\Installer\115b7b.msi a variant of Win32/HiddenStart.A potentially unsafe application

Juliet
2014-09-05, 13:10
C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
This is in quarantine, we'll remove it when we close out.

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
This is a Dell computer application, if your computer is a Dell, leave it alone.





Did you allow MBAM to remove this?

Folders: 1
PUP.Optional.Astromenda, C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, , [03a821c8d5a660d6c4b46f7ee51dcf31],

Let's check for a malicious extension in Google Chrome

Click on Chrome’s main menu button, represented by three horizontal lines. When the drop-down menu appears, select the option labeled Settings.

Chrome’s Settings should now be displayed in a new tab or window, depending on your configuration. Next, scroll to the bottom of the page and click on the Show advanced settings link.

Chrome’s advanced Settings should now be displayed. Scroll down until the Reset browser settings section is visible.
Next, click on the Reset browser settings button.

A confirmation dialog should now be displayed, detailing the components that will be restored to their default state should you continue on with the reset process. To complete the restoration process, click on the Reset button.

Bigalo
2014-09-05, 15:53
I've completed the steps that you outlined as it relates to Chrome in your most recent post. As to the three items below, I don't understand what, or if, you intend for me to do. As for your question relating to the PUP, I can't recall if I allowed the MBAM program to remove the folder. However, I got to believe that I followed all of your outlined instructions. Finally, I do have a Dell computer.

Juliet
2014-09-05, 20:48
Everything actually looks good. I didn't mean to make anything confusing, only trying to help :)

I'm not going to ask you delete
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe --> this is a program tool installed on Dell computers to prompt people into doing backups of their systems.
http://dslbchecker.datasafelocalbackup.com/dslchecker-en.html

What is DataSafe Local Backup?

Dell DataSafe Local Backup is a safe, simple and reliable backup and recovery solution that can protect your system (OS, applications, drivers, settings) and data (music, photos, videos, documents and other important files) from data loss.

Backing up your data with Dell DataSafe Local Backup can protect against data loss resulting from:
Virus attack
OS/Software Corruption
Accidental file deletion
Hardware failure
(if data is backed-up to a secondary hard drive)

*******************************************

If you should run another scan with MBAM, and this is found
PUP.Optional.Astromenda, C:\Users\Gayle.RABOffice-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae

please allow it to quarantine the folder/files.

I think we're ready to remove tools and other items needed to clean your computer.

Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg

Click Run




Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.


************************

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.


Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop



~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)


WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))


Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)


Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.



It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by visiting Secunia Software Inspector (http://secunia.com/software_inspector) or you can use the following application for this purpose PatchMyPC (http://www.patchmypc.net/)

Bigalo
2014-09-06, 04:28
I ran the MBAM program and the file had been removed during the previous scan. I also took your advise on some of the other suggestions. I didn't mean to give you the impression that I was confused by your previous post. I wasn't. I simply wanted to make sure that I followed the instructions correctly. Please know that I truly appreciate your assistance in correcting my issues. Thanks again!

Juliet
2014-09-06, 15:01
I ran the MBAM program and the file had been removed during the previous scan. I also took your advise on some of the other suggestions. I didn't mean to give you the impression that I was confused by your previous post. I wasn't. I simply wanted to make sure that I followed the instructions correctly. Please know that I truly appreciate your assistance in correcting my issues. Thanks again!

When communications are through typed words it's easy to misunderstand exactly what a person is trying to say but, we made it!

You should be in good shape now also ......I was glad to help.

Bigalo
2014-09-08, 07:51
Thanks again and take care!

Juliet
2014-09-08, 12:26
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.