Bigalo
2014-09-03, 07:13
I have been receiving popups recently and couldn't understand why. after opening up google chrome, I noticed that Astromenda was showing up in a tab. After looking up Astromenda on the internet, I learned that it is a malware software, which I need to clean off of my system. About a week ago, I did a system restore, which I think that it restored my system back to 8/17/2014. I've submitted the requested logs below. Please help me rid the my system of the unwanted malware. Thanks!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by RAB Office (administrator) on RABOFFICE-PC on 02-09-2014 23:32:37
Running from C:\Users\RAB Office\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAA905.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Plantronics) C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Nikon Corporation) C:\Program Files (x86)\Nikon\NkView5\NkvMon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [78336 2013-02-13] (Plantronics)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [76872 2012-03-27] (cyberlink)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {4fa5e575-59e2-11e3-a479-844bf55a5328} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {d35b07a3-860a-11e3-8b1b-844bf55a5328} - E:\setup.exe -a
HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {de4f57e1-ea6a-11e1-8d0c-844bf55a5328} - E:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NkvMon.exe.lnk
ShortcutTarget: NkvMon.exe.lnk -> C:\Program Files (x86)\Nikon\NkView5\NkvMon.exe (Nikon Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/channel/START
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=58&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
SearchScopes: HKCU - {493C3539-470D-418F-B38F-3AF736CB70EB} URL =
SearchScopes: HKCU - {C51434D8-8DFF-481C-9C62-204368E109D1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0FtCyC0EyDzztGyByE0CtCtGyCtAzztDtGzytAzzyBtGtAtByD0C0F0AyD0EyCyB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=935455904&ir=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-09-24]
Chrome:
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=", "hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=55&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&SSPV="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchProvider: Default -> Astromenda
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (Google Wallet) - C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0273541409705604mcinstcleanup; C:\Windows\TEMP\027354~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [242448 2012-03-27] (CyberLink)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-08-02] (Dell Products, LP.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2013-02-13] (CSR/PLT)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
U3 mfencbdc01; No ImagePath
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-11-13] ()
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-08-30] (Windows (R) Win 7 DDK provider)
S1 ttnfd; system32\drivers\ttnfd.sys [X]
S3 __FOX__UNI_DRIVER__; \??\C:\Users\RABOFF~1\AppData\Local\Temp\FoxG1Driver.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 23:32 - 2014-09-02 23:33 - 00028460 _____ () C:\Users\RAB Office\Desktop\FRST.txt
2014-09-02 23:32 - 2014-09-02 23:32 - 00000000 ____D () C:\FRST
2014-09-02 23:23 - 2014-09-02 23:23 - 04057608 _____ () C:\Users\RAB Office\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-02 23:18 - 2014-09-02 23:18 - 02104832 _____ (Farbar) C:\Users\RAB Office\Desktop\FRST64.exe
2014-09-02 22:00 - 2014-09-02 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-02 20:29 - 2014-09-02 20:32 - 00003264 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:32 - 00000946 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-09-02 20:29 - 2014-09-02 20:32 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-09-02 18:35 - 2014-09-02 18:35 - 00000000 ___RD () C:\Users\RAB Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-02 10:45 - 2014-09-02 10:45 - 00000000 ___RD () C:\Users\Gayle.RABOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-30 11:34 - 2014-08-30 11:34 - 00016640 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-08-28 09:31 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:31 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:31 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 11:04 - 2014-08-25 11:04 - 00016918 _____ () C:\Users\Gayle.RABOffice-PC\Documents\biggs-dance.xlsx
2014-08-24 12:30 - 2014-08-24 12:30 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Adobe
2014-08-22 21:12 - 2014-08-22 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Google
2014-08-20 14:05 - 2014-08-20 14:05 - 00024306 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (6).html
2014-08-20 10:35 - 2014-08-20 10:35 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (5).html
2014-08-20 10:32 - 2014-08-20 10:32 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (4).html
2014-08-17 21:19 - 2014-08-17 21:19 - 00000000 ____D () C:\ProgramData\374311380
2014-08-17 21:17 - 2014-08-17 21:17 - 00003272 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-08-17 21:17 - 2014-08-17 21:17 - 00000000 ____D () C:\Users\RAB Office\Documents\Optimizer Pro
2014-08-17 21:12 - 2014-08-19 23:36 - 00000264 _____ () C:\Users\RAB Office\Desktop\Cut the Rope.url
2014-08-17 21:12 - 2014-08-17 21:16 - 00000000 ____D () C:\Program Files (x86)\Astromenda
2014-08-17 21:12 - 2014-08-17 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Astromenda
2014-08-15 20:27 - 2014-08-15 20:34 - 00000000 ____D () C:\Users\RAB Office\Desktop\Speechwise
2014-08-14 19:50 - 2014-09-02 20:09 - 00026306 _____ () C:\Users\RAB Office\Documents\TSP Tracking - 2014.xlsx
2014-08-14 19:49 - 2014-09-02 20:09 - 00028000 _____ () C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - 2014.xlsx
2014-08-13 21:52 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 21:52 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 21:52 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 21:52 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 21:52 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 21:52 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:51 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 21:51 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 07:55 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 07:55 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 07:55 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 07:55 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 07:55 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 07:55 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 07:55 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 07:55 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 07:55 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 07:55 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 07:55 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 07:55 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 07:55 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 07:55 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 07:55 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 07:55 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 07:55 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 07:55 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 07:55 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 07:55 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 07:55 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 07:55 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 07:55 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 07:55 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 07:55 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 07:55 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 07:55 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 07:55 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 07:55 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 07:55 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 07:55 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 07:55 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 07:55 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 07:55 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 07:55 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 07:55 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 07:55 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 07:55 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 07:55 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 07:55 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 07:55 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 07:55 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 07:55 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 07:55 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 07:55 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 07:55 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 07:55 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 07:55 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 07:55 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 07:55 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 07:55 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 07:55 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 07:55 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 07:55 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 07:55 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 07:55 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 07:55 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 07:55 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 07:55 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 07:55 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 07:55 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 07:55 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 07:55 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 07:55 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 07:55 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 07:55 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 07:55 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 07:55 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 07:55 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 07:55 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 07:54 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 07:54 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 07:54 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 07:54 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-10 17:06 - 2014-08-10 17:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iPod
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-09 00:15 - 2014-08-09 00:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-08 23:14 - 2014-08-08 23:14 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC\Desktop\Meat
2014-08-08 23:07 - 2014-08-08 23:08 - 00000000 ____D () C:\Users\RAB Office\Desktop\Meat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 23:33 - 2014-09-02 23:32 - 00028460 _____ () C:\Users\RAB Office\Desktop\FRST.txt
2014-09-02 23:32 - 2014-09-02 23:32 - 00000000 ____D () C:\FRST
2014-09-02 23:26 - 2012-08-14 04:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 23:23 - 2014-09-02 23:23 - 04057608 _____ () C:\Users\RAB Office\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-02 23:23 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 23:23 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 23:18 - 2014-09-02 23:18 - 02104832 _____ (Farbar) C:\Users\RAB Office\Desktop\FRST64.exe
2014-09-02 22:37 - 2012-11-16 22:20 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 22:00 - 2014-09-02 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-02 22:00 - 2012-09-24 22:48 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-09-02 21:37 - 2012-08-14 04:09 - 01242663 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 20:53 - 2012-09-24 22:48 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-09-02 20:32 - 2014-09-02 20:29 - 00003264 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-09-02 20:32 - 2014-09-02 20:29 - 00000946 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-09-02 20:32 - 2014-09-02 20:29 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-09-02 20:28 - 2012-08-20 12:40 - 00000000 ____D () C:\Users\RAB Office\Documents\Outlook Files
2014-09-02 20:09 - 2014-08-14 19:50 - 00026306 _____ () C:\Users\RAB Office\Documents\TSP Tracking - 2014.xlsx
2014-09-02 20:09 - 2014-08-14 19:49 - 00028000 _____ () C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - 2014.xlsx
2014-09-02 20:08 - 2013-10-07 19:47 - 00005008 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-RAB Office RABOffice-PC
2014-09-02 18:45 - 2013-05-24 14:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-09-02 18:37 - 2012-11-16 22:20 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 18:36 - 2013-10-09 17:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-02 18:35 - 2014-09-02 18:35 - 00000000 ___RD () C:\Users\RAB Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-02 18:35 - 2012-08-14 04:42 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-02 18:35 - 2012-08-14 04:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-02 18:35 - 2012-08-14 04:29 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-02 18:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 18:34 - 2009-07-14 00:51 - 00359045 _____ () C:\Windows\setupact.log
2014-09-02 10:45 - 2014-09-02 10:45 - 00000000 ___RD () C:\Users\Gayle.RABOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-01 20:59 - 2012-08-16 18:50 - 00000000 ____D () C:\Users\RAB Office\Documents\Personal
2014-08-30 23:34 - 2012-08-20 13:43 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\CrashDumps
2014-08-30 11:34 - 2014-08-30 11:34 - 00016640 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-08-29 20:39 - 2013-04-15 19:07 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-28 17:42 - 2009-07-14 00:45 - 00435384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 09:24 - 2010-11-20 23:47 - 00389700 _____ () C:\Windows\PFRO.log
2014-08-27 18:52 - 2013-10-06 21:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-25 11:04 - 2014-08-25 11:04 - 00016918 _____ () C:\Users\Gayle.RABOffice-PC\Documents\biggs-dance.xlsx
2014-08-24 20:31 - 2012-08-20 17:25 - 00000000 ____D () C:\Users\RAB Office\Desktop\OPT OUT
2014-08-24 12:30 - 2014-08-24 12:30 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Adobe
2014-08-23 19:40 - 2012-08-19 23:24 - 00000000 ____D () C:\Users\RAB Office\Documents\Bluetooth Folder
2014-08-23 16:26 - 2012-08-14 04:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-23 14:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-23 14:06 - 2012-08-14 04:11 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-23 14:06 - 2012-08-14 04:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-22 22:07 - 2014-08-28 09:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:52 - 2012-11-16 22:20 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Google
2014-08-22 21:45 - 2014-08-28 09:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 21:38 - 2012-08-20 00:52 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\HpUpdate
2014-08-22 21:32 - 2012-08-19 23:15 - 00000000 ____D () C:\Users\RAB Office
2014-08-22 21:31 - 2012-09-24 19:43 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC
2014-08-22 21:31 - 2012-08-14 04:10 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-22 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-22 21:29 - 2012-08-20 12:00 - 00000000 __RHD () C:\MSOCache
2014-08-22 21:12 - 2014-08-22 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Google
2014-08-22 20:59 - 2014-08-28 09:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:05 - 2014-08-20 14:05 - 00024306 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (6).html
2014-08-20 10:35 - 2014-08-20 10:35 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (5).html
2014-08-20 10:32 - 2014-08-20 10:32 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (4).html
2014-08-19 23:36 - 2014-08-17 21:12 - 00000264 _____ () C:\Users\RAB Office\Desktop\Cut the Rope.url
2014-08-17 21:19 - 2014-08-17 21:19 - 00000000 ____D () C:\ProgramData\374311380
2014-08-17 21:17 - 2014-08-17 21:17 - 00003272 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-08-17 21:17 - 2014-08-17 21:17 - 00000000 ____D () C:\Users\RAB Office\Documents\Optimizer Pro
2014-08-17 21:16 - 2014-08-17 21:12 - 00000000 ____D () C:\Program Files (x86)\Astromenda
2014-08-17 21:12 - 2014-08-17 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Astromenda
2014-08-17 14:43 - 2014-05-13 22:24 - 00004990 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-Gayle RABOffice-PC
2014-08-15 20:34 - 2014-08-15 20:27 - 00000000 ____D () C:\Users\RAB Office\Desktop\Speechwise
2014-08-15 14:38 - 2014-03-27 20:28 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-15 14:38 - 2014-03-27 20:28 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-15 14:38 - 2014-03-27 20:28 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-15 14:38 - 2014-03-27 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-14 23:26 - 2012-11-13 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-14 17:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 11:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 21:58 - 2013-08-13 21:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 21:55 - 2012-08-20 13:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 21:51 - 2014-04-28 18:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-10 17:06 - 2014-08-10 17:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iPod
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-09 00:16 - 2013-10-19 20:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-09 00:15 - 2014-08-09 00:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-08 23:14 - 2014-08-08 23:14 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC\Desktop\Meat
2014-08-08 23:13 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 23:08 - 2014-08-08 23:07 - 00000000 ____D () C:\Users\RAB Office\Desktop\Meat
2014-08-06 22:06 - 2014-08-13 07:54 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-13 07:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 14:21 - 2012-09-24 19:35 - 00109568 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Revised Monthly Employmenet Utilization Report 1-10-05(1)(ROGERS BRIDGE COMPANY).xls
2014-08-05 16:48 - 2014-07-09 15:57 - 00098304 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Copy of FHWA-1391Form.xls
2014-08-05 16:44 - 2013-11-21 11:00 - 00047584 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Copy of FHWA-1391Form.xlsx
Some content of TEMP:
====================
C:\Users\Gayle.RABOffice-PC\AppData\Local\Temp\{0565F6E5-065B-4AD5-B46D-17C5E7B624E2}-27.0.1453.93_26.0.1410.64_chrome_updater.exe
C:\Users\RAB Office\AppData\Local\Temp\1mw2mtm2.dll
C:\Users\RAB Office\AppData\Local\Temp\1ruqnvha.dll
C:\Users\RAB Office\AppData\Local\Temp\4fgjnhe4.dll
C:\Users\RAB Office\AppData\Local\Temp\83wrnnzh.dll
C:\Users\RAB Office\AppData\Local\Temp\adobe_flash.exe
C:\Users\RAB Office\AppData\Local\Temp\c0dzxjin.dll
C:\Users\RAB Office\AppData\Local\Temp\cfyvjy0k.dll
C:\Users\RAB Office\AppData\Local\Temp\COMAP.EXE
C:\Users\RAB Office\AppData\Local\Temp\dqyjvzhw.dll
C:\Users\RAB Office\AppData\Local\Temp\h2fvphlp.dll
C:\Users\RAB Office\AppData\Local\Temp\isqkfkq0.dll
C:\Users\RAB Office\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\k2l_fnvx.dll
C:\Users\RAB Office\AppData\Local\Temp\k6ka77z8.dll
C:\Users\RAB Office\AppData\Local\Temp\klauu4_f.dll
C:\Users\RAB Office\AppData\Local\Temp\lsu1nzcr.dll
C:\Users\RAB Office\AppData\Local\Temp\m56dpjwy.dll
C:\Users\RAB Office\AppData\Local\Temp\nsb8936.exe
C:\Users\RAB Office\AppData\Local\Temp\nsl85CB.exe
C:\Users\RAB Office\AppData\Local\Temp\nslA763.exe
C:\Users\RAB Office\AppData\Local\Temp\nssBB6E.exe
C:\Users\RAB Office\AppData\Local\Temp\nsvAA9E.exe
C:\Users\RAB Office\AppData\Local\Temp\ocw5hehz.dll
C:\Users\RAB Office\AppData\Local\Temp\OfficeSetup.exe
C:\Users\RAB Office\AppData\Local\Temp\qok1llgl.dll
C:\Users\RAB Office\AppData\Local\Temp\qxzz_pgm.dll
C:\Users\RAB Office\AppData\Local\Temp\rrxe53od.dll
C:\Users\RAB Office\AppData\Local\Temp\sdjxo7xl.dll
C:\Users\RAB Office\AppData\Local\Temp\Setup.exe
C:\Users\RAB Office\AppData\Local\Temp\tlhny25o.dll
C:\Users\RAB Office\AppData\Local\Temp\tmp5C15.exe
C:\Users\RAB Office\AppData\Local\Temp\w19k9y0e.dll
C:\Users\RAB Office\AppData\Local\Temp\w6ju6dxc.dll
C:\Users\RAB Office\AppData\Local\Temp\xedkpqry.dll
C:\Users\RAB Office\AppData\Local\Temp\zm8_e-cf.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 19:18
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
Ran by RAB Office at 2014-09-02 23:33:21
Running from C:\Users\RAB Office\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11025 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation)
ArcSoft Software Suite (HKLM-x32\...\ArcSoft Software Suite) (Version: - )
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
Chessmaster Grandmaster Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.5127 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
Dell Digital Delivery (HKLM-x32\...\{F5E43D09-96AF-4CA0-85AE-9134E7FFA7FC}) (Version: 2.2.3000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.368 - Ancestry.com) Hidden
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: 5.0.12200.630 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Unified IO (Version: 1.0.1.94 - HP) Hidden
HP Unified IO (Version: 2.0.0.404 - HP) Hidden
HP Unified IO (x32 Version: 1.0.1.94 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM351M451DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard)
hppM351_M451LaserJetService (x32 Version: 005.021.00132 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (HKLM\...\{88387B3B-B110-392F-B919-1A15B48F21D4}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (HKLM-x32\...\{370187B9-6964-38D0-851F-6C4898B0C2B1}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nikon View 5 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Plantronics MyHeadset Updater (x64) (HKLM\...\{11C2C550-7EB9-4E8D-B960-6DF230E73396}) (Version: 2.8.23209.0 - Plantronics, Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.4.6 - GridinSoft LLC)
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (08/15/2010 2.1.0.2) (HKLM\...\0799181C3332EF8BCBD444BC080F9CA0737F8279) (Version: 08/15/2010 2.1.0.2 - Cambridge Silicon Radio)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows SDK IntellisenseNFX (x32 Version: 7.1.30514 - Microsoft) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-08-2014 01:51:00 Windows Update
15-08-2014 03:25:41 Installed HP Update.
18-08-2014 01:54:16 Removed Bonjour
23-08-2014 01:26:45 Restore Operation
25-08-2014 23:30:21 Windows Modules Installer
28-08-2014 17:38:51 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0B03C79C-FEB7-4301-9A5B-34B680725C15} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1E7EFB63-6EA7-4B41-9F0A-CB1A406C7B3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {26111EEA-DC8C-492E-AAC5-0FC95E4E32F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {27EE58C6-AD23-480B-A264-FF94BB10A4C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-23] (Adobe Systems Incorporated)
Task: {2D52AAEB-9EBD-49C5-8A74-0E912C19338D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-RAB Office RABOffice-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
Task: {7D86545D-07C8-44CB-A192-D59392076AD3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {882B0BC9-4920-4D6D-AD8E-4BCA919E542B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {8A0174ED-68F6-4A2A-887A-3EDD0DE77C0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {9BF7A557-A04A-48F7-8B04-D3380C99BFF8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-Gayle RABOffice-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
Task: {C0187C04-2305-4AF3-91CE-C817F6B41DC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {C1A7958B-5BC6-4A9A-A2C2-41E4E8DF0E67} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {CABAEA8F-5223-4ED4-AF03-C8DBF11D8B28} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe [2014-08-30] (GridinSoft LLC.)
Task: {F7BF6E96-F6D9-455C-9773-676D985082E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {F9E5704C-756D-43EF-A6F6-FCF75F1F8C75} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-19 20:58 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-27 18:51 - 2014-08-27 18:51 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-14 04:30 - 2012-01-26 22:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-08-20 15:58 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2012-08-20 15:58 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2011-10-25 22:29 - 2011-10-25 22:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-13 07:48 - 2013-02-13 07:48 - 00032768 _____ () C:\Program Files\Plantronics\MyHeadsetUpdater\NativeUsbLib.dll
2014-08-14 12:27 - 2014-08-14 12:27 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5744dbc804f3ddc8c5416a9de9e8c26d\IsdiInterop.ni.dll
2012-08-14 04:21 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-08-14 04:23 - 2012-01-21 07:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\2009 EEO Letter.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\DEKALB COUNTY-LOCATES.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\DRUG CERTIFICATION 2009.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\McKenzie -Medical & Pharmacy.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\2005 Annual Inventory Guidelines.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Alexandria's 1st Grade Report Card.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Blackberry Settings.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\CA-16.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Disqualification Letters.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Duty Agent roster 2009-2010.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Golf Tournament Quote.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Legal Service Agreement with Michael Beasley.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Motor Vehicle Utilization Report for August 2009.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\My Eval Bullets.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\PSN Photo 2006 Conference.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Redneck 911 Joke.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Sandisk Titanium 512 MB Quick Start Guide.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Staff Directory as of 11-16-2009.xls:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Sunny's Pricelist.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\The Great Black Vote.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\TSP Tracking - (Shell).xls:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - (Shell).xls:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Welcome_to_the_family.wmv:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: ttnfd
Description: ttnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ttnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/02/2014 08:32:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (09/02/2014 08:29:26 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (09/02/2014 06:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 10:46:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 08:47:51 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005
Error: (09/02/2014 08:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcshield.exe, version: 1.1.3.169, time stamp: 0x53a17f3d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0xa6c
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3
Error: (09/02/2014 08:47:49 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005
Error: (09/02/2014 08:47:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 07:37:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 01:54:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053
Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053
Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
Error: (09/02/2014 08:53:07 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}
Error: (09/02/2014 08:51:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Microsoft Office Sessions:
=========================
Error: (09/02/2014 08:32:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (09/02/2014 08:29:26 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (09/02/2014 06:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 10:46:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 08:47:51 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: c0000005
Error: (09/02/2014 08:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcshield.exe1.1.3.16953a17f3dntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4a6c01cfc6abce0e4b94C:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dll583ef223-329f-11e4-8395-844bf55a5328
Error: (09/02/2014 08:47:49 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: c0000005
Error: (09/02/2014 08:47:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 07:37:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 01:54:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 38%
Total physical RAM: 8152.96 MB
Available physical RAM: 5018.05 MB
Total Pagefile: 16304.11 MB
Available Pagefile: 13198.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:760.53 GB) NTFS
Drive d: (CLASS_OF_2020_2) (CDROM) (Total:1.88 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 039B70F2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-02 23:39:42
-----------------------------
23:39:42.537 OS Version: Windows x64 6.1.7601 Service Pack 1
23:39:42.537 Number of processors: 4 586 0x3A09
23:39:42.537 ComputerName: RABOFFICE-PC UserName: RAB Office
23:39:46.609 Initialize success
23:39:46.671 VM: initialized successfully
23:39:46.702 VM: Intel CPU supported
23:40:30.181 VM: supported disk I/O iaStor.sys
23:42:06.078 AVAST engine defs: 14090201
23:43:38.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:43:38.555 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
23:43:38.664 VM: Disk 0 MBR read successfully
23:43:38.680 Disk 0 MBR scan
23:43:38.695 Disk 0 Windows VISTA default MBR code
23:43:38.695 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
23:43:38.711 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12544 MB offset 81920
23:43:38.711 Disk 0 Boot: NTFS code=1
23:43:38.727 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941284 MB offset 25772032
23:43:38.758 Disk 0 scanning C:\Windows\system32\drivers
23:43:53.484 Service scanning
23:44:15.465 Modules scanning
23:44:15.465 Disk 0 trace - called modules:
23:44:15.480 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:44:15.480 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077bd060]
23:44:15.496 3 CLASSPNP.SYS[fffff88001d9543f] -> nt!IofCallDriver -> [0xfffffa8007166e40]
23:44:15.496 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007169050]
23:44:21.689 AVAST engine scan C:\Windows
23:44:24.762 AVAST engine scan C:\Windows\system32
23:49:29.920 AVAST engine scan C:\Windows\system32\drivers
23:49:48.796 AVAST engine scan C:\Users\RAB Office
23:51:29.541 Disk 0 MBR has been saved successfully to "C:\Users\RAB Office\Desktop\MBR.dat"
23:51:29.557 The log file has been saved successfully to "C:\Users\RAB Office\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by RAB Office (administrator) on RABOFFICE-PC on 02-09-2014 23:32:37
Running from C:\Users\RAB Office\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAA905.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Plantronics) C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Nikon Corporation) C:\Program Files (x86)\Nikon\NkView5\NkvMon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [78336 2013-02-13] (Plantronics)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [76872 2012-03-27] (cyberlink)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {4fa5e575-59e2-11e3-a479-844bf55a5328} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {d35b07a3-860a-11e3-8b1b-844bf55a5328} - E:\setup.exe -a
HKU\S-1-5-21-3250779840-2031006479-2741026425-1000\...\MountPoints2: {de4f57e1-ea6a-11e1-8d0c-844bf55a5328} - E:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NkvMon.exe.lnk
ShortcutTarget: NkvMon.exe.lnk -> C:\Program Files (x86)\Nikon\NkView5\NkvMon.exe (Nikon Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/channel/START
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=58&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0BtAzz0CtByDtG0CtC0EtCtGyDtDyB0CtGyByDyDtDtGtB0DyE0ByE0B0D0B0EtD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=758346851&ir=
SearchScopes: HKCU - {493C3539-470D-418F-B38F-3AF736CB70EB} URL =
SearchScopes: HKCU - {C51434D8-8DFF-481C-9C62-204368E109D1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_33_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0A0FtCyC0EyDzztGyByE0CtCtGyCtAzztDtGzytAzzyBtGtAtByD0C0F0AyD0EyCyB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=935455904&ir=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-09-24]
Chrome:
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=", "hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=M3C070867-8704-4C7D-9A73-C5198C1548C3&SearchSource=55&CUI=&UM=5&UP=SPADF4EB92-C596-4BD0-8B37-2D703B942F1A&SSPV="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchProvider: Default -> Astromenda
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_34_ie&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyDyD0AyDtAtByByCyC0FyDtN0D0Tzu0SzyyCtBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0ByDtC0E0AzyyEtGtC0CyCyEtGtByEzztAtG0CyEyEtCtGyEyBtCzytDzz0Dzy0C0D0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AtAzzyDyE0A0FtGzzzzzzzztG0ByEyD0FtG0BtDyB0CtGyCyC0FtA0E0D0F0DyDtB0DyE2Q&cr=1770894032&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (Google Wallet) - C:\Users\RAB Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0273541409705604mcinstcleanup; C:\Windows\TEMP\027354~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [242448 2012-03-27] (CyberLink)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-08-02] (Dell Products, LP.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2013-02-13] (CSR/PLT)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
U3 mfencbdc01; No ImagePath
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-11-13] ()
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-08-30] (Windows (R) Win 7 DDK provider)
S1 ttnfd; system32\drivers\ttnfd.sys [X]
S3 __FOX__UNI_DRIVER__; \??\C:\Users\RABOFF~1\AppData\Local\Temp\FoxG1Driver.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 23:32 - 2014-09-02 23:33 - 00028460 _____ () C:\Users\RAB Office\Desktop\FRST.txt
2014-09-02 23:32 - 2014-09-02 23:32 - 00000000 ____D () C:\FRST
2014-09-02 23:23 - 2014-09-02 23:23 - 04057608 _____ () C:\Users\RAB Office\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-02 23:18 - 2014-09-02 23:18 - 02104832 _____ (Farbar) C:\Users\RAB Office\Desktop\FRST64.exe
2014-09-02 22:00 - 2014-09-02 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-02 20:29 - 2014-09-02 20:32 - 00003264 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:32 - 00000946 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-09-02 20:29 - 2014-09-02 20:32 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-09-02 18:35 - 2014-09-02 18:35 - 00000000 ___RD () C:\Users\RAB Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-02 10:45 - 2014-09-02 10:45 - 00000000 ___RD () C:\Users\Gayle.RABOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-30 11:34 - 2014-08-30 11:34 - 00016640 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-08-28 09:31 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:31 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:31 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 11:04 - 2014-08-25 11:04 - 00016918 _____ () C:\Users\Gayle.RABOffice-PC\Documents\biggs-dance.xlsx
2014-08-24 12:30 - 2014-08-24 12:30 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Adobe
2014-08-22 21:12 - 2014-08-22 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Google
2014-08-20 14:05 - 2014-08-20 14:05 - 00024306 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (6).html
2014-08-20 10:35 - 2014-08-20 10:35 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (5).html
2014-08-20 10:32 - 2014-08-20 10:32 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (4).html
2014-08-17 21:19 - 2014-08-17 21:19 - 00000000 ____D () C:\ProgramData\374311380
2014-08-17 21:17 - 2014-08-17 21:17 - 00003272 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-08-17 21:17 - 2014-08-17 21:17 - 00000000 ____D () C:\Users\RAB Office\Documents\Optimizer Pro
2014-08-17 21:12 - 2014-08-19 23:36 - 00000264 _____ () C:\Users\RAB Office\Desktop\Cut the Rope.url
2014-08-17 21:12 - 2014-08-17 21:16 - 00000000 ____D () C:\Program Files (x86)\Astromenda
2014-08-17 21:12 - 2014-08-17 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Astromenda
2014-08-15 20:27 - 2014-08-15 20:34 - 00000000 ____D () C:\Users\RAB Office\Desktop\Speechwise
2014-08-14 19:50 - 2014-09-02 20:09 - 00026306 _____ () C:\Users\RAB Office\Documents\TSP Tracking - 2014.xlsx
2014-08-14 19:49 - 2014-09-02 20:09 - 00028000 _____ () C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - 2014.xlsx
2014-08-13 21:52 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 21:52 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 21:52 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 21:52 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 21:52 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 21:52 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:51 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 21:51 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 07:55 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 07:55 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 07:55 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 07:55 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 07:55 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 07:55 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 07:55 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 07:55 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 07:55 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 07:55 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 07:55 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 07:55 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 07:55 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 07:55 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 07:55 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 07:55 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 07:55 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 07:55 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 07:55 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 07:55 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 07:55 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 07:55 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 07:55 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 07:55 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 07:55 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 07:55 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 07:55 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 07:55 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 07:55 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 07:55 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 07:55 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 07:55 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 07:55 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 07:55 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 07:55 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 07:55 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 07:55 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 07:55 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 07:55 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 07:55 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 07:55 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 07:55 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 07:55 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 07:55 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 07:55 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 07:55 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 07:55 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 07:55 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 07:55 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 07:55 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 07:55 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 07:55 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 07:55 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 07:55 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 07:55 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 07:55 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 07:55 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 07:55 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 07:55 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 07:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 07:55 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 07:55 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 07:55 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 07:55 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 07:55 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 07:55 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 07:55 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 07:55 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 07:55 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 07:55 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 07:55 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 07:55 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 07:54 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 07:54 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 07:54 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 07:54 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-10 17:06 - 2014-08-10 17:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iPod
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-09 00:15 - 2014-08-09 00:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-08 23:14 - 2014-08-08 23:14 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC\Desktop\Meat
2014-08-08 23:07 - 2014-08-08 23:08 - 00000000 ____D () C:\Users\RAB Office\Desktop\Meat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 23:33 - 2014-09-02 23:32 - 00028460 _____ () C:\Users\RAB Office\Desktop\FRST.txt
2014-09-02 23:32 - 2014-09-02 23:32 - 00000000 ____D () C:\FRST
2014-09-02 23:26 - 2012-08-14 04:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 23:23 - 2014-09-02 23:23 - 04057608 _____ () C:\Users\RAB Office\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-02 23:23 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 23:23 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 23:18 - 2014-09-02 23:18 - 02104832 _____ (Farbar) C:\Users\RAB Office\Desktop\FRST64.exe
2014-09-02 22:37 - 2012-11-16 22:20 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 22:00 - 2014-09-02 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-02 22:00 - 2012-09-24 22:48 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-09-02 21:37 - 2012-08-14 04:09 - 01242663 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 20:53 - 2012-09-24 22:48 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-09-02 20:32 - 2014-09-02 20:29 - 00003264 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-09-02 20:32 - 2014-09-02 20:29 - 00000946 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-09-02 20:32 - 2014-09-02 20:29 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-09-02 20:29 - 2014-09-02 20:29 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-09-02 20:28 - 2012-08-20 12:40 - 00000000 ____D () C:\Users\RAB Office\Documents\Outlook Files
2014-09-02 20:09 - 2014-08-14 19:50 - 00026306 _____ () C:\Users\RAB Office\Documents\TSP Tracking - 2014.xlsx
2014-09-02 20:09 - 2014-08-14 19:49 - 00028000 _____ () C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - 2014.xlsx
2014-09-02 20:08 - 2013-10-07 19:47 - 00005008 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-RAB Office RABOffice-PC
2014-09-02 18:45 - 2013-05-24 14:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-09-02 18:37 - 2012-11-16 22:20 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 18:36 - 2013-10-09 17:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-02 18:35 - 2014-09-02 18:35 - 00000000 ___RD () C:\Users\RAB Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-02 18:35 - 2012-08-14 04:42 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-02 18:35 - 2012-08-14 04:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-02 18:35 - 2012-08-14 04:29 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-02 18:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 18:34 - 2009-07-14 00:51 - 00359045 _____ () C:\Windows\setupact.log
2014-09-02 10:45 - 2014-09-02 10:45 - 00000000 ___RD () C:\Users\Gayle.RABOffice-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-01 20:59 - 2012-08-16 18:50 - 00000000 ____D () C:\Users\RAB Office\Documents\Personal
2014-08-30 23:34 - 2012-08-20 13:43 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\CrashDumps
2014-08-30 11:34 - 2014-08-30 11:34 - 00016640 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-08-29 20:39 - 2013-04-15 19:07 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-28 17:42 - 2009-07-14 00:45 - 00435384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 09:24 - 2010-11-20 23:47 - 00389700 _____ () C:\Windows\PFRO.log
2014-08-27 18:52 - 2013-10-06 21:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-25 11:04 - 2014-08-25 11:04 - 00016918 _____ () C:\Users\Gayle.RABOffice-PC\Documents\biggs-dance.xlsx
2014-08-24 20:31 - 2012-08-20 17:25 - 00000000 ____D () C:\Users\RAB Office\Desktop\OPT OUT
2014-08-24 12:30 - 2014-08-24 12:30 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Adobe
2014-08-23 19:40 - 2012-08-19 23:24 - 00000000 ____D () C:\Users\RAB Office\Documents\Bluetooth Folder
2014-08-23 16:26 - 2012-08-14 04:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-23 14:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-23 14:06 - 2012-08-14 04:11 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-23 14:06 - 2012-08-14 04:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-22 22:07 - 2014-08-28 09:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:52 - 2012-11-16 22:20 - 00000000 ____D () C:\Users\RAB Office\AppData\Local\Google
2014-08-22 21:45 - 2014-08-28 09:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 21:38 - 2012-08-20 00:52 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\HpUpdate
2014-08-22 21:32 - 2012-08-19 23:15 - 00000000 ____D () C:\Users\RAB Office
2014-08-22 21:31 - 2012-09-24 19:43 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC
2014-08-22 21:31 - 2012-08-14 04:10 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-22 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-22 21:29 - 2012-08-20 12:00 - 00000000 __RHD () C:\MSOCache
2014-08-22 21:12 - 2014-08-22 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Google
2014-08-22 20:59 - 2014-08-28 09:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:05 - 2014-08-20 14:05 - 00024306 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (6).html
2014-08-20 10:35 - 2014-08-20 10:35 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (5).html
2014-08-20 10:32 - 2014-08-20 10:32 - 00023896 _____ () C:\Users\Gayle.RABOffice-PC\Downloads\message_zdm (4).html
2014-08-19 23:36 - 2014-08-17 21:12 - 00000264 _____ () C:\Users\RAB Office\Desktop\Cut the Rope.url
2014-08-17 21:19 - 2014-08-17 21:19 - 00000000 ____D () C:\ProgramData\374311380
2014-08-17 21:17 - 2014-08-17 21:17 - 00003272 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-08-17 21:17 - 2014-08-17 21:17 - 00000000 ____D () C:\Users\RAB Office\Documents\Optimizer Pro
2014-08-17 21:16 - 2014-08-17 21:12 - 00000000 ____D () C:\Program Files (x86)\Astromenda
2014-08-17 21:12 - 2014-08-17 21:12 - 00000000 ____D () C:\Users\RAB Office\AppData\Roaming\Astromenda
2014-08-17 14:43 - 2014-05-13 22:24 - 00004990 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-Gayle RABOffice-PC
2014-08-15 20:34 - 2014-08-15 20:27 - 00000000 ____D () C:\Users\RAB Office\Desktop\Speechwise
2014-08-15 14:38 - 2014-03-27 20:28 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-15 14:38 - 2014-03-27 20:28 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-15 14:38 - 2014-03-27 20:28 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-15 14:38 - 2014-03-27 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-14 23:26 - 2012-11-13 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-14 17:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 11:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 21:58 - 2013-08-13 21:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 21:55 - 2012-08-20 13:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 21:51 - 2014-04-28 18:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-10 17:06 - 2014-08-10 17:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iTunes
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files\iPod
2014-08-10 17:06 - 2014-08-10 17:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-09 00:16 - 2013-10-19 20:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-09 00:15 - 2014-08-09 00:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 00:15 - 2014-08-09 00:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-08 23:14 - 2014-08-08 23:14 - 00000000 ____D () C:\Users\Gayle.RABOffice-PC\Desktop\Meat
2014-08-08 23:13 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 23:08 - 2014-08-08 23:07 - 00000000 ____D () C:\Users\RAB Office\Desktop\Meat
2014-08-06 22:06 - 2014-08-13 07:54 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-13 07:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 14:21 - 2012-09-24 19:35 - 00109568 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Revised Monthly Employmenet Utilization Report 1-10-05(1)(ROGERS BRIDGE COMPANY).xls
2014-08-05 16:48 - 2014-07-09 15:57 - 00098304 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Copy of FHWA-1391Form.xls
2014-08-05 16:44 - 2013-11-21 11:00 - 00047584 _____ () C:\Users\Gayle.RABOffice-PC\Documents\Copy of FHWA-1391Form.xlsx
Some content of TEMP:
====================
C:\Users\Gayle.RABOffice-PC\AppData\Local\Temp\{0565F6E5-065B-4AD5-B46D-17C5E7B624E2}-27.0.1453.93_26.0.1410.64_chrome_updater.exe
C:\Users\RAB Office\AppData\Local\Temp\1mw2mtm2.dll
C:\Users\RAB Office\AppData\Local\Temp\1ruqnvha.dll
C:\Users\RAB Office\AppData\Local\Temp\4fgjnhe4.dll
C:\Users\RAB Office\AppData\Local\Temp\83wrnnzh.dll
C:\Users\RAB Office\AppData\Local\Temp\adobe_flash.exe
C:\Users\RAB Office\AppData\Local\Temp\c0dzxjin.dll
C:\Users\RAB Office\AppData\Local\Temp\cfyvjy0k.dll
C:\Users\RAB Office\AppData\Local\Temp\COMAP.EXE
C:\Users\RAB Office\AppData\Local\Temp\dqyjvzhw.dll
C:\Users\RAB Office\AppData\Local\Temp\h2fvphlp.dll
C:\Users\RAB Office\AppData\Local\Temp\isqkfkq0.dll
C:\Users\RAB Office\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\RAB Office\AppData\Local\Temp\k2l_fnvx.dll
C:\Users\RAB Office\AppData\Local\Temp\k6ka77z8.dll
C:\Users\RAB Office\AppData\Local\Temp\klauu4_f.dll
C:\Users\RAB Office\AppData\Local\Temp\lsu1nzcr.dll
C:\Users\RAB Office\AppData\Local\Temp\m56dpjwy.dll
C:\Users\RAB Office\AppData\Local\Temp\nsb8936.exe
C:\Users\RAB Office\AppData\Local\Temp\nsl85CB.exe
C:\Users\RAB Office\AppData\Local\Temp\nslA763.exe
C:\Users\RAB Office\AppData\Local\Temp\nssBB6E.exe
C:\Users\RAB Office\AppData\Local\Temp\nsvAA9E.exe
C:\Users\RAB Office\AppData\Local\Temp\ocw5hehz.dll
C:\Users\RAB Office\AppData\Local\Temp\OfficeSetup.exe
C:\Users\RAB Office\AppData\Local\Temp\qok1llgl.dll
C:\Users\RAB Office\AppData\Local\Temp\qxzz_pgm.dll
C:\Users\RAB Office\AppData\Local\Temp\rrxe53od.dll
C:\Users\RAB Office\AppData\Local\Temp\sdjxo7xl.dll
C:\Users\RAB Office\AppData\Local\Temp\Setup.exe
C:\Users\RAB Office\AppData\Local\Temp\tlhny25o.dll
C:\Users\RAB Office\AppData\Local\Temp\tmp5C15.exe
C:\Users\RAB Office\AppData\Local\Temp\w19k9y0e.dll
C:\Users\RAB Office\AppData\Local\Temp\w6ju6dxc.dll
C:\Users\RAB Office\AppData\Local\Temp\xedkpqry.dll
C:\Users\RAB Office\AppData\Local\Temp\zm8_e-cf.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 19:18
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
Ran by RAB Office at 2014-09-02 23:33:21
Running from C:\Users\RAB Office\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11025 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation)
ArcSoft Software Suite (HKLM-x32\...\ArcSoft Software Suite) (Version: - )
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Chessmaster Grandmaster Edition (HKLM-x32\...\InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}) (Version: 1.00.0000 - Ubisoft)
Chessmaster Grandmaster Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.5127 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
Dell Digital Delivery (HKLM-x32\...\{F5E43D09-96AF-4CA0-85AE-9134E7FFA7FC}) (Version: 2.2.3000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.368 - Ancestry.com) Hidden
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 2.0.0.5 - FileParade) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: 5.0.12200.630 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Unified IO (Version: 1.0.1.94 - HP) Hidden
HP Unified IO (Version: 2.0.0.404 - HP) Hidden
HP Unified IO (x32 Version: 1.0.1.94 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM351M451DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard)
hppM351_M451LaserJetService (x32 Version: 005.021.00132 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (HKLM\...\{88387B3B-B110-392F-B919-1A15B48F21D4}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (HKLM-x32\...\{370187B9-6964-38D0-851F-6C4898B0C2B1}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nikon View 5 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Plantronics MyHeadset Updater (x64) (HKLM\...\{11C2C550-7EB9-4E8D-B960-6DF230E73396}) (Version: 2.8.23209.0 - Plantronics, Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.4.6 - GridinSoft LLC)
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (08/15/2010 2.1.0.2) (HKLM\...\0799181C3332EF8BCBD444BC080F9CA0737F8279) (Version: 08/15/2010 2.1.0.2 - Cambridge Silicon Radio)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows SDK IntellisenseNFX (x32 Version: 7.1.30514 - Microsoft) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-08-2014 01:51:00 Windows Update
15-08-2014 03:25:41 Installed HP Update.
18-08-2014 01:54:16 Removed Bonjour
23-08-2014 01:26:45 Restore Operation
25-08-2014 23:30:21 Windows Modules Installer
28-08-2014 17:38:51 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0B03C79C-FEB7-4301-9A5B-34B680725C15} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1E7EFB63-6EA7-4B41-9F0A-CB1A406C7B3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {26111EEA-DC8C-492E-AAC5-0FC95E4E32F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {27EE58C6-AD23-480B-A264-FF94BB10A4C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-23] (Adobe Systems Incorporated)
Task: {2D52AAEB-9EBD-49C5-8A74-0E912C19338D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-RAB Office RABOffice-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
Task: {7D86545D-07C8-44CB-A192-D59392076AD3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {882B0BC9-4920-4D6D-AD8E-4BCA919E542B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {8A0174ED-68F6-4A2A-887A-3EDD0DE77C0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {9BF7A557-A04A-48F7-8B04-D3380C99BFF8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RABOffice-PC-Gayle RABOffice-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
Task: {C0187C04-2305-4AF3-91CE-C817F6B41DC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {C1A7958B-5BC6-4A9A-A2C2-41E4E8DF0E67} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {CABAEA8F-5223-4ED4-AF03-C8DBF11D8B28} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe [2014-08-30] (GridinSoft LLC.)
Task: {F7BF6E96-F6D9-455C-9773-676D985082E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {F9E5704C-756D-43EF-A6F6-FCF75F1F8C75} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-19 20:58 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-27 18:51 - 2014-08-27 18:51 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-14 04:30 - 2012-01-26 22:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-08-20 15:58 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2012-08-20 15:58 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2011-10-25 22:29 - 2011-10-25 22:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-13 07:48 - 2013-02-13 07:48 - 00032768 _____ () C:\Program Files\Plantronics\MyHeadsetUpdater\NativeUsbLib.dll
2014-08-14 12:27 - 2014-08-14 12:27 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5744dbc804f3ddc8c5416a9de9e8c26d\IsdiInterop.ni.dll
2012-08-14 04:21 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-08-14 04:23 - 2012-01-21 07:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\2009 EEO Letter.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\DEKALB COUNTY-LOCATES.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\DRUG CERTIFICATION 2009.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\Gayle.RABOffice-PC\Documents\McKenzie -Medical & Pharmacy.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\2005 Annual Inventory Guidelines.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Alexandria's 1st Grade Report Card.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Blackberry Settings.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\CA-16.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Disqualification Letters.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Duty Agent roster 2009-2010.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Golf Tournament Quote.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Legal Service Agreement with Michael Beasley.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Motor Vehicle Utilization Report for August 2009.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\My Eval Bullets.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\PSN Photo 2006 Conference.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Redneck 911 Joke.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Sandisk Titanium 512 MB Quick Start Guide.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Staff Directory as of 11-16-2009.xls:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Sunny's Pricelist.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\The Great Black Vote.wmv:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\TSP Tracking - (Shell).xls:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\TSP Tracking With Share Prices - (Shell).xls:Roxio EMC Stream
AlternateDataStreams: C:\Users\RAB Office\Documents\Welcome_to_the_family.wmv:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: ttnfd
Description: ttnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ttnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/02/2014 08:32:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (09/02/2014 08:29:26 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (09/02/2014 06:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 10:46:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 08:47:51 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005
Error: (09/02/2014 08:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcshield.exe, version: 1.1.3.169, time stamp: 0x53a17f3d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0xa6c
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3
Error: (09/02/2014 08:47:49 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005
Error: (09/02/2014 08:47:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 07:37:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 01:54:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053
Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053
Error: (09/02/2014 08:53:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
Error: (09/02/2014 08:53:07 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}
Error: (09/02/2014 08:51:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (09/02/2014 06:36:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Microsoft Office Sessions:
=========================
Error: (09/02/2014 08:32:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (09/02/2014 08:29:26 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (09/02/2014 06:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 10:46:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 08:47:51 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: c0000005
Error: (09/02/2014 08:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcshield.exe1.1.3.16953a17f3dntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4a6c01cfc6abce0e4b94C:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dll583ef223-329f-11e4-8395-844bf55a5328
Error: (09/02/2014 08:47:49 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: c0000005
Error: (09/02/2014 08:47:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 07:37:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 01:54:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 38%
Total physical RAM: 8152.96 MB
Available physical RAM: 5018.05 MB
Total Pagefile: 16304.11 MB
Available Pagefile: 13198.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:760.53 GB) NTFS
Drive d: (CLASS_OF_2020_2) (CDROM) (Total:1.88 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 039B70F2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-02 23:39:42
-----------------------------
23:39:42.537 OS Version: Windows x64 6.1.7601 Service Pack 1
23:39:42.537 Number of processors: 4 586 0x3A09
23:39:42.537 ComputerName: RABOFFICE-PC UserName: RAB Office
23:39:46.609 Initialize success
23:39:46.671 VM: initialized successfully
23:39:46.702 VM: Intel CPU supported
23:40:30.181 VM: supported disk I/O iaStor.sys
23:42:06.078 AVAST engine defs: 14090201
23:43:38.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:43:38.555 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
23:43:38.664 VM: Disk 0 MBR read successfully
23:43:38.680 Disk 0 MBR scan
23:43:38.695 Disk 0 Windows VISTA default MBR code
23:43:38.695 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
23:43:38.711 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12544 MB offset 81920
23:43:38.711 Disk 0 Boot: NTFS code=1
23:43:38.727 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941284 MB offset 25772032
23:43:38.758 Disk 0 scanning C:\Windows\system32\drivers
23:43:53.484 Service scanning
23:44:15.465 Modules scanning
23:44:15.465 Disk 0 trace - called modules:
23:44:15.480 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:44:15.480 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077bd060]
23:44:15.496 3 CLASSPNP.SYS[fffff88001d9543f] -> nt!IofCallDriver -> [0xfffffa8007166e40]
23:44:15.496 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007169050]
23:44:21.689 AVAST engine scan C:\Windows
23:44:24.762 AVAST engine scan C:\Windows\system32
23:49:29.920 AVAST engine scan C:\Windows\system32\drivers
23:49:48.796 AVAST engine scan C:\Users\RAB Office
23:51:29.541 Disk 0 MBR has been saved successfully to "C:\Users\RAB Office\Desktop\MBR.dat"
23:51:29.557 The log file has been saved successfully to "C:\Users\RAB Office\Desktop\aswMBR.txt"