jlbado
2015-01-08, 01:11
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by default (administrator) on OFFICE01 on 07-01-2015 15:34:16
Running from C:\Users\default.default-PC\Desktop
Loaded Profile: default (Available profiles: default)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\System32\atashost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\AMT\lms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [104960 2009-10-15] ()
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-01-05] (Wave Systems Corp.)
HKLM\...\Run: [DellControlPoint] => C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2079792 2014-12-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-18] (Microsoft)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\Run: [Facebook Update] => "C:\Users\default.default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-19] (Google Inc.)
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\System32\avgrsstx.dll => C:\Windows\System32\avgrsstx.dll [12536 2010-07-15] (AVG Technologies CZ, s.r.o.)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-311597906-3463414758-3913683715-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-311597906-3463414758-3913683715-1000] => localhost:21320
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://navinet.navimedix.com/sign-in?ReturnUrl=/Main.aspx
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1D74A164-9F18-49B7-87F0-9AEEF495486D} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-311597906-3463414758-3913683715-1000 -> {1D74A164-9F18-49B7-87F0-9AEEF495486D} URL =
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Inbox Toolbar -> {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -> C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-311597906-3463414758-3913683715-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-311597906-3463414758-3913683715-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-311597906-3463414758-3913683715-1000 -> &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
FireFox:
========
FF ProfilePath: C:\Users\default.default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g0sveptx.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.eyefinity.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-311597906-3463414758-3913683715-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\default.default-PC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\default.default-PC\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atashost; C:\Windows\system32\atashost.exe [118568 2014-12-30] (Cisco WebEx LLC)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SQLVUE; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-10-15] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2009-10-14] (Intel Corporation )
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [16768 2011-04-08] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [211328 2010-01-05] (Wave Systems Corp.)
S3 catchme; \??\C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 15:34 - 2015-01-07 15:34 - 00017892 _____ () C:\Users\default.default-PC\Desktop\FRST.txt
2015-01-07 13:28 - 2015-01-07 13:28 - 00002133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-07 13:28 - 2015-01-07 13:28 - 00002121 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-07 13:28 - 2015-01-07 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-07 13:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-01-07 13:22 - 2015-01-07 13:24 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\default.default-PC\Desktop\spybot-2.4.exe
2015-01-07 10:28 - 2015-01-07 10:28 - 05198336 _____ (AVAST Software) C:\Users\default.default-PC\Desktop\aswMBR.exe
2015-01-07 10:24 - 2015-01-07 15:34 - 00000000 ____D () C:\FRST
2015-01-07 10:24 - 2015-01-07 10:24 - 01115648 _____ (Farbar) C:\Users\default.default-PC\Desktop\FRST.exe
2015-01-07 10:23 - 2015-01-07 10:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OFFICE01-Microsoft-Windows-7-Professional-(32-bit).dat
2015-01-07 10:22 - 2015-01-07 10:22 - 00002183 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-07 10:22 - 2015-01-07 10:22 - 00000000 ____D () C:\RegBackup
2015-01-07 10:22 - 2015-01-07 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-07 10:22 - 2015-01-07 10:22 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-01-07 10:20 - 2015-01-07 10:20 - 04215584 _____ () C:\Users\default.default-PC\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-05 11:52 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-05 11:52 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-05 11:52 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-05 11:52 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-05 11:51 - 2015-01-05 11:52 - 00004613 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-12-30 10:10 - 2014-12-30 10:10 - 00000000 ____D () C:\Users\default.default-PC\AppData\Local\WebEx
2014-12-17 19:23 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 03:21 - 2014-12-10 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:05 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:01 - 2014-12-10 03:04 - 00000000 ____D () C:\57587319f2c7f557c4d0721a20b8eec5
2014-12-09 23:49 - 2014-12-03 22:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 23:49 - 2014-12-03 22:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 23:49 - 2014-12-03 22:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 23:49 - 2014-12-03 22:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 23:49 - 2014-12-03 22:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 23:49 - 2014-12-03 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 23:49 - 2014-12-03 22:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 23:49 - 2014-12-01 17:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 23:49 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 23:49 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 23:49 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 23:49 - 2014-11-21 20:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 23:49 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 23:49 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 23:49 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 23:49 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 23:49 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 23:49 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 23:49 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 23:49 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 23:49 - 2014-11-21 19:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 23:49 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 23:49 - 2014-11-21 19:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 23:49 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 23:49 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 23:49 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 23:49 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 23:49 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 23:49 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 23:49 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 23:49 - 2014-11-21 19:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 23:49 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 23:49 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 23:49 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 23:49 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 23:49 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 23:49 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 23:49 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 23:49 - 2014-11-10 19:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 23:48 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 23:48 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 23:48 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 23:48 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 23:48 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 23:48 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 23:48 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 09:46 - 2014-12-09 09:46 - 00111836 _____ () C:\Users\default.default-PC\Desktop\Rehabilitation
2014-12-08 23:18 - 2014-12-08 23:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 15:09 - 2013-02-14 09:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 14:39 - 2010-03-19 10:51 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 14:04 - 2013-01-24 13:59 - 00000958 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000UA.job
2015-01-07 14:04 - 2013-01-24 13:59 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000Core.job
2015-01-07 13:33 - 2014-04-15 09:42 - 00021968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 13:33 - 2014-04-15 09:42 - 00021968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 13:30 - 2010-03-04 09:37 - 00862922 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 13:30 - 2009-07-13 22:55 - 01296053 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 13:28 - 2013-10-15 14:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-07 13:28 - 2013-10-15 14:53 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-07 13:26 - 2010-03-19 10:51 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 13:26 - 2010-03-08 14:40 - 00000000 _____ () C:\Users\default.default-PC\AppData\Local\WavXMapDrive.bat
2015-01-07 13:26 - 2010-03-04 12:25 - 00181680 _____ () C:\Windows\PFRO.log
2015-01-07 13:26 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 13:26 - 2009-07-13 22:39 - 00096166 _____ () C:\Windows\setupact.log
2015-01-07 13:25 - 2014-09-19 10:46 - 00000350 _____ () C:\Windows\wininit.ini
2015-01-07 08:26 - 2010-03-17 08:12 - 00000000 ____D () C:\Windows\system32\Drivers\Avg
2015-01-06 10:33 - 2014-07-24 10:02 - 00000000 ____D () C:\OptoVue
2015-01-05 15:34 - 2010-06-23 09:09 - 00000000 ____D () C:\ProgramData\webex
2015-01-05 11:53 - 2013-12-26 09:11 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-05 11:52 - 2010-08-17 08:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-05 11:52 - 2010-03-04 09:31 - 00000000 ____D () C:\Program Files\Java
2014-12-30 16:05 - 2010-12-21 11:03 - 00000000 __SHD () C:\Users\default.default-PC\Documents\cache
2014-12-30 14:56 - 2010-12-21 11:03 - 00000000 ____D () C:\Users\default.default-PC\AppData\Roaming\webex
2014-12-30 10:10 - 2010-06-23 09:32 - 00208168 _____ (Cisco WebEx LLC) C:\Windows\system32\atsckernel.exe
2014-12-30 10:10 - 2010-06-23 09:32 - 00118568 _____ (Cisco WebEx LLC) C:\Windows\system32\atashost.exe
2014-12-16 10:45 - 2013-11-27 08:19 - 00000000 ____D () C:\Users\default.default-PC\Desktop\Schambo
2014-12-15 18:17 - 2013-08-27 14:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-15 18:17 - 2013-08-27 14:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-15 10:09 - 2013-03-21 13:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-10 13:09 - 2013-02-14 09:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 13:09 - 2011-09-14 15:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 08:38 - 2014-10-01 08:24 - 00000000 ____D () C:\Poly Prior Authorization Letters
2014-12-10 03:59 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:21 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:21 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:05 - 2010-03-08 14:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:04 - 2013-08-15 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:01 - 2010-03-08 14:58 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 12:47
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by default at 2015-01-07 15:34:53
Running from C:\Users\default.default-PC\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Anti-Virus Free (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AmbirScanV1.1.2708 (HKLM\...\{B5DD1AEA-69EA-491C-A803-98BEAAFAE472}_is1) (Version: - Ambir Technology)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG Free 9.0 (HKLM\...\AVG9Uninstall) (Version: - AVG Technologies)
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother Software Suite (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 4.0.0.463 (HKLM\...\Bullzip PDF Printer_is1) (Version: - Bullzip)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Crystal Reports Runtime (HKLM\...\{6DD3F923-BD72-4784-8722-5440A7E9EE83}) (Version: 1.00.0000 - Compulink)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DCP32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Dell Backup and Recovery Manager (HKLM\...\{8DD67529-BA26-4D12-97A8-3853D0C4B67D}) (Version: 1.2.1 - Dell Inc.)
Dell Control Point (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.453.66 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.00.079 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.050 - Dell Inc.)
Document Manager Lite (Version: 06.09.00.147 - Wave Systems Corp.) Hidden
DVI Remote Rx Entry (HKLM\...\{1E0A64C0-7071-11D4-B2F8-00105AF63544}) (Version: - )
EMBASSY Security Center (Version: 04.00.00.071 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.058 - Wave Systems Corp) Hidden
ESC Home Page Plugin (Version: 04.00.00.010 - Wave Systems Corp) Hidden
EZ Calendar (HKLM\...\{a71b2005-36ef-4ee5-8059-02deb367cb98}) (Version: 1.0.0 - W3i, LLC)
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Plug-In (HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
GPL Ghostscript Lite 9.10.16 (HKLM\...\GPL Ghostscript Lite_is1) (Version: - Free Distribution)
Inbox Toolbar (HKLM\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 1.0.0 - Inbox.com, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel(R) Network Connections 14.8.43.0 (HKLM\...\PROSetDX) (Version: 14.8.43.0 - Dell)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Medicare Remit EasyPrint (HKLM\...\{7EAEA40A-A6CA-4BA1-99C3-0782648E0F6B}) (Version: 3.3 - ViPS Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Recording Player (HKLM\...\{D12CD09C-BFEE-4B6F-A7F7-054AEA2E369C}) (Version: 2.3.1109 - WebEx Communications Inc.)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Preboot Manager (Version: 03.00.00.085 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.057 - Wave Systems Corp.) Hidden
PS467 (HKLM\...\{A12B5CE0-B331-4303-AD32-FDE876AED875}) (Version: 1.2.1001 - Ambir Technology)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Safari (HKLM\...\{5E453519-60F6-4A4D-A0BF-16663F9B3536}) (Version: 5.34.51.22 - Apple Inc.)
Security Wizards (Version: 01.07.00.023 - Your Company Name) Hidden
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SO32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusted Drive Manager (Version: 3.3.0.396 - Wave Systems Corp.) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.01.19.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.062 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\default.default-PC\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\webex\WebEx\1326\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{68324E93-8981-4DF6-8548-9AC98C46E176}\InprocServer32 -> C:\Users\default.default-PC\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\DynamicWebTwainCtrl.dll (Dynamsoft)
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\default.default-PC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758}\InprocServer32 -> C:\Users\default.default-PC\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\DynamicWebTwainCtrl.dll (Dynamsoft)
==================== Restore Points =========================
10-12-2014 03:00:34 Windows Update
10-12-2014 08:20:07 Avg Update
10-12-2014 08:20:56 Avg Update
10-12-2014 08:21:44 Avg Update
15-12-2014 10:12:51 Windows Update
18-12-2014 03:00:18 Windows Update
26-12-2014 00:00:05 Scheduled Checkpoint
29-12-2014 09:15:36 Avg Update
05-01-2015 11:51:13 Installed Java 7 Update 71
06-01-2015 18:00:02 Avg Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:04 - 2013-03-14 14:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {4C2832EF-0FED-4C7B-B938-83CAD00A0CEE} - System32\Tasks\{107460B0-C4F6-4137-A893-6C33C0E1B696} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {548FF2EE-3D36-4870-89E5-72D27CBC7233} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {5ADBB663-1CC0-440E-97DB-702B07DFB373} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {5C4E5818-4790-4D0A-A6A3-C5A57DFDAFEA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {7424D3E5-5C27-4E3B-B4AC-98BFE39409F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {7988EB42-AF59-432E-A763-CBC4C31A699E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000UA => C:\Users\default.default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {80311304-8691-42D8-A26D-5FEB34AE92F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9AF9D504-36A0-4A76-8443-2D7D1EB2CCD1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000Core => C:\Users\default.default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {C68BDB96-7533-4BCB-B7BA-30EF57CA1D7C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {CB358341-FFD0-492B-9755-A799C7D05C8F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000Core.job => C:\Users\default.default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000UA.job => C:\Users\default.default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-04 09:33 - 2009-10-15 10:57 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2015-01-07 13:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-07 13:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2009-11-19 14:47 - 2009-11-19 14:47 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2009-11-13 07:17 - 2009-11-13 07:17 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 12:24 - 2008-11-12 12:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2013-05-09 13:17 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2013-05-09 13:17 - 2012-05-25 03:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2015-01-07 13:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-07 13:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-07 13:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-311597906-3463414758-3913683715-500 - Administrator - Disabled)
ASPNET (S-1-5-21-311597906-3463414758-3913683715-1003 - Limited - Enabled)
default (S-1-5-21-311597906-3463414758-3913683715-1000 - Administrator - Enabled) => C:\Users\default.default-PC
Guest (S-1-5-21-311597906-3463414758-3913683715-501 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2015 01:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Office01.local already in use; will try Office01-2.local instead
Error: (01/07/2015 01:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Office01.local. Addr 192.168.10.113
Error: (01/07/2015 01:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.10.138:5353 4 OFFICE01.local. Addr 192.168.10.138
Error: (01/07/2015 00:31:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Office01.local already in use; will try Office01-2.local instead
Error: (01/07/2015 00:31:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Office01.local. Addr 192.168.10.113
Error: (01/07/2015 00:31:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.10.138:5353 4 OFFICE01.local. Addr 192.168.10.138
Error: (01/06/2015 06:00:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6a6f0041-e10d-42b5-ac81-f153a43a108d}
Error: (01/06/2015 07:52:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EYECARE.EXE version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1698
Start Time: 01d029b75a5c48b7
Termination Time: 7
Application Path: X:\EYECARE\EYECARE.EXE
Report Id: 39059275-95ab-11e4-b473-a4badbe86116
Error: (01/06/2015 07:46:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Office01.local already in use; will try Office01-2.local instead
Error: (01/06/2015 07:46:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Office01.local. Addr 192.168.10.113
System errors:
=============
Error: (01/07/2015 01:26:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :20" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 01:26:18 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3E71AE58-F755-43E6-B187-E3BD19DF11DC} because another computer on the network has the same name. The server could not start.
Error: (01/07/2015 01:26:11 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :0" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 01:26:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0
Error: (01/07/2015 01:25:06 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :0" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 01:25:06 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :0" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 01:22:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :0" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 01:22:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :0" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 00:32:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :20" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 00:32:12 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3E71AE58-F755-43E6-B187-E3BD19DF11DC} because another computer on the network has the same name. The server could not start.
Microsoft Office Sessions:
=========================
Error: (08/19/2014 01:44:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1465 seconds with 540 seconds of active time. This session ended with a crash.
Error: (03/15/2013 03:22:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21825 seconds with 420 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7600 @ 3.06GHz
Percentage of memory in use: 35%
Total physical RAM: 3291.59 MB
Available physical RAM: 2113.93 MB
Total Pagefile: 6581.48 MB
Available Pagefile: 5088.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.32 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:290.08 GB) (Free:229.55 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 40000000)
Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)
Partition 2: (Active) - (Size=7.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-07 15:37:51
-----------------------------
15:37:51.814 OS Version: Windows 6.1.7601 Service Pack 1
15:37:51.814 Number of processors: 2 586 0x170A
15:37:51.815 ComputerName: OFFICE01 UserName: default
15:37:59.114 Initialize success
15:37:59.337 VM: initialized successfully
15:37:59.338 VM: Intel CPU supported
15:38:03.770 VM: supported disk I/O iaStor.sys
15:42:18.542 AVAST engine defs: 15010701
15:58:36.108 The log file has been saved successfully to "C:\Users\default.default-PC\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-07 15:59:47
-----------------------------
15:59:47.274 OS Version: Windows 6.1.7601 Service Pack 1
15:59:47.274 Number of processors: 2 586 0x170A
15:59:47.275 ComputerName: OFFICE01 UserName: default
15:59:48.548 Initialize success
15:59:48.575 VM: initialized successfully
15:59:48.577 VM: Intel CPU supported
15:59:53.696 VM: supported disk I/O iaStor.sys
16:00:13.810 AVAST engine defs: 15010701
16:00:22.972 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:00:22.976 Disk 0 Vendor: ST332041 CC45 Size: 305245MB BusType: 8
16:00:23.063 VM: Disk 0 MBR read successfully
16:00:23.068 Disk 0 MBR scan
16:00:23.074 Disk 0 Windows 7 default MBR code
16:00:23.079 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
16:00:23.095 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8118 MB offset 178176
16:00:23.102 Disk 0 default boot code
16:00:23.113 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 297039 MB offset 16803840
16:00:23.119 Disk 0 scanning sectors +625139712
16:00:23.180 Disk 0 scanning C:\Windows\system32\drivers
16:00:33.974 Service scanning
16:00:54.138 Modules scanning
16:00:54.146 Disk 0 trace - called modules:
16:00:54.180 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:00:54.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c5c030]
16:00:54.194 3 CLASSPNP.SYS[8bdad59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85e3b028]
16:01:00.014 AVAST engine scan C:\Windows
16:01:02.592 AVAST engine scan C:\Windows\system32
16:05:04.410 AVAST engine scan C:\Windows\system32\drivers
16:05:17.288 AVAST engine scan C:\Users\default.default-PC
16:13:40.963 AVAST engine scan C:\ProgramData
16:16:32.797 Disk 0 statistics 4066130/0/278 @ 3.33 MB/s
16:16:32.819 Scan finished successfully
17:07:18.705 Disk 0 MBR has been saved successfully to "C:\Users\default.default-PC\Desktop\MBR.dat"
17:07:18.709 The log file has been saved successfully to "C:\Users\default.default-PC\Desktop\aswMBR.txt"
Ran by default (administrator) on OFFICE01 on 07-01-2015 15:34:16
Running from C:\Users\default.default-PC\Desktop
Loaded Profile: default (Available profiles: default)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\System32\atashost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\AMT\lms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [104960 2009-10-15] ()
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-01-05] (Wave Systems Corp.)
HKLM\...\Run: [DellControlPoint] => C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2079792 2014-12-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-18] (Microsoft)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\Run: [Facebook Update] => "C:\Users\default.default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-19] (Google Inc.)
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\System32\avgrsstx.dll => C:\Windows\System32\avgrsstx.dll [12536 2010-07-15] (AVG Technologies CZ, s.r.o.)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-311597906-3463414758-3913683715-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-311597906-3463414758-3913683715-1000] => localhost:21320
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-311597906-3463414758-3913683715-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://navinet.navimedix.com/sign-in?ReturnUrl=/Main.aspx
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1D74A164-9F18-49B7-87F0-9AEEF495486D} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-311597906-3463414758-3913683715-1000 -> {1D74A164-9F18-49B7-87F0-9AEEF495486D} URL =
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Inbox Toolbar -> {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -> C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-311597906-3463414758-3913683715-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-311597906-3463414758-3913683715-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-311597906-3463414758-3913683715-1000 -> &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
FireFox:
========
FF ProfilePath: C:\Users\default.default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g0sveptx.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.eyefinity.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-311597906-3463414758-3913683715-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\default.default-PC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\default.default-PC\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atashost; C:\Windows\system32\atashost.exe [118568 2014-12-30] (Cisco WebEx LLC)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SQLVUE; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-10-15] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2009-10-14] (Intel Corporation )
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [16768 2011-04-08] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [211328 2010-01-05] (Wave Systems Corp.)
S3 catchme; \??\C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 15:34 - 2015-01-07 15:34 - 00017892 _____ () C:\Users\default.default-PC\Desktop\FRST.txt
2015-01-07 13:28 - 2015-01-07 13:28 - 00002133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-07 13:28 - 2015-01-07 13:28 - 00002121 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-07 13:28 - 2015-01-07 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-07 13:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-01-07 13:22 - 2015-01-07 13:24 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\default.default-PC\Desktop\spybot-2.4.exe
2015-01-07 10:28 - 2015-01-07 10:28 - 05198336 _____ (AVAST Software) C:\Users\default.default-PC\Desktop\aswMBR.exe
2015-01-07 10:24 - 2015-01-07 15:34 - 00000000 ____D () C:\FRST
2015-01-07 10:24 - 2015-01-07 10:24 - 01115648 _____ (Farbar) C:\Users\default.default-PC\Desktop\FRST.exe
2015-01-07 10:23 - 2015-01-07 10:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OFFICE01-Microsoft-Windows-7-Professional-(32-bit).dat
2015-01-07 10:22 - 2015-01-07 10:22 - 00002183 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-07 10:22 - 2015-01-07 10:22 - 00000000 ____D () C:\RegBackup
2015-01-07 10:22 - 2015-01-07 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-07 10:22 - 2015-01-07 10:22 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-01-07 10:20 - 2015-01-07 10:20 - 04215584 _____ () C:\Users\default.default-PC\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-05 11:52 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-05 11:52 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-05 11:52 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-05 11:52 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-05 11:51 - 2015-01-05 11:52 - 00004613 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-12-30 10:10 - 2014-12-30 10:10 - 00000000 ____D () C:\Users\default.default-PC\AppData\Local\WebEx
2014-12-17 19:23 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 03:21 - 2014-12-10 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:05 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:01 - 2014-12-10 03:04 - 00000000 ____D () C:\57587319f2c7f557c4d0721a20b8eec5
2014-12-09 23:49 - 2014-12-03 22:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 23:49 - 2014-12-03 22:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 23:49 - 2014-12-03 22:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 23:49 - 2014-12-03 22:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 23:49 - 2014-12-03 22:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 23:49 - 2014-12-03 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 23:49 - 2014-12-03 22:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 23:49 - 2014-12-01 17:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 23:49 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 23:49 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 23:49 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 23:49 - 2014-11-21 20:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 23:49 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 23:49 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 23:49 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 23:49 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 23:49 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 23:49 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 23:49 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 23:49 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 23:49 - 2014-11-21 19:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 23:49 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 23:49 - 2014-11-21 19:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 23:49 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 23:49 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 23:49 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 23:49 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 23:49 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 23:49 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 23:49 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 23:49 - 2014-11-21 19:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 23:49 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 23:49 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 23:49 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 23:49 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 23:49 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 23:49 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 23:49 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 23:49 - 2014-11-10 19:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 23:48 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 23:48 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 23:48 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 23:48 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 23:48 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 23:48 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 23:48 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 09:46 - 2014-12-09 09:46 - 00111836 _____ () C:\Users\default.default-PC\Desktop\Rehabilitation
2014-12-08 23:18 - 2014-12-08 23:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 15:09 - 2013-02-14 09:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 14:39 - 2010-03-19 10:51 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 14:04 - 2013-01-24 13:59 - 00000958 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000UA.job
2015-01-07 14:04 - 2013-01-24 13:59 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000Core.job
2015-01-07 13:33 - 2014-04-15 09:42 - 00021968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 13:33 - 2014-04-15 09:42 - 00021968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 13:30 - 2010-03-04 09:37 - 00862922 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 13:30 - 2009-07-13 22:55 - 01296053 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 13:28 - 2013-10-15 14:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-07 13:28 - 2013-10-15 14:53 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-07 13:26 - 2010-03-19 10:51 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 13:26 - 2010-03-08 14:40 - 00000000 _____ () C:\Users\default.default-PC\AppData\Local\WavXMapDrive.bat
2015-01-07 13:26 - 2010-03-04 12:25 - 00181680 _____ () C:\Windows\PFRO.log
2015-01-07 13:26 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 13:26 - 2009-07-13 22:39 - 00096166 _____ () C:\Windows\setupact.log
2015-01-07 13:25 - 2014-09-19 10:46 - 00000350 _____ () C:\Windows\wininit.ini
2015-01-07 08:26 - 2010-03-17 08:12 - 00000000 ____D () C:\Windows\system32\Drivers\Avg
2015-01-06 10:33 - 2014-07-24 10:02 - 00000000 ____D () C:\OptoVue
2015-01-05 15:34 - 2010-06-23 09:09 - 00000000 ____D () C:\ProgramData\webex
2015-01-05 11:53 - 2013-12-26 09:11 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-05 11:52 - 2010-08-17 08:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-05 11:52 - 2010-03-04 09:31 - 00000000 ____D () C:\Program Files\Java
2014-12-30 16:05 - 2010-12-21 11:03 - 00000000 __SHD () C:\Users\default.default-PC\Documents\cache
2014-12-30 14:56 - 2010-12-21 11:03 - 00000000 ____D () C:\Users\default.default-PC\AppData\Roaming\webex
2014-12-30 10:10 - 2010-06-23 09:32 - 00208168 _____ (Cisco WebEx LLC) C:\Windows\system32\atsckernel.exe
2014-12-30 10:10 - 2010-06-23 09:32 - 00118568 _____ (Cisco WebEx LLC) C:\Windows\system32\atashost.exe
2014-12-16 10:45 - 2013-11-27 08:19 - 00000000 ____D () C:\Users\default.default-PC\Desktop\Schambo
2014-12-15 18:17 - 2013-08-27 14:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-15 18:17 - 2013-08-27 14:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-15 10:09 - 2013-03-21 13:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-10 13:09 - 2013-02-14 09:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 13:09 - 2011-09-14 15:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 08:38 - 2014-10-01 08:24 - 00000000 ____D () C:\Poly Prior Authorization Letters
2014-12-10 03:59 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:21 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:21 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:05 - 2010-03-08 14:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:04 - 2013-08-15 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:01 - 2010-03-08 14:58 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 12:47
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by default at 2015-01-07 15:34:53
Running from C:\Users\default.default-PC\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Anti-Virus Free (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AmbirScanV1.1.2708 (HKLM\...\{B5DD1AEA-69EA-491C-A803-98BEAAFAE472}_is1) (Version: - Ambir Technology)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG Free 9.0 (HKLM\...\AVG9Uninstall) (Version: - AVG Technologies)
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother Software Suite (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 4.0.0.463 (HKLM\...\Bullzip PDF Printer_is1) (Version: - Bullzip)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Crystal Reports Runtime (HKLM\...\{6DD3F923-BD72-4784-8722-5440A7E9EE83}) (Version: 1.00.0000 - Compulink)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DCP32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Dell Backup and Recovery Manager (HKLM\...\{8DD67529-BA26-4D12-97A8-3853D0C4B67D}) (Version: 1.2.1 - Dell Inc.)
Dell Control Point (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.453.66 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.00.079 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.050 - Dell Inc.)
Document Manager Lite (Version: 06.09.00.147 - Wave Systems Corp.) Hidden
DVI Remote Rx Entry (HKLM\...\{1E0A64C0-7071-11D4-B2F8-00105AF63544}) (Version: - )
EMBASSY Security Center (Version: 04.00.00.071 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.058 - Wave Systems Corp) Hidden
ESC Home Page Plugin (Version: 04.00.00.010 - Wave Systems Corp) Hidden
EZ Calendar (HKLM\...\{a71b2005-36ef-4ee5-8059-02deb367cb98}) (Version: 1.0.0 - W3i, LLC)
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Plug-In (HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-311597906-3463414758-3913683715-1000\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
GPL Ghostscript Lite 9.10.16 (HKLM\...\GPL Ghostscript Lite_is1) (Version: - Free Distribution)
Inbox Toolbar (HKLM\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 1.0.0 - Inbox.com, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel(R) Network Connections 14.8.43.0 (HKLM\...\PROSetDX) (Version: 14.8.43.0 - Dell)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Medicare Remit EasyPrint (HKLM\...\{7EAEA40A-A6CA-4BA1-99C3-0782648E0F6B}) (Version: 3.3 - ViPS Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Recording Player (HKLM\...\{D12CD09C-BFEE-4B6F-A7F7-054AEA2E369C}) (Version: 2.3.1109 - WebEx Communications Inc.)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Preboot Manager (Version: 03.00.00.085 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.057 - Wave Systems Corp.) Hidden
PS467 (HKLM\...\{A12B5CE0-B331-4303-AD32-FDE876AED875}) (Version: 1.2.1001 - Ambir Technology)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Safari (HKLM\...\{5E453519-60F6-4A4D-A0BF-16663F9B3536}) (Version: 5.34.51.22 - Apple Inc.)
Security Wizards (Version: 01.07.00.023 - Your Company Name) Hidden
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SO32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusted Drive Manager (Version: 3.3.0.396 - Wave Systems Corp.) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.01.19.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.062 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\default.default-PC\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\webex\WebEx\1326\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{68324E93-8981-4DF6-8548-9AC98C46E176}\InprocServer32 -> C:\Users\default.default-PC\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\DynamicWebTwainCtrl.dll (Dynamsoft)
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\default.default-PC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-311597906-3463414758-3913683715-1000_Classes\CLSID\{E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758}\InprocServer32 -> C:\Users\default.default-PC\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\DynamicWebTwainCtrl.dll (Dynamsoft)
==================== Restore Points =========================
10-12-2014 03:00:34 Windows Update
10-12-2014 08:20:07 Avg Update
10-12-2014 08:20:56 Avg Update
10-12-2014 08:21:44 Avg Update
15-12-2014 10:12:51 Windows Update
18-12-2014 03:00:18 Windows Update
26-12-2014 00:00:05 Scheduled Checkpoint
29-12-2014 09:15:36 Avg Update
05-01-2015 11:51:13 Installed Java 7 Update 71
06-01-2015 18:00:02 Avg Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:04 - 2013-03-14 14:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {4C2832EF-0FED-4C7B-B938-83CAD00A0CEE} - System32\Tasks\{107460B0-C4F6-4137-A893-6C33C0E1B696} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {548FF2EE-3D36-4870-89E5-72D27CBC7233} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {5ADBB663-1CC0-440E-97DB-702B07DFB373} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {5C4E5818-4790-4D0A-A6A3-C5A57DFDAFEA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {7424D3E5-5C27-4E3B-B4AC-98BFE39409F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {7988EB42-AF59-432E-A763-CBC4C31A699E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000UA => C:\Users\default.default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {80311304-8691-42D8-A26D-5FEB34AE92F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9AF9D504-36A0-4A76-8443-2D7D1EB2CCD1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000Core => C:\Users\default.default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {C68BDB96-7533-4BCB-B7BA-30EF57CA1D7C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {CB358341-FFD0-492B-9755-A799C7D05C8F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000Core.job => C:\Users\default.default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-311597906-3463414758-3913683715-1000UA.job => C:\Users\default.default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-04 09:33 - 2009-10-15 10:57 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2015-01-07 13:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-07 13:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2009-11-19 14:47 - 2009-11-19 14:47 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2009-11-13 07:17 - 2009-11-13 07:17 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 12:24 - 2008-11-12 12:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2013-05-09 13:17 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2013-05-09 13:17 - 2012-05-25 03:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2015-01-07 13:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-07 13:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-07 13:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-311597906-3463414758-3913683715-500 - Administrator - Disabled)
ASPNET (S-1-5-21-311597906-3463414758-3913683715-1003 - Limited - Enabled)
default (S-1-5-21-311597906-3463414758-3913683715-1000 - Administrator - Enabled) => C:\Users\default.default-PC
Guest (S-1-5-21-311597906-3463414758-3913683715-501 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2015 01:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Office01.local already in use; will try Office01-2.local instead
Error: (01/07/2015 01:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Office01.local. Addr 192.168.10.113
Error: (01/07/2015 01:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.10.138:5353 4 OFFICE01.local. Addr 192.168.10.138
Error: (01/07/2015 00:31:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Office01.local already in use; will try Office01-2.local instead
Error: (01/07/2015 00:31:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Office01.local. Addr 192.168.10.113
Error: (01/07/2015 00:31:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.10.138:5353 4 OFFICE01.local. Addr 192.168.10.138
Error: (01/06/2015 06:00:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6a6f0041-e10d-42b5-ac81-f153a43a108d}
Error: (01/06/2015 07:52:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EYECARE.EXE version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1698
Start Time: 01d029b75a5c48b7
Termination Time: 7
Application Path: X:\EYECARE\EYECARE.EXE
Report Id: 39059275-95ab-11e4-b473-a4badbe86116
Error: (01/06/2015 07:46:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Office01.local already in use; will try Office01-2.local instead
Error: (01/06/2015 07:46:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Office01.local. Addr 192.168.10.113
System errors:
=============
Error: (01/07/2015 01:26:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :20" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 01:26:18 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3E71AE58-F755-43E6-B187-E3BD19DF11DC} because another computer on the network has the same name. The server could not start.
Error: (01/07/2015 01:26:11 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :0" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 01:26:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0
Error: (01/07/2015 01:25:06 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :0" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 01:25:06 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :0" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 01:22:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :0" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 01:22:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :0" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 00:32:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OFFICE01 :20" could not be registered on the interface with IP address 192.168.10.113.
The computer with the IP address 192.168.10.138 did not allow the name to be claimed by
this computer.
Error: (01/07/2015 00:32:12 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3E71AE58-F755-43E6-B187-E3BD19DF11DC} because another computer on the network has the same name. The server could not start.
Microsoft Office Sessions:
=========================
Error: (08/19/2014 01:44:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1465 seconds with 540 seconds of active time. This session ended with a crash.
Error: (03/15/2013 03:22:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21825 seconds with 420 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7600 @ 3.06GHz
Percentage of memory in use: 35%
Total physical RAM: 3291.59 MB
Available physical RAM: 2113.93 MB
Total Pagefile: 6581.48 MB
Available Pagefile: 5088.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.32 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:290.08 GB) (Free:229.55 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 40000000)
Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)
Partition 2: (Active) - (Size=7.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-07 15:37:51
-----------------------------
15:37:51.814 OS Version: Windows 6.1.7601 Service Pack 1
15:37:51.814 Number of processors: 2 586 0x170A
15:37:51.815 ComputerName: OFFICE01 UserName: default
15:37:59.114 Initialize success
15:37:59.337 VM: initialized successfully
15:37:59.338 VM: Intel CPU supported
15:38:03.770 VM: supported disk I/O iaStor.sys
15:42:18.542 AVAST engine defs: 15010701
15:58:36.108 The log file has been saved successfully to "C:\Users\default.default-PC\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-07 15:59:47
-----------------------------
15:59:47.274 OS Version: Windows 6.1.7601 Service Pack 1
15:59:47.274 Number of processors: 2 586 0x170A
15:59:47.275 ComputerName: OFFICE01 UserName: default
15:59:48.548 Initialize success
15:59:48.575 VM: initialized successfully
15:59:48.577 VM: Intel CPU supported
15:59:53.696 VM: supported disk I/O iaStor.sys
16:00:13.810 AVAST engine defs: 15010701
16:00:22.972 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:00:22.976 Disk 0 Vendor: ST332041 CC45 Size: 305245MB BusType: 8
16:00:23.063 VM: Disk 0 MBR read successfully
16:00:23.068 Disk 0 MBR scan
16:00:23.074 Disk 0 Windows 7 default MBR code
16:00:23.079 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
16:00:23.095 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8118 MB offset 178176
16:00:23.102 Disk 0 default boot code
16:00:23.113 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 297039 MB offset 16803840
16:00:23.119 Disk 0 scanning sectors +625139712
16:00:23.180 Disk 0 scanning C:\Windows\system32\drivers
16:00:33.974 Service scanning
16:00:54.138 Modules scanning
16:00:54.146 Disk 0 trace - called modules:
16:00:54.180 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:00:54.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c5c030]
16:00:54.194 3 CLASSPNP.SYS[8bdad59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85e3b028]
16:01:00.014 AVAST engine scan C:\Windows
16:01:02.592 AVAST engine scan C:\Windows\system32
16:05:04.410 AVAST engine scan C:\Windows\system32\drivers
16:05:17.288 AVAST engine scan C:\Users\default.default-PC
16:13:40.963 AVAST engine scan C:\ProgramData
16:16:32.797 Disk 0 statistics 4066130/0/278 @ 3.33 MB/s
16:16:32.819 Scan finished successfully
17:07:18.705 Disk 0 MBR has been saved successfully to "C:\Users\default.default-PC\Desktop\MBR.dat"
17:07:18.709 The log file has been saved successfully to "C:\Users\default.default-PC\Desktop\aswMBR.txt"