Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help My Computer to Run Properly Again. I think it Has Ebola or Flu


  • This topic is locked This topic is locked
3 replies to this topic

#1 KitKatTX

KitKatTX

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:43 AM

Posted 10 January 2015 - 02:06 PM

:notme: Hello,
 
This is my first post so please be nice.... :thumbup2:
 
My name is Kathy and I am trying to figure out why our family's computer is running as if it has a horrible disease.  I am extremely good at following instructions and not intimidated when given instructions.  In other words...I'm here to fix and also to learn so that I may be able to help others in the future.  Basically, the computer is extremely slow, sometimes sits at 100% CPU, okay, a lot of the time.  My husband just wants me to give up on it but I have heard and read amazing things about your site and would rather reward those that truly care with donations than take the computer into a person paid hourly.
 
Please tell me what information I need to provide to begin the process of elimination in determining the reasons for what is going on.
 
Looking forward to hearing from someone soon and will also check often so as not to waste your time.
 
Sincerely,
 
Kathy

Edited by Queen-Evie, 10 January 2015 - 05:30 PM.
moved from Am I Infected to Malware Removal Logs. FRST logs are allowed only in MRL


BC AdBot (Login to Remove)

 


#2 KitKatTX

KitKatTX
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:43 AM

Posted 10 January 2015 - 02:57 PM

Hello, I saw a post that also referred to astromenda.....and in my uninstall program list, I found wse_astromenda that was installed last September. I didn't choose to use the uninstall option until I heard back from you as I don't want to make it any worse....

 

I had a slow computer prior to that and think it is more than just Astromenda.  

 

However, in the post I did read,you instructed the person to do a Fabar Recovery Scan so I did the same.  I hope that this will jump start in helping me with my problem/problems.

 

 

Scans:

 

First Scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2015
Ran by Kathy (administrator) on TODDSNOTEBOOK on 10-01-2015 13:37:25
Running from C:\Users\Kathy\Desktop
Loaded Profile: Kathy (Available profiles: Todd's Notebook & Kathy & Brennan & Isabella & Bennie The Son)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\Run: [8166B47CB497A32C434CDEF51CB77016E3B9E510._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\Run: [GoogleChromeAutoLaunch_1A306F60E92D022903A6BB979BA46A96] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\Run: [DellSystemDetect] => C:\Users\Kathy\AppData\Local\Apps\2.0\J8JC02JL.1ED\A33DJRK3.MKO\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-10] (Dell)
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\MountPoints2: {03c2f6cd-0a27-11e4-875f-24b6fd2ff9d5} - E:\LaunchU3.exe -a
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\MountPoints2: {811139b1-ac1f-11e3-8067-c018853363e8} - E:\LaunchU3.exe -a
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\MountPoints2: {e7a65731-0fa5-11e4-aecc-24b6fd2ff9d5} - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Todd's Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710n-z (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710n-z (Network).lnk -> C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Todd's Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-756113742-4085774836-1064593311-1011\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-756113742-4085774836-1064593311-1010\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-756113742-4085774836-1064593311-1005\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-756113742-4085774836-1064593311-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-756113742-4085774836-1064593311-1003 -> {47BF4A55-C234-40A1-B82F-E67AD1365598} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HelperObject Class -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKU\S-1-5-21-756113742-4085774836-1064593311-1003 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKU\S-1-5-21-756113742-4085774836-1064593311-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\xo4cq2hw.default-1403389402644
FF DefaultSearchEngine: Bing 
FF SelectedSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-756113742-4085774836-1064593311-1003: @nds.com/PlayerPlugin -> C:\Users\Kathy\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin HKU\S-1-5-21-756113742-4085774836-1064593311-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kathy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-756113742-4085774836-1064593311-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kathy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-756113742-4085774836-1064593311-1003: NDS.com/PlayerPlugin -> C:\Users\Kathy\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF user.js: detected! => C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\xo4cq2hw.default-1403389402644\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPFxViewer.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\xo4cq2hw.default-1403389402644\searchplugins\bingp.xml
FF Extension: Ads Removal - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\xo4cq2hw.default-1403389402644\Extensions\adremoveext@adremoveext.net [2014-10-19]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\xo4cq2hw.default-1403389402644\Extensions\ascsurfingprotection@iobit.com [2014-10-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-12]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-12]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-12]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-12]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.myfoxhouston.com/category/230245/news", "hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0EtBtCzzzzyDtAtAyCtA0EyBzzyC0DyEtN0D0Tzu0SzyzytAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0ByDzzyEtBtDyEtG0A0D0D0FtG0CzztA0DtG0CtAtD0EtGtDyBtCtCyDtA0B0BtCzz0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtC0CtA0EtCyCtBtGyB0AtA0BtGyEyD0EtBtGzyyCzy0CtGtD0DzyyBtD0AyEyCtB0D0ByC2Q&cr=402982674&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Duolingo on the Web) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-07-01]
CHR Extension: (TechSmith Snagit (Extension)) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\annopcfmbiofommjmcmcfmhklhgbhkce [2014-11-11]
CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-14]
CHR Extension: (iCloud) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2014-07-01]
CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-07]
CHR Extension: (GeoGebra) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-07-08]
CHR Extension: (ScootPad) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boihgpoojeingjbbdjmoocbdibophjap [2014-08-09]
CHR Extension: (Adblock Plus) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-08]
CHR Extension: (2048) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgddkicplcbgjfobecebadodeggpghp [2014-07-08]
CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-07]
CHR Extension: (Kaspersky Protection) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-12]
CHR Extension: (Pixlr-o-matic) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2014-07-01]
CHR Extension: (Google Calendar) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-10-15]
CHR Extension: (TechSmith Snagit) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnghgbgmemnlbckdipnmelbanpgneik [2014-07-08]
CHR Extension: (PicMonkey) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-07-01]
CHR Extension: (Full Screen Weather) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-07-08]
CHR Extension: (English to Spanish Translator) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmobibcldjllcmfjnmplpaocapaeainm [2014-02-26]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-10-15]
CHR Extension: (SoundCloud) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-10-15]
CHR Extension: (Pixlr Touch Up) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2014-07-01]
CHR Extension: (Autodesk Homestyler) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-10-15]
CHR Extension: (Evernote Web) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-10-15]
CHR Extension: (Google Maps) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-02-18]
CHR Extension: (Google Wallet) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (piZap Photo Editor) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2014-02-25]
CHR Extension: (Spot - Date Clipper for Google Calendar™) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogalaicobgnjddfiiananilkfdecfcki [2014-02-19]
CHR Extension: (Photo Collage) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiabhgfgfhoilflkoicbmnejgjjfmhcg [2014-02-25]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2014-07-08]
CHR Extension: (Astromenda New Tab) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-12-02]
CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-07]
CHR Extension: (Photo Grid) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmekmcgihgjbmlcoddkjbcclbjnfldl [2014-02-25]
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-22]
CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-22]
CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-22]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-05-22]
CHR Extension: (WebToSave) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd [2014-05-22]
CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-22]
CHR Extension: (Anti-Banner) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-05-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0079411350085522mcinstcleanup; C:\Users\TODD'S~1\AppData\Local\Temp\007941~1.EXE [828032 2012-09-04] (McAfee, Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 HPSLPSVC; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 HPSLPSVC; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-08] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-10-19] (Intel Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-21] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 13:37 - 2015-01-10 13:38 - 00034909 _____ () C:\Users\Kathy\Desktop\FRST.txt
2015-01-10 13:36 - 2015-01-10 13:37 - 00000000 ____D () C:\FRST
2015-01-10 13:35 - 2015-01-10 13:35 - 02124288 _____ (Farbar) C:\Users\Kathy\Desktop\FRST64.exe
2015-01-10 13:28 - 2015-01-10 13:28 - 01137360 _____ (F-Secure Corporation) C:\Users\Kathy\Downloads\fsbl.exe
2015-01-10 12:51 - 2015-01-10 12:51 - 00051486 _____ () C:\Users\Kathy\Downloads\Result.txt
2015-01-10 12:50 - 2015-01-10 12:50 - 00401920 _____ (Farbar) C:\Users\Kathy\Downloads\MiniToolBox.exe
2015-01-09 21:27 - 2015-01-09 21:27 - 02212197 _____ () C:\Users\Todd's Notebook\Downloads\SecureMessageAtt.html
2015-01-08 20:40 - 2015-01-08 20:44 - 00000000 ____D () C:\Users\Kathy\Documents\Hypnosis
2015-01-06 21:07 - 2015-01-06 21:07 - 00063673 _____ () C:\Users\Todd's Notebook\Downloads\01-Jan-2014_to_07-Jan-2015.csv
2015-01-04 18:21 - 2015-01-04 18:21 - 00011877 _____ () C:\Users\Todd's Notebook\Desktop\Capital Gains- Draper Home.xlsx
2015-01-04 18:20 - 2015-01-04 18:20 - 00011855 _____ () C:\Users\Todd's Notebook\Downloads\Capital Gains- Draper Home.xlsx
2015-01-04 13:14 - 2015-01-04 13:14 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-04 13:13 - 2015-01-04 13:13 - 05197824 _____ () C:\Users\Kathy\Downloads\HPSupportSolutionsFramework-en-11.51.0048 (1).msi
2015-01-04 13:12 - 2015-01-04 13:13 - 05197824 _____ () C:\Users\Kathy\Downloads\HPSupportSolutionsFramework-en-11.51.0048.msi
2015-01-02 12:44 - 2015-01-02 12:44 - 00022893 _____ () C:\Users\Todd's Notebook\Desktop\Copy of BVI Jan 2015.xlsx
2014-12-31 13:38 - 2014-12-31 13:38 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Softland
2014-12-31 13:37 - 2014-12-31 13:37 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Startup
2014-12-31 13:36 - 2014-12-31 13:36 - 00000000 ____D () C:\ProgramData\Softland
2014-12-31 13:35 - 2014-12-31 13:42 - 00000000 ____D () C:\Program Files\Softland
2014-12-31 13:34 - 2014-12-31 13:43 - 00000000 ____D () C:\Program Files (x86)\Softland
2014-12-31 13:17 - 2014-12-31 13:25 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\NCH Software
2014-12-31 13:16 - 2014-12-31 13:25 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-12-31 13:16 - 2014-12-31 13:24 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2014-12-31 13:16 - 2014-12-31 13:24 - 00000000 ____D () C:\ProgramData\NCH Software
2014-12-31 13:07 - 2014-12-31 13:07 - 00000000 ____D () C:\Users\Kathy\Documents\Excel Information
2014-12-26 18:25 - 2014-12-26 18:25 - 00000000 ____D () C:\Users\Todd's Notebook\AppData\Local\Intuit_Inc
2014-12-26 17:48 - 2014-12-26 17:48 - 00000000 ____D () C:\Users\Todd's Notebook\AppData\Local\IsolatedStorage
2014-12-26 17:48 - 2014-12-26 17:48 - 00000000 ____D () C:\Users\Todd's Notebook\AppData\Local\Intuit
2014-12-26 17:24 - 2014-09-29 23:45 - 09065688 _____ (Amyuni Technologies http://www.amyuni.com) C:\windows\system32\cdintf500_64.dll
2014-12-26 17:24 - 2014-09-29 23:45 - 07280344 _____ (Amyuni Technologies http://www.amyuni.com) C:\windows\SysWOW64\cdintf500.dll
2014-12-26 17:23 - 2014-12-26 18:10 - 00000000 ____D () C:\Program Files (x86)\Quicken
2014-12-26 17:23 - 2014-12-26 17:23 - 00001808 _____ () C:\Users\Public\Desktop\Quicken Deluxe 2015.lnk
2014-12-26 17:23 - 2014-12-26 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2015
2014-12-26 17:19 - 2014-12-26 17:20 - 144938856 _____ (Intuit Inc. ) C:\Users\Todd's Notebook\Downloads\Quicken_Deluxe_2015.exe
2014-12-26 17:17 - 2014-12-26 18:27 - 49700864 _____ () C:\Users\Todd's Notebook\Desktop\Gatewood 2012-09-26-2014-12-26.QDF-backup
2014-12-26 15:27 - 2014-12-26 15:27 - 00000000 ____D () C:\Temp
2014-12-21 21:44 - 2014-12-21 21:44 - 00958992 _____ (CyberLink) C:\Users\Kathy\Downloads\CyberLink_PhotoDirector_Downloader.exe
2014-12-21 21:30 - 2014-12-21 21:31 - 154194744 _____ () C:\Users\Kathy\Documents\CL.v3124_43538_Spr_PTD120815-02.exe
2014-12-18 16:35 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 16:35 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-18 16:29 - 2014-12-18 16:29 - 00020292 _____ () C:\Users\Brennan\Downloads\Copy of Final Grade Calculator (Fall 2014) (3).xlsx
2014-12-18 16:29 - 2014-12-18 16:29 - 00020292 _____ () C:\Users\Brennan\Downloads\Copy of Final Grade Calculator (Fall 2014) (2).xlsx
2014-12-18 16:27 - 2014-12-18 16:28 - 00020292 _____ () C:\Users\Brennan\Downloads\Copy of Final Grade Calculator (Fall 2014) (1).xlsx
2014-12-18 16:27 - 2014-12-18 16:27 - 00020292 _____ () C:\Users\Brennan\Downloads\Copy of Final Grade Calculator (Fall 2014).xlsx
2014-12-17 12:12 - 2014-12-17 12:12 - 00022528 _____ () C:\Users\Kathy\AppData\Local\dsisetup575980492.exe
2014-12-16 22:38 - 2014-12-16 22:38 - 00880784 _____ (Google Inc.) C:\Users\Kathy\Downloads\ChromeSetup.exe
2014-12-11 08:41 - 2014-12-11 09:32 - 00000000 ____D () C:\Users\Kathy\3302 Information
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 13:12 - 2014-09-19 18:12 - 00000292 _____ () C:\windows\Tasks\WSE_Astromenda.job
2015-01-10 12:54 - 2014-02-15 12:33 - 00000000 ____D () C:\Users\Kathy\Documents\Computer Details
2015-01-10 12:43 - 2012-10-13 17:24 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 12:34 - 2013-04-17 20:08 - 00000000 ____D () C:\Users\Kathy\AppData\Local\CrashDumps
2015-01-10 12:27 - 2009-07-13 22:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 12:27 - 2009-07-13 22:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 12:23 - 2012-03-15 12:36 - 01753440 _____ () C:\windows\WindowsUpdate.log
2015-01-10 12:22 - 2013-08-05 15:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-10 12:20 - 2014-11-16 11:42 - 00000000 ___RD () C:\Users\Kathy\iCloudDrive
2015-01-10 12:20 - 2012-10-13 17:24 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 12:19 - 2014-11-21 23:27 - 00004973 _____ () C:\windows\setupact.log
2015-01-10 12:19 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-10 12:03 - 2014-11-10 12:12 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2015-01-10 12:02 - 2014-11-10 11:55 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Deployment
2015-01-10 12:02 - 2012-10-14 08:00 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-08 20:40 - 2014-02-18 13:11 - 00000000 ____D () C:\Users\Kathy\Documents\Pearson Text Books
2015-01-06 14:21 - 2014-01-23 11:36 - 00000000 ____D () C:\Users\Kathy\Documents\Personal Stuff
2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-05 12:58 - 2009-07-13 23:13 - 00788168 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-05 10:22 - 2014-11-21 23:27 - 00014736 _____ () C:\windows\PFRO.log
2015-01-04 14:04 - 2014-02-07 15:54 - 00000000 ____D () C:\Users\Kathy\Acct Cancels
2015-01-04 13:52 - 2012-12-18 15:40 - 00000000 ____D () C:\Users\Kathy\Documents\Outlook Files
2015-01-04 13:52 - 2012-12-18 13:22 - 00000000 ____D () C:\Users\Kathy
2015-01-04 13:47 - 2013-02-14 12:26 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Downloaded Installations
2015-01-04 13:16 - 2013-10-18 11:00 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\HpUpdate
2015-01-04 12:01 - 2012-10-14 19:02 - 00000000 ____D () C:\Users\Todd's Notebook\Documents\Quicken
2015-01-04 11:57 - 2014-09-28 14:44 - 00024139 _____ () C:\Users\Todd's Notebook\Documents\Land Cruiser Worksheet.xlsx
2014-12-31 13:00 - 2012-12-18 13:22 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Microsoft Help
2014-12-30 21:13 - 2014-02-12 08:08 - 00000000 ____D () C:\Users\Kathy\Purchases with trial or purchase
2014-12-28 18:59 - 2014-09-28 14:44 - 00022527 _____ () C:\Users\Todd's Notebook\Documents\9EEC981E.tmp
2014-12-26 18:12 - 2012-10-14 18:59 - 00000000 ____D () C:\ProgramData\Intuit
2014-12-26 17:23 - 2012-10-14 18:59 - 00000126 _____ () C:\windows\QUICKEN.INI
2014-12-26 15:35 - 2014-02-18 13:07 - 00000000 ____D () C:\ProgramData\Ultimate Typing
2014-12-26 15:12 - 2014-06-21 19:38 - 00000000 ____D () C:\Users\Todd's Notebook\AppData\Roaming\IObit
2014-12-26 15:07 - 2014-02-22 10:34 - 00000000 ____D () C:\Users\Todd's Notebook\Documents\Land Cruiser Service Manual
2014-12-25 09:01 - 2009-07-13 23:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-12-24 14:22 - 2013-12-03 17:22 - 00000000 ____D () C:\Users\Brennan\AppData\Roaming\.minecraft
2014-12-21 21:45 - 2012-03-15 12:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-21 21:44 - 2012-03-15 12:54 - 00000000 ____D () C:\ProgramData\Temp
2014-12-21 21:28 - 2013-02-01 11:58 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-21 21:13 - 2014-06-21 17:43 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-21 21:12 - 2014-09-19 19:12 - 00000156 _____ () C:\Users\Kathy\AppData\Roaming\WB.CFG
2014-12-19 14:02 - 2012-10-14 19:32 - 00000000 ____D () C:\Users\Todd's Notebook\AppData\Local\CrashDumps
2014-12-17 13:53 - 2013-03-06 10:38 - 00050688 ___SH () C:\Users\Kathy\Thumbs.db
2014-12-17 12:12 - 2014-12-02 08:12 - 00000010 _____ () C:\Users\Kathy\AppData\Local\DSI.DAT
2014-12-16 22:39 - 2014-06-02 16:00 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-16 22:38 - 2012-10-13 17:24 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-16 22:38 - 2012-10-13 17:24 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-12 12:40 - 2014-09-18 13:26 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-12 12:40 - 2013-09-13 14:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
 
Some content of TEMP:
====================
C:\Users\Brennan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Isabella\AppData\Local\Temp\ICReinstall_MinecraftSetup.exe
C:\Users\Kathy\AppData\Local\Temp\SpOrder.dll
C:\Users\Kathy\AppData\Local\Temp\stageremote_2.0.0.43_2.0.0.50_update_all.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\0079411350085522mcinst.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\09e3d67d5efa892a05d9def65d9a1e78.dll
C:\Users\Todd's Notebook\AppData\Local\Temp\Couponscom.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\DefaultPack.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\gwunstal.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\mpegc.dll
C:\Users\Todd's Notebook\AppData\Local\Temp\nitro_reader3_x64(1).exe
C:\Users\Todd's Notebook\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\oi_{D73B653C-1A84-49AA-8BFE-7CC9D8812842}.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\Upgrade.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\_isAAE5.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\_isB580.exe
C:\Users\Todd's Notebook\AppData\Local\Temp\_isCD63.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 11:09
 
==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

Additional:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2015
Ran by Kathy at 2015-01-10 13:38:57
Running from C:\Users\Kathy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS RT-AC68U Wireless Router Utilities (HKLM-x32\...\{B87CD6CC-8094-496C-99BA-4425169948C9}) (Version: 4.2.9.2 - ASUS)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2010201342.48.56.39458170 - Audible, Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.83 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3618 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell System Detect (HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DIRECTV Player (HKLM-x32\...\{a1bb9be6-729f-4049-a36a-aad335c86c01}) (Version: 9.2 - DIRECTV)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Online Backup (HKLM-x32\...\Online Backup) (Version: 2.33 - www.backup.com)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.3.3 - Intuit)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SnagIt 8 (HKLM-x32\...\{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}) (Version: 8.0.0 - TechSmith Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-756113742-4085774836-1064593311-1003\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version:  - WSE_Astromenda) <==== ATTENTION!
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
09-01-2015 20:18:06 Windows Update
09-01-2015 20:18:07 Removed iSEEK AnswerWorks English Runtime
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00FAB1AE-F18F-4825-B654-10780FB576B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13] (Google Inc.)
Task: {0E092F0F-764D-42C6-A37C-086DEF621C21} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {3E38EB36-B34E-40FF-93AF-6DBF70A732B7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3EF36C90-2BB2-48F1-824F-4C913D41EA4A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {4324BA84-7046-4C21-83BD-CD67BC461FE7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {43DFF3BF-5B00-4D7B-985F-09AF36E04804} - System32\Tasks\{87AE2DDF-D1D5-45F6-95D3-7F8DFDDE561C} => pcalua.exe -a "C:\Program Files\Online Backup\OnlineBackup.exe" -c UNINSTALL
Task: {454CEBA5-8B25-4798-944E-6B66D416E9DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-756113742-4085774836-1064593311-1005Core => C:\Users\Brennan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-12] (Facebook Inc.)
Task: {468FDEEA-8DF6-479E-B236-6D399C602469} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {470CA191-7BDA-4C91-A2F8-60672F4282C8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-21] (Adobe Systems Incorporated)
Task: {48E1F6E0-87ED-4879-AA03-6A8E8CFBD166} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {575C7249-3BBC-4D33-AD6F-C07E0DCF3599} - System32\Tasks\ScanToPCActivationApp.exe_{27D6A27D-0486-4F9F-9D78-19857855E817} => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5838CF37-67BD-4401-9C74-58C38110C9CF} - System32\Tasks\LaunchApp => C:\Program Files (x86)\JustCloud\JustCloud.exe
Task: {5C09289E-5E60-470B-A67F-A8CA00B2CC30} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {65D1B352-24EF-426F-8D91-BC0FB8F929ED} - System32\Tasks\Reset ShopAtHome BAC => C:\Users\Todd's Notebook\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe [2013-08-26] (ShopAtHome.com)
Task: {677AB6CC-5CC3-474C-934A-02A66C15CE93} - System32\Tasks\SmartDefragUpdate => C:\Users\Kathy\Downloads\SmartDefragPortable\App\SmartDefrag\AutoUpdate.exe [2013-05-22] (IObit)
Task: {6FEA01F4-823C-4B5D-9C55-3D8980ECC4EF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-756113742-4085774836-1064593311-1005UA => C:\Users\Brennan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-12] (Facebook Inc.)
Task: {7D857BE0-64F2-4EF0-A2CD-94EB725BB7D5} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {7EE0CEA1-A611-4A70-98A6-1F52C3F4BC26} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\JustCloud\Signup Wizard.exe
Task: {88BDEF5F-3CC8-4578-B2A9-0C0F1BB63326} - System32\Tasks\Driver Booster SkipUAC (Kathy) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {A10109CA-8103-446B-AF17-99FC3C4CB505} - System32\Tasks\{53C53F15-07AE-49D2-8064-6442670819B7} => pcalua.exe -a C:\Users\Kathy\Downloads\Magellan_Maestro_4250_4_86_Rel1\Magellan_Maestro_4250_4_86_Rel1.exe -d C:\Users\Kathy\Downloads\Magellan_Maestro_4250_4_86_Rel1
Task: {A2D235F6-4256-4208-80D4-FCA6FBFB7818} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-756113742-4085774836-1064593311-1003Core => C:\Users\Kathy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-03] (Facebook Inc.)
Task: {AD0D5B8B-0C98-4E76-ACB2-A1B09558EC77} - System32\Tasks\{92D483EF-7632-4618-AD21-AFCB206804BE} => pcalua.exe -a C:\Users\Kathy\Desktop\citrixwire_free.exe -d C:\Users\Kathy\Desktop
Task: {B0399DAF-6E1B-4225-9A6B-6DE2ED23C990} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {DA06D028-D278-475E-8262-2721D21C9E6F} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {DB16BF75-08C0-45E6-8AB5-B5587C135A79} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E4DEF44E-AB38-4D3C-918D-A92194DA8FC8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-756113742-4085774836-1064593311-1003UA => C:\Users\Kathy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-03] (Facebook Inc.)
Task: {E6C3FA7E-DED9-4CAB-B0A2-7981B2F9348A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13] (Google Inc.)
Task: {F3D5D911-34B7-4C05-BFC0-3E21B7F35900} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {F9D38321-CBF0-45E2-A3A0-76079F06F3EE} - \DSite No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-756113742-4085774836-1064593311-1003Core.job => C:\Users\Kathy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-756113742-4085774836-1064593311-1003UA.job => C:\Users\Kathy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-756113742-4085774836-1064593311-1005Core.job => C:\Users\Brennan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-756113742-4085774836-1064593311-1005UA.job => C:\Users\Brennan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\WSE_Astromenda.job => C:\Users\Kathy\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-22 10:44 - 2011-02-28 16:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2012-03-15 15:10 - 2011-03-25 19:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-29 07:52 - 2011-06-29 07:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-12-16 22:39 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-16 22:39 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-16 22:39 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-16 22:39 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:054203E4
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\Services: CouponPrinterService => 2
MSCONFIG\Services: RoxWatch12 => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 8.lnk => C:\windows\pss\SnagIt 8.lnk.CommonStartup
MSCONFIG\startupreg: 8166B47CB497A32C434CDEF51CB77016E3B9E510._service_ => "c:\program files (x86)\google\chrome\application\chrome.exe" --type=service
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: APSDaemon => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: AtherosBtStack => c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
MSCONFIG\startupreg: BrowserAppCoreService => c:\users\kathy\appdata\roaming\shopathome.com browserappcore service\sahprocessmanager.exe "c:\users\kathy\appdata\roaming\shopathome.com browserappcore service\shopathome_bac_service.exe" "restart"
MSCONFIG\startupreg: Dell DataSafe Online => c:\program files (x86)\dell\dell datasafe online\nobuclient.exe
MSCONFIG\startupreg: Dell Webcam Central => "c:\program files (x86)\dell webcam\dell webcam central\webcamdell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "c:\program files (x86)\dell stage\dell stage\stage_primary.exe" "c:\program files (x86)\dell stage\dell stage\start.umj" --startup
MSCONFIG\startupreg: Facebook Update => "C:\Users\Kathy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FAHConsole => c:\program files\file association helper\fahconsole.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_1A306F60E92D022903A6BB979BA => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Officejet 6500 E710n-z (NET) => "c:\program files\hp\hp officejet 6500 e710n-z\bin\scantopcactivationapp.exe" -deviceid "cn1af340x505jw:nw" -scfn "hp officejet 6500 e710n-z (net)" -autostart 1
MSCONFIG\startupreg: HP Software Update => c:\program files (x86)\hp\hp software update\hpwuschd2.exe
MSCONFIG\startupreg: iCloudDrive => c:\program files (x86)\common files\apple\internet services\iclouddrive.exe
MSCONFIG\startupreg: iCloudServices => c:\program files (x86)\common files\apple\internet services\icloudservices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PCShowServer => c:\users\kathy\appdata\local\directv player\pcshowserverpmwrapper.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files (x86)\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => c:\program files (x86)\common files\roxio shared\oem\12.0\sharedcom\roxwatchtray12oem.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => c:\program files (x86)\common files\wondershare\wondershare helper compact\wshelper.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-756113742-4085774836-1064593311-500 - Administrator - Disabled)
Bennie The Son (S-1-5-21-756113742-4085774836-1064593311-1011 - Limited - Enabled) => C:\Users\Bennie The Son
Brennan (S-1-5-21-756113742-4085774836-1064593311-1005 - Limited - Enabled) => C:\Users\Brennan
Guest (S-1-5-21-756113742-4085774836-1064593311-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-756113742-4085774836-1064593311-1002 - Limited - Enabled)
Isabella (S-1-5-21-756113742-4085774836-1064593311-1010 - Limited - Enabled) => C:\Users\Isabella
Kathy (S-1-5-21-756113742-4085774836-1064593311-1003 - Administrator - Enabled) => C:\Users\Kathy
Todd's Notebook (S-1-5-21-756113742-4085774836-1064593311-1000 - Administrator - Enabled) => C:\Users\Todd's Notebook
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1702 Bluetooth v3.0+HS
Description: Dell Wireless 1702 Bluetooth v3.0+HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Sftfs
Description: Sftfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Sftfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/10/2015 01:31:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 864
 
Start Time: 01d02d020626d82b
 
Termination Time: 46
 
Application Path: C:\windows\Explorer.EXE
 
Report Id: 3a4805db-98ff-11e4-9fd2-24b6fd2ff9d5
 
Error: (01/10/2015 00:34:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iTunes.exe, version: 12.0.1.26, time stamp: 0x543e558b
Faulting module name: objc.dll, version: 1.528.0.120, time stamp: 0x5400227d
Exception code: 0xc0000005
Fault offset: 0x00006be4
Faulting process id: 0x1764
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3
 
Error: (01/10/2015 00:23:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/10/2015 00:22:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 007941~1.EXE, version: 6.6.119.0, time stamp: 0x50462671
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x8c4
Faulting application start time: 0x007941~1.EXE0
Faulting application path: 007941~1.EXE1
Faulting module path: 007941~1.EXE2
Report Id: 007941~1.EXE3
 
Error: (01/10/2015 11:25:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/10/2015 11:23:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 007941~1.EXE, version: 6.6.119.0, time stamp: 0x50462671
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1528
Faulting application start time: 0x007941~1.EXE0
Faulting application path: 007941~1.EXE1
Faulting module path: 007941~1.EXE2
Report Id: 007941~1.EXE3
 
Error: (01/09/2015 08:12:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 007941~1.EXE, version: 6.6.119.0, time stamp: 0x50462671
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1050
Faulting application start time: 0x007941~1.EXE0
Faulting application path: 007941~1.EXE1
Faulting module path: 007941~1.EXE2
Report Id: 007941~1.EXE3
 
Error: (01/09/2015 08:11:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/09/2015 08:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 007941~1.EXE, version: 6.6.119.0, time stamp: 0x50462671
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1084
Faulting application start time: 0x007941~1.EXE0
Faulting application path: 007941~1.EXE1
Faulting module path: 007941~1.EXE2
Report Id: 007941~1.EXE3
 
Error: (01/09/2015 08:01:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/10/2015 00:24:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0079411350085522) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/10/2015 00:22:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%2
 
Error: (01/10/2015 00:21:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/10/2015 00:20:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
%%1068
 
Error: (01/10/2015 00:19:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Application Virtualization Client service depends on the Sftfs service which failed to start because of the following error: 
%%31
 
Error: (01/10/2015 00:19:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sftfs service failed to start due to the following error: 
%%31
 
Error: (01/10/2015 00:19:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.
 
Error: (01/10/2015 00:19:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
%%1053
 
Error: (01/10/2015 00:19:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
 
Error: (01/10/2015 00:19:49 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
 
Microsoft Office Sessions:
=========================
Error: (01/10/2015 01:31:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756786401d02d020626d82b46C:\windows\Explorer.EXE3a4805db-98ff-11e4-9fd2-24b6fd2ff9d5
 
Error: (01/10/2015 00:34:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bobjc.dll1.528.0.1205400227dc000000500006be4176401d02d0347a2fb05C:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll5468fd8b-98f7-11e4-9fd2-24b6fd2ff9d5
 
Error: (01/10/2015 00:23:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/10/2015 00:22:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 007941~1.EXE6.6.119.050462671unknown0.0.0.000000000c0000005000000008c401d02d0256113792C:\Users\TODD'S~1\AppData\Local\Temp\007941~1.EXEunknown9e7c8702-98f5-11e4-9fd2-24b6fd2ff9d5
 
Error: (01/10/2015 11:25:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/10/2015 11:23:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 007941~1.EXE6.6.119.050462671unknown0.0.0.000000000c000000500000000152801d02cfa23c6821fC:\Users\TODD'S~1\AppData\Local\Temp\007941~1.EXEunknown6e98a160-98ed-11e4-8330-24b6fd2ff9d5
 
Error: (01/09/2015 08:12:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 007941~1.EXE6.6.119.050462671unknown0.0.0.000000000c000000500000000105001d02c7ada334fddC:\Users\TODD'S~1\AppData\Local\Temp\007941~1.EXEunknown2658afc4-986e-11e4-8154-24b6fd2ff9d5
 
Error: (01/09/2015 08:11:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/09/2015 08:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 007941~1.EXE6.6.119.050462671unknown0.0.0.000000000c000000500000000108401d02c79937214a5C:\Users\TODD'S~1\AppData\Local\Temp\007941~1.EXEunknowne0a5d98e-986c-11e4-a58e-24b6fd2ff9d5
 
Error: (01/09/2015 08:01:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-16 01:11:11.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-16 01:11:11.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-16 01:11:11.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-16 01:11:11.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-16 01:11:11.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-16 01:11:11.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 09:01:37.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 09:01:37.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 09:01:37.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-14 09:01:37.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 38%
Total physical RAM: 6052.27 MB
Available physical RAM: 3717.12 MB
Total Pagefile: 12102.73 MB
Available Pagefile: 8715.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.77 GB) (Free:487.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (NIKON D5000) (Removable) (Total:3.69 GB) (Free:3.44 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 374094FD)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#3 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:43 AM

Posted 11 January 2015 - 02:58 PM

hi KitKatTX,

 

If you still need help you can do this:

 

First look in your add/remove programs panel for: Astromenda, uninstall it and reboot your machine.

Next we will get two downloads to run and we will go from there:

 

1) Please download adwcleaner from here and save to your desktop.

 

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.

    Accept the terms of use.

    Now click on the Scan tab, once the scan is complete click on the Clean tab and follow the prompts.

    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

    http://www.bleepingcomputer.com/download/adwcleaner/

 

    Note: The log can also be located at C: AdwCleaner AdwCleaner[S0].txt

 

2) Please download Junkware Removal Tool to your desktop.

 

     http://thisisudax.org/downloads/JRT.exe

 

    Shutdown your antivirus to avoid any conflicts.

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator

    The tool will open and start scanning.

    Please be patient as this can take a while to complete.

    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    Post the contents of JRT.txt into your next message

 

   


How Can I Reduce My Risk to Malware?


#4 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:43 AM

Posted 23 January 2015 - 05:25 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users