I have backed up my files and registry. Ran Frst.64 and the logs are attached below. While scanning, my mcafee antivirus program flashed on warning there was a potentially dangerous file being blocked. I closed the message and let the scan continue to run. Will send the adwcleaner log and search.txt in a 2nd reply.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by paula (administrator) on MININT-8L86P5C on 08-02-2015 12:41:41
Running from C:\Users\paula\Downloads
Loaded Profiles: paula (Available profiles: paula)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Windows\SysWOW64\ANIWConnService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Cisco) C:\Users\paula\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Octoshape ApS) C:\Users\paula\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(Wireless Service) C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Users\paula\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [286720 2007-12-11] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [485208 2008-09-30] (Nikon Corporation)
HKLM-x32\...\Run: [ANIWZCS2Service] => C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service)
HKLM-x32\...\Run: [D-Link D-Link RangeBooster N DWA-140] => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [1708032 2009-09-18] (D-Link Corp.)
HKLM-x32\...\Run: [WZCSLDR2] => C:\Program Files (x86)\D-Link\DWA-140 revB\WZCSLDR2.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\...\Run: [PCShowServer] => C:\Users\paula\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\...\Run: [Octoshape Streaming Services] => C:\Users\paula\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.dell.comHKU\S-1-5-21-580328012-1814326237-2248955246-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieURLSearchHook: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 -> {1BC4F983-5A5D-4FCC-AEE3-4EC4AF062ED1} URL =
http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight1_15_04&cd=2XzuyEtN2Y1L1Qzu0Dzz0F0E0EtAyC0A0E0CtC0EyB0C0CyEtN0D0Tzu0StCtCtCyBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0E0CyE0C0AtGzyzzyD0CtGtAyDzy0DtG0C0EyE0CtGtCyDyB0DyBzytBtC0EyD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0B0C0D0EzytDtGtDtDtDtBtGyEtD0ByDtGzztB0C0EtG0EzytBtAzytBtDtAyDtAyDtC2Q&cr=949707811&ir=
SearchScopes: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
https://search.yahoo.com/search?fr=mcaf ... 0140714&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-580328012-1814326237-2248955246-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
http://www.google.com/search?q={sear
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: unissaLuess -> {69e47c97-ee37-4e14-a8a4-9de7a1acd829} -> C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.x64.dll ()
BHO: unisaaLes -> {96d5331b-5ff8-402d-befd-4405d03c3c8d} -> C:\Program Files (x86)\unisaaLes\FM4sbHRDFwaB4J.x64.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: unissaLuess -> {69e47c97-ee37-4e14-a8a4-9de7a1acd829} -> C:\Program Files (x86)\unissaLuess\P9Q1zqwTDdPJMb.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.microsoft.com/_layouts/Cl ... wsdc32.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{05BDB846-8097-444D-8B0F-0C17EC3A4533}: [NameServer] 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF DefaultSearchUrl:
hxxp://websearch.thesearchpage.info/?pi ... =74&l=1&q=FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-580328012-1814326237-2248955246-1003: @nds.com/PlayerPlugin -> C:\Users\paula\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF Plugin HKU\S-1-5-21-580328012-1814326237-2248955246-1003: @nds.com/PlayerPlugin64 -> C:\Users\paula\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)
FF Plugin HKU\S-1-5-21-580328012-1814326237-2248955246-1003: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\paula\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKU\S-1-5-21-580328012-1814326237-2248955246-1003: NDS.com/PlayerPlugin -> C:\Users\paula\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF Plugin ProgramFiles/Appdata: C:\Users\paula\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: WebZoom - C:\Users\paula\AppData\Roaming\Mozilla\Firefox\Profiles\ue2fhs5a.default\Extensions\sdd@webzoom.com [2015-02-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-01-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-25]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default ->
hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://taplika.com/?f=7&a=tpl_tight1_15_04&cd=2XzuyEtN2Y1L1Qzu0Dzz0F0E0EtAyC0A0E0CtC0EyB0C0CyEtN0D0Tzu0StCtCtCyBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0E0CyE0C0AtGzyzzyD0CtGtAyDzy0DtG0C0EyE0CtGtCyDyB0DyBzytBtC0EyD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0B0C0D0EzytDtGtDtDtDtBtGyEtD0ByDtGzztB0C0EtG0EzytBtAzytBtDtAyDtAyDtC2Q&cr=949707811&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tools for Amazon's Mechanical Turk) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoffgjejcepnijgahpckhajchahfpojo [2015-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-14]
CHR Extension: (Google Search) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-14]
CHR Extension: (Turkopticon) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgefbojfgdddnignhmfmnencgiloojpe [2015-01-13]
CHR Extension: (Blur (Formerly DoNotTrackMe)) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2015-01-13]
CHR Extension: (SiteAdvisor) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-03-05]
CHR Extension: (Bookmark Manager) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (Shoeboxed Web Clipper) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi [2015-02-03]
CHR Extension: (Gmail) - C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ANIWConnService; C:\Windows\SysWOW64\ANIWConnService.exe [151552 2009-07-07] () [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 12:41 - 2015-02-08 12:42 - 00024915 _____ () C:\Users\paula\Downloads\FRST.txt
2015-02-08 12:41 - 2015-02-08 12:41 - 02132992 _____ (Farbar) C:\Users\paula\Downloads\FRST64.exe
2015-02-08 12:41 - 2015-02-08 12:41 - 00000000 ____D () C:\FRST
2015-02-08 12:28 - 2015-02-08 12:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MININT-8L86P5C-Windows-7-Home-Premium-(64-bit).dat
2015-02-08 12:21 - 2015-02-08 12:21 - 00000000 ____D () C:\RegBackup
2015-02-08 12:17 - 2015-02-08 12:17 - 01367040 _____ (Indigo Rose Corporation) C:\Users\paula\Documents\uninstall.exe
2015-02-08 12:17 - 2015-02-08 12:17 - 00325960 _____ () C:\Users\paula\Documents\lua5.1.dll
2015-02-08 12:17 - 2015-02-08 12:17 - 00001737 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-08 12:17 - 2015-02-08 12:17 - 00000000 ____D () C:\Users\paula\Documents\Uninstall
2015-02-08 12:17 - 2015-02-08 12:17 - 00000000 ____D () C:\Users\paula\Documents\files
2015-02-08 12:17 - 2015-02-08 12:17 - 00000000 ____D () C:\Users\paula\Documents\color_presets
2015-02-08 12:17 - 2015-02-08 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-08 12:11 - 2015-02-08 12:11 - 04803888 _____ () C:\Users\paula\Downloads\tweaking.com_registry_backup_setup.exe
2015-02-08 12:07 - 2015-02-08 12:07 - 00002986 _____ () C:\Windows\System32\Tasks\{DAA8FBA1-D671-417D-ACF2-5147F35C71A8}
2015-02-08 12:07 - 2015-02-08 12:07 - 00002986 _____ () C:\Windows\System32\Tasks\{0E1B274D-BFB9-42B6-AC74-3157B0907D1E}
2015-02-08 11:59 - 2015-02-08 12:00 - 00000000 ____D () C:\Users\paula\Downloads\family pics2
2015-02-08 11:58 - 2015-02-08 11:58 - 00000000 ____D () C:\Users\paula\Downloads\fringe
2015-02-08 11:57 - 2015-02-08 11:57 - 00000000 ____D () C:\Users\paula\Downloads\web stuff
2015-02-08 11:41 - 2015-02-08 11:41 - 394148379 _____ () C:\Windows\MEMORY.DMP
2015-02-08 11:41 - 2015-02-08 11:41 - 00274616 _____ () C:\Windows\Minidump\020815-13291-01.dmp
2015-02-07 14:15 - 2015-02-07 14:16 - 00006026 _____ () C:\Users\paula\Desktop\attach.txt
2015-02-07 14:15 - 2015-02-07 14:15 - 00025073 _____ () C:\Users\paula\Desktop\dds.txt
2015-02-07 14:11 - 2015-02-07 14:11 - 00688992 ____R (Swearware) C:\Users\paula\Downloads\dds.scr
2015-02-07 13:39 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-02-07 13:39 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-07 13:39 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-07 13:39 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-02-07 13:39 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-02-07 13:39 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-02-07 13:39 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-02-07 13:39 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-02-07 13:39 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-07 13:39 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-02-07 13:39 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-07 13:39 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-02-07 13:39 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-02-07 13:39 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-02-07 13:39 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-02-07 13:39 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-02-07 13:39 - 2013-10-01 14:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-07 13:39 - 2013-10-01 14:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-07 13:38 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-07 13:38 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-02-07 13:38 - 2012-08-23 08:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-02-07 13:38 - 2012-08-23 07:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-02-07 13:38 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-02-07 13:38 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-02-07 13:38 - 2012-08-23 03:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-02-06 11:00 - 2015-02-06 11:01 - 00143600 _____ () C:\Users\paula\Downloads\Turkmaster (Mturk) (2).user.js
2015-02-06 10:57 - 2015-02-06 10:57 - 00143600 _____ () C:\Users\paula\Downloads\Turkmaster (Mturk) (1).user.js
2015-02-06 10:53 - 2015-02-06 10:53 - 00143600 _____ () C:\Users\paula\Downloads\Turkmaster (Mturk).user.js
2015-02-05 11:13 - 2015-02-05 11:14 - 37987520 _____ (Microsoft Corporation) C:\Users\paula\Downloads\Windows-KB890830-x64-V5.20.exe
2015-02-05 11:12 - 2015-02-05 11:12 - 02238600 _____ (Microsoft Corporation) C:\Users\paula\Downloads\DefaultPack.EXE
2015-02-04 13:55 - 2015-02-08 11:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 13:54 - 2015-02-04 13:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 13:54 - 2015-02-04 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 13:54 - 2015-02-04 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 13:54 - 2015-02-04 13:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 13:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 13:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 13:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 13:51 - 2015-02-04 13:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\paula\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-04 13:50 - 2015-02-04 13:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\paula\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 08:31 - 2015-02-04 08:31 - 00003472 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-02-04 08:31 - 2015-02-04 08:31 - 00003208 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-02-04 08:31 - 2015-02-04 08:31 - 00000000 ____D () C:\Users\paula\Documents\ProPCCleaner
2015-02-04 08:31 - 2015-02-04 08:31 - 00000000 ____D () C:\Users\paula\AppData\Local\Pro_PC_Cleaner
2015-02-04 08:31 - 2015-02-04 08:31 - 00000000 ____D () C:\Program Files (x86)\02527486-c2b3-43ef-82f7-2884ee5f2e4d
2015-02-04 08:27 - 2015-02-04 08:27 - 00000000 ____D () C:\ProgramData\hlhpfllpbgibadapmpbgmeimkhkeebhb
2015-02-04 08:20 - 2015-02-07 12:14 - 00000000 ____D () C:\Program Files (x86)\unisaaLes
2015-02-04 08:20 - 2015-02-04 08:28 - 00000000 ____D () C:\Program Files (x86)\decodit
2015-02-04 08:20 - 2015-02-04 08:20 - 00000000 ____D () C:\ProgramData\bdmhopkmhokeplinichnipcomnnlbigp
2015-02-03 10:14 - 2015-02-03 10:14 - 00000000 ____D () C:\Program Files (x86)\Shoeboxed Web Clipper
2015-02-03 10:13 - 2015-02-07 08:37 - 00000000 ____D () C:\Program Files (x86)\uniSaless
2015-02-03 10:13 - 2015-02-07 08:04 - 00000000 ____D () C:\Program Files (x86)\unissaLuess
2015-02-03 10:13 - 2015-02-03 10:13 - 00000000 ____D () C:\ProgramData\dejfpbonljgaecfkadpnhmnlcllefejj
2015-02-03 10:13 - 2015-02-03 10:13 - 00000000 ____D () C:\ProgramData\5334483998530784437
2015-02-03 10:12 - 2015-02-08 11:48 - 00000000 ____D () C:\ProgramData\{12d8c426-22a5-ef74-12d8-8c42622a1098}
2015-01-27 06:56 - 2015-01-27 06:56 - 00184964 _____ () C:\Users\paula\Downloads\pool5.jpeg
2015-01-24 07:17 - 2015-01-24 07:17 - 00000000 ____D () C:\Users\paula\AppData\Roaming\OpenOffice.org
2015-01-22 11:05 - 2015-01-22 11:05 - 00003176 ____N () C:\bootsqm.dat
2015-01-22 10:22 - 2015-01-22 10:22 - 00007618 _____ () C:\Users\paula\AppData\Local\Resmon.ResmonCfg
2015-01-22 10:06 - 2015-01-22 10:07 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1
2015-01-22 10:03 - 2015-01-22 10:03 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2015-01-22 10:03 - 2015-01-22 10:03 - 00000000 ____D () C:\Program Files (x86)\JRE
2015-01-22 10:00 - 2015-01-22 10:00 - 00000064 _____ () C:\Users\paula\AppData\Local\86682efb36002043a57abac7b394fa8d
2015-01-22 09:59 - 2015-01-22 09:59 - 00003848 _____ () C:\Windows\System32\Tasks\UpdateAdmin
2015-01-22 09:52 - 2015-01-22 09:53 - 79310960 _____ () C:\Users\paula\Downloads\openofficesuite-setup.exe
2015-01-22 07:20 - 2015-01-28 07:23 - 03147008 _____ (Tweaking.com) C:\Users\paula\Documents\TweakingFormControls.ocx
2015-01-21 13:02 - 2015-01-21 13:02 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-15 09:52 - 2015-01-15 09:52 - 00584560 _____ (McAfee, Inc.) C:\Users\paula\Downloads\MVTInstaller.exe
2015-01-15 05:57 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:03 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:03 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:03 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:03 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:03 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:03 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:03 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:03 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:03 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:03 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:03 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 12:39 - 2012-05-17 20:51 - 00000679 _____ () C:\Users\paula\Documents\Settings.ini
2015-02-08 12:18 - 2012-11-14 06:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 12:09 - 2014-05-27 13:31 - 00003284 _____ () C:\Windows\SysWOW64\ANIWZCS{05BDB846-8097-444D-8B0F-0C17EC3A4533}
2015-02-08 12:09 - 2014-05-27 13:31 - 00003284 _____ () C:\Users\paula\AppData\Roaming\ANIWZCS{05BDB846-8097-444D-8B0F-0C17EC3A4533}
2015-02-08 12:09 - 2011-12-09 09:49 - 01281717 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 11:53 - 2009-07-13 23:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 11:50 - 2009-07-13 22:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:50 - 2009-07-13 22:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:47 - 2013-01-25 10:40 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-02-08 11:47 - 2013-01-25 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-08 11:45 - 2011-12-09 10:15 - 00000000 ____D () C:\ProgramData\Sonic
2015-02-08 11:42 - 2012-11-14 06:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 11:41 - 2014-11-17 06:40 - 00000000 ____D () C:\Windows\Minidump
2015-02-08 11:41 - 2012-04-15 16:44 - 00000000 ____D () C:\Users\paula
2015-02-08 11:41 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 11:41 - 2009-07-13 22:51 - 00118948 _____ () C:\Windows\setupact.log
2015-02-07 14:06 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-07 13:43 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-07 13:42 - 2010-11-20 21:47 - 00229628 _____ () C:\Windows\PFRO.log
2015-02-07 13:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-06 06:08 - 2013-01-25 10:39 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-05 08:59 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 14:26 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-02-04 14:25 - 2010-11-21 01:16 - 00000000 ____D () C:\Windows\ShellNew
2015-02-04 09:06 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\restore
2015-02-02 16:24 - 2013-04-17 13:47 - 00000000 ____D () C:\Users\paula\AppData\Roaming\SoftGrid Client
2015-02-02 13:55 - 2012-05-24 11:38 - 00000000 ___SD () C:\Users\paula\Documents\My Webs
2015-01-30 18:17 - 2012-05-02 16:59 - 01418496 _____ (Tweaking.com) C:\Users\paula\Documents\TweakingRegistryBackup.exe
2015-01-30 06:24 - 2009-07-13 23:08 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-28 07:39 - 2012-05-02 16:58 - 00018431 _____ () C:\Users\paula\Documents\TweakingRegistryBackup.exe.manifest
2015-01-27 05:19 - 2012-11-14 06:06 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-22 10:16 - 2012-05-24 11:34 - 00096456 _____ () C:\Users\paula\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-22 10:16 - 2009-07-13 22:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-22 09:53 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Resources
2015-01-18 08:28 - 2014-02-08 06:05 - 00000722 ____H () C:\Users\paula\Downloads\.picasa.ini
2015-01-18 08:27 - 2014-05-17 06:27 - 00000000 ___HD () C:\Users\paula\Downloads\.picasaoriginals
2015-01-17 18:02 - 2013-04-17 13:47 - 00775586 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 18:36 - 2013-08-14 16:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:05 - 2013-04-24 08:50 - 00000730 _____ () C:\Users\paula\Sti_Trace.log
==================== Files in the root of some directories =======
2014-05-27 13:31 - 2015-02-08 12:09 - 0003284 _____ () C:\Users\paula\AppData\Roaming\ANIWZCS{05BDB846-8097-444D-8B0F-0C17EC3A4533}
2014-01-26 11:53 - 2014-01-26 11:53 - 0000268 ___RH () C:\Users\paula\AppData\Roaming\Synth Leads
2015-01-22 10:00 - 2015-01-22 10:00 - 0000064 _____ () C:\Users\paula\AppData\Local\86682efb36002043a57abac7b394fa8d
2015-01-22 10:22 - 2015-01-22 10:22 - 0007618 _____ () C:\Users\paula\AppData\Local\Resmon.ResmonCfg
2014-01-25 12:21 - 2014-09-09 06:18 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2014-01-26 11:53 - 2014-01-26 11:53 - 0000268 ___RH () C:\ProgramData\SystemConfiguration
2014-01-26 11:53 - 2014-01-26 11:53 - 0000012 ___RH () C:\ProgramData\Track Settings
Some content of TEMP:
====================
C:\Users\paula\AppData\Local\Temp\3D4f52D50CB.exe
C:\Users\paula\AppData\Local\Temp\57377.exe
C:\Users\paula\AppData\Local\Temp\AB166CB1E83.exe
C:\Users\paula\AppData\Local\Temp\cecabficcdg.exe
C:\Users\paula\AppData\Local\Temp\SpOrder.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 10:40
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by paula at 2015-02-08 12:43:35
Running from C:\Users\paula\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANIWZCS2 Service (HKLM-x32\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version: - ArcSoft)
Banner Maker Pro Version 7 (HKLM-x32\...\Banner Maker Pro 7_is1) (Version: - GatorData, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
DIRECTV Player (HKLM-x32\...\{437f5443-c052-432c-b1e7-abd9bc5cabdb}) (Version: 11.0 - DIRECTV)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
D-Link RangeBooster N DWA-140 (HKLM-x32\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version: - D-Link)
Download Navigator (HKLM-x32\...\{D0735505-251C-41E4-A64A-D6D0A5E8FB4D}) (Version: 3.4.2 - SEIKO EPSON CORPORATION)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-300 Series Printer Uninstall (HKLM\...\EPSON XP-300 Series) (Version: - SEIKO EPSON Corporation)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.1.1 - Nikon)
FTP Commander (HKLM-x32\...\FTP Commander) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.189 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft FrontPage 2002 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.3.0 - Nikon)
Octoshape Streaming Services (HKU\S-1-5-21-580328012-1814326237-2248955246-1003\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.7 - Bluefive software)
QuickTime (HKLM-x32\...\{E0D51394-1D45-460A-B62D-383BC4F8B335}) (Version: 7.3.1.70 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.0 - Tweaking.com)
UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-580328012-1814326237-2248955246-1003_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\paula\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)
==================== Restore Points =========================
04-02-2015 09:06:08 01/31/2015
07-02-2015 13:33:10 Windows Update
08-02-2015 11:39:08 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0CFC4455-4D1D-4D6B-8859-33FA0324B592} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {107FDEA6-D515-40A7-A7D2-5B6D00A2A809} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {1E4EB7A5-4D5D-4688-BA22-1E06D5188CC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4CF2549B-45C4-4C79-A770-1199650BF5B0} - System32\Tasks\UpdateAdmin => C:\Users\paula\AppData\Local\UpdateAdmin\UpdateAdmin.exe
Task: {58627D89-7B49-4FA9-AFD4-BF5C69441EFF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6CCD3D15-2491-4CA8-B591-87EFC3272BD7} - System32\Tasks\{DAA8FBA1-D671-417D-ACF2-5147F35C71A8} => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [2009-09-18] (D-Link Corp.)
Task: {759D5207-9163-4532-AFF0-2F2563736C66} - System32\Tasks\{0E1B274D-BFB9-42B6-AC74-3157B0907D1E} => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [2009-09-18] (D-Link Corp.)
Task: {9EB03546-F779-41B4-BC6D-80CEBEE17111} - \95b4028d-5a73-4ee5-9550-64281d62ffcd-10_user No Task File <==== ATTENTION
Task: {B96B86A5-A57F-4F96-A0B5-161C84BEE18B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {DFF69022-78BF-4611-993C-B60A0A6010D2} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-05-27 13:30 - 2009-07-07 19:10 - 00151552 _____ () C:\Windows\SysWOW64\ANIWConnService.exe
2014-09-16 13:51 - 2014-09-16 13:51 - 01387880 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-27 13:29 - 2009-06-01 13:23 - 00315392 _____ () C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
2014-05-27 13:28 - 2009-06-01 13:23 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIOApi.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 11475296 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\PCShowServer.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 02948448 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\DrmSingleton.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00339296 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\ndsLogStore.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 02106728 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00689000 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 01403224 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libxml2-2.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00091976 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\z.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00205672 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00060272 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00043880 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00044896 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\libgstapp-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 08296288 _____ () C:\Users\paula\AppData\Local\DIRECTV Player\gsttspplugin.dll
2015-01-27 05:19 - 2015-01-25 00:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 05:19 - 2015-01-25 00:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 05:19 - 2015-01-25 00:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-02-06 18:03 - 2015-02-03 12:22 - 14964912 _____ () C:\Users\paula\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-580328012-1814326237-2248955246-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\paula\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-580328012-1814326237-2248955246-500 - Administrator - Disabled)
Guest (S-1-5-21-580328012-1814326237-2248955246-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-580328012-1814326237-2248955246-1004 - Limited - Enabled)
paula (S-1-5-21-580328012-1814326237-2248955246-1003 - Administrator - Enabled) => C:\Users\paula
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/08/2015 11:42:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4705661
Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4705661
Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4704647
Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4704647
Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4703649
Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4703649
Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (02/08/2015 11:44:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
Error: (02/08/2015 11:41:18 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007f (0x0000000000000008, 0x0000000080050031, 0x00000000000006f8, 0xfffff80003265b7e)C:\Windows\MEMORY.DMP020815-13291-01
Error: (02/08/2015 11:41:07 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:39:46 AM on 2/8/2015 was unexpected.
Error: (02/07/2015 09:39:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/05/2015 07:25:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/05/2015 10:41:40 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error: (02/05/2015 10:00:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/05/2015 10:00:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/05/2015 10:00:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/05/2015 10:00:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (02/08/2015 11:42:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4705661
Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4705661
Error: (02/08/2015 11:27:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4704647
Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4704647
Error: (02/08/2015 11:27:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4703649
Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4703649
Error: (02/08/2015 11:27:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 64%
Total physical RAM: 3838.98 MB
Available physical RAM: 1369.79 MB
Total Pagefile: 7676.14 MB
Available Pagefile: 4660.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:452.09 GB) (Free:411.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 465.8 GB) (Disk ID: AF04F22F)
Partition 1: (Active) - (Size=452.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================