Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 04 Ran by In Tandem (administrator) on INTANDEM-VAIO on 14-09-2013 17:10:59 Running from C:\Users\In Tandem\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Nike) C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Dropbox, Inc.) C:\Users\In Tandem\AppData\Roaming\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Google Inc.) C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\chrome.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Google Inc.) C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\chrome.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Google Inc.) C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\chrome.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\chrome.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9645088 2010-02-05] (Realtek Semiconductor) HKLM\...\Policies\Explorer\Run: [59288] - C:\PROGRA~3\LOCALS~1\Temp\msuowjvp.com No File HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-27] (Google Inc.) HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKCU\...\Run: [Google Update] - C:\Users\In Tandem\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-19] (Google Inc.) HKCU\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\oovoo.exe [28469312 2013-02-06] (ooVoo LLC) HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [qyragcanisvu] - C:\Users\In Tandem\qyragcanisvu.exe HKCU\...\Run: [myzolawoqoph] - C:\Users\In Tandem\myzolawoqoph.exe HKCU\...\Run: [hakluzforilg] - C:\Users\In Tandem\hakluzforilg.exe HKCU\...\Run: [ulbar] - "C:\Users\In Tandem\AppData\Roaming\Kyjel\ulbar.exe" HKCU\...\Run: [laspeamidpux] - C:\Users\In Tandem\laspeamidpux.exe HKCU\...\Policies\Explorer: [HideSCAHealth] 1 HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation) HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Nike+ Connect] - C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [299008 2010-10-01] (Nike) HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [MaxMenuMgr] - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [177448 2008-07-17] (Seagate LLC) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x] HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.) Startup: C:\Users\In Tandem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\In Tandem\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\In Tandem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series.lnk ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510 series.lnk -> C:\Program Files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVED&bmod=EU01 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {1E2777D2-E151-4D41-9C5E-93E9B30DD85F} URL = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=APN10379&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^GB&apn_uid=10299ffb-da5d-4dd7-9b87-1f40736e875e&apn_sauid=93A98009-E123-4DFD-9FA2-BB3BE38A2FC2 SearchScopes: HKCU - {865AC131-20CC-48FE-8F6C-296ADA1D8120} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices SearchScopes: HKCU - {947774F4-F8EA-4BBB-B3C6-66978E9629A7} URL = http://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms} SearchScopes: HKCU - {C392E2F3-B73D-4A4A-BDD2-6ABEECD267D7} URL = http://uk.shopping.com/?linkin_id=8056359 BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll () BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR DefaultSearchURL: (Ask) - http://websearch.ask.com/redirect?client=cr&src=kw&tb=OVO2&o=APN10379&locale=en_UK&apn_uid=10299ffb-da5d-4dd7-9b87-1f40736e875e&apn_ptnrs=%5EABE&apn_sauid=93A98009-E123-4DFD-9FA2-BB3BE38A2FC2&apn_dtid=%5EYYYYYY%5EYY%5EGB&q={searchTerms} CHR DefaultSuggestURL: (Ask) - http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll () CHR Plugin: (Skype Click to Call) - C:\Users\In Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll No File CHR Plugin: (registryAccess) - C:\Users\In Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.15.2.0_0\background/registryAccess.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\In Tandem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Extension: (SiteAdvisor) - C:\Users\INTAND~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1 CHR Extension: (Skype Click to Call) - C:\Users\INTAND~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\INTAND~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR StartMenuInternet: Google Chrome - C:\Users\In Tandem\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4233088 2013-04-29] (Symantec Corporation) S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-11-25] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-11-25] (Sonic Solutions) S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation) S2 LowVXF; C:\Windows\system32\LowVXF.exe [x] ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) R3 NW1950; C:\Windows\system32\drivers\NW1950.sys [26104 2010-03-01] () U3 mfeavfk01; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-14 17:10 - 2013-09-14 17:10 - 00000000 ____D C:\FRST 2013-09-14 17:09 - 2013-09-14 17:09 - 01950312 _____ (Farbar) C:\Users\In Tandem\Downloads\FRST64.exe 2013-09-14 16:05 - 2013-09-14 16:05 - 00655360 _____ C:\Users\In Tandem\Downloads\MicrosoftFixit50471 (1).msi 2013-09-14 15:58 - 2013-09-14 15:58 - 00655360 _____ C:\Users\In Tandem\Downloads\MicrosoftFixit50471.msi 2013-09-14 11:57 - 2013-09-14 11:58 - 93491472 _____ (Microsoft Corporation) C:\Users\In Tandem\Downloads\msert.exe 2013-09-13 09:04 - 2013-09-14 09:04 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{DEC2B2E4-0B26-4197-B6A8-17ADBC4D1CE3} 2013-09-12 20:05 - 2013-09-12 20:05 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{1B6C34D3-5DF0-4FE6-954A-D7969A29440C} 2013-09-11 10:31 - 2013-09-11 10:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\In Tandem\Downloads\mbam-setup-1.75.0.1300 (2).exe 2013-09-11 07:09 - 2013-09-11 22:57 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{D419E848-59DF-4D6B-B77C-523EB5B4908D} 2013-09-10 23:15 - 2013-09-11 10:34 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-10 23:15 - 2013-09-11 10:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-10 23:15 - 2013-09-10 23:15 - 00000000 ____D C:\Users\In Tandem\AppData\Roaming\Malwarebytes 2013-09-10 23:15 - 2013-09-10 23:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-10 23:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-10 23:14 - 2013-09-10 23:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\In Tandem\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-09-10 23:10 - 2013-09-10 23:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\In Tandem\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-10 19:08 - 2013-09-10 19:08 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{9F5CF4F2-6E8A-4CBE-9F6C-4FB16644BB04} 2013-09-10 07:08 - 2013-09-10 07:08 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{E16CA6A5-B8F7-4FF0-92E0-A663828DC1F1} 2013-09-09 22:01 - 2013-09-09 22:01 - 00531968 _____ C:\Users\In Tandem\Downloads\Frameworks (6).ppt 2013-09-09 21:59 - 2013-09-09 21:59 - 01656320 _____ C:\Users\In Tandem\Downloads\SUPERVISION in Practice (5).ppt 2013-09-09 21:55 - 2013-09-09 21:55 - 00240128 _____ C:\Users\In Tandem\Downloads\PERSONAL SUPERVISION - your beliefs (4).ppt 2013-09-09 21:55 - 2013-09-09 21:55 - 00150016 _____ C:\Users\In Tandem\Downloads\YOUR SUPERVISION JOURNEY (3) handout.ppt 2013-09-09 21:50 - 2013-09-09 21:50 - 00840192 _____ C:\Users\In Tandem\Downloads\DEFINING SUPERVISION (2)-2.ppt 2013-09-09 21:43 - 2013-09-09 21:43 - 00719360 _____ C:\Users\In Tandem\Downloads\INTRO (1) handout.ppt 2013-09-09 21:30 - 2013-09-09 21:30 - 00205824 _____ C:\Users\In Tandem\Downloads\Master Client Invoices 2013.xls 2013-09-09 21:15 - 2013-09-09 21:15 - 00660480 _____ C:\Users\In Tandem\Downloads\COLCHESTER 2012 Counselling continuum 2.ppt 2013-09-09 21:02 - 2013-09-10 06:48 - 00000000 ____D C:\Users\In Tandem\AppData\Local\LogMeIn Rescue Applet 2013-09-09 21:02 - 2013-09-09 21:02 - 01291104 _____ (LogMeIn, Inc.) C:\Users\In Tandem\Downloads\Support-LogMeInRescue (3).exe 2013-09-09 21:02 - 2013-09-09 21:02 - 01291104 _____ (LogMeIn, Inc.) C:\Users\In Tandem\Downloads\Support-LogMeInRescue (2).exe 2013-09-09 21:02 - 2013-09-09 21:02 - 01291104 _____ (LogMeIn, Inc.) C:\Users\In Tandem\Downloads\Support-LogMeInRescue (1).exe 2013-09-09 20:31 - 2013-09-09 20:31 - 00910752 _____ (Symantec Corporation) C:\Users\In Tandem\Downloads\AutoDetectPkg (1).exe 2013-09-09 19:07 - 2013-09-09 19:08 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{39C201EE-154A-47C3-BF3E-081C0E158727} 2013-09-09 16:07 - 2013-09-09 16:07 - 00003006 _____ C:\Windows\System32\Tasks\{A4BB19BE-27F1-436E-8086-39911A6ACDC3} 2013-09-09 16:07 - 2013-09-09 16:07 - 00003006 _____ C:\Windows\System32\Tasks\{51A4D075-AC3F-468B-A148-A06FC3429F82} 2013-09-08 01:54 - 2013-09-09 07:07 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{7BE9099B-FFDB-429F-B1AE-6E6BB71CAF9F} 2013-09-07 12:32 - 2013-09-07 12:33 - 53565824 _____ (Citrix Systems, Inc.) C:\Users\In Tandem\Downloads\CitrixReceiverWeb.exe 2013-09-06 17:59 - 2013-09-06 17:59 - 00903080 _____ (Oracle Corporation) C:\Users\In Tandem\Downloads\chromeinstall-7u25 (4).exe 2013-09-06 17:58 - 2013-09-06 17:57 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-09-06 17:58 - 2013-09-06 17:57 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-06 17:58 - 2013-09-06 17:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-06 17:58 - 2013-09-06 17:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-06 17:58 - 2013-09-06 17:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-06 17:53 - 2013-09-06 17:54 - 00903080 _____ (Oracle Corporation) C:\Users\In Tandem\Downloads\chromeinstall-7u25 (3).exe 2013-09-05 07:00 - 2013-09-07 12:30 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{DDAEFBDB-9CFB-42CA-96F6-5774B1D42550} 2013-08-27 09:04 - 2013-08-27 09:05 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{61E2F8D5-C66D-465F-A3B8-7B552288881B} 2013-08-22 10:58 - 2013-08-26 16:33 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{593E1343-10F5-4346-8126-054423A2A4DC} 2013-08-21 09:25 - 2013-08-21 09:25 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-08-21 09:23 - 2013-08-21 09:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-21 09:23 - 2013-08-21 09:24 - 00000000 ____D C:\Program Files\iTunes 2013-08-21 09:23 - 2013-08-21 09:24 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-21 09:23 - 2013-08-21 09:23 - 00000000 ____D C:\Program Files\iPod ==================== One Month Modified Files and Folders ======= 2013-09-14 17:10 - 2013-09-14 17:10 - 00000000 ____D C:\FRST 2013-09-14 17:09 - 2013-09-14 17:09 - 01950312 _____ (Farbar) C:\Users\In Tandem\Downloads\FRST64.exe 2013-09-14 17:09 - 2010-04-27 04:14 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-14 17:07 - 2011-09-05 21:15 - 02575413 _____ C:\Windows\WindowsUpdate.log 2013-09-14 17:02 - 2011-11-17 11:44 - 00000000 ____D C:\Users\In Tandem\AppData\Roaming\Skype 2013-09-14 17:01 - 2011-11-09 17:29 - 00000264 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2013-09-14 16:43 - 2012-05-19 13:35 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426265055-1500479104-1041650072-1001UA.job 2013-09-14 16:09 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-14 16:09 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-14 16:05 - 2013-09-14 16:05 - 00655360 _____ C:\Users\In Tandem\Downloads\MicrosoftFixit50471 (1).msi 2013-09-14 16:04 - 2012-11-11 09:28 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-09-14 16:03 - 2011-11-01 21:11 - 00000000 ___RD C:\Users\In Tandem\Dropbox 2013-09-14 16:03 - 2011-11-01 21:07 - 00000000 ____D C:\Users\In Tandem\AppData\Roaming\Dropbox 2013-09-14 16:02 - 2011-10-22 22:37 - 00000000 ____D C:\Users\In Tandem\Tracing 2013-09-14 16:02 - 2010-04-27 04:14 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-14 16:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-14 16:01 - 2009-07-14 05:51 - 00067634 _____ C:\Windows\setupact.log 2013-09-14 15:58 - 2013-09-14 15:58 - 00655360 _____ C:\Users\In Tandem\Downloads\MicrosoftFixit50471.msi 2013-09-14 14:25 - 2011-09-19 20:48 - 00000000 ____D C:\Users\In Tandem\Documents\Matt 2013-09-14 11:58 - 2013-09-14 11:57 - 93491472 _____ (Microsoft Corporation) C:\Users\In Tandem\Downloads\msert.exe 2013-09-14 09:04 - 2013-09-13 09:04 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{DEC2B2E4-0B26-4197-B6A8-17ADBC4D1CE3} 2013-09-14 08:43 - 2012-05-19 13:35 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426265055-1500479104-1041650072-1001Core.job 2013-09-14 01:11 - 2011-09-05 21:18 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C0A4322B-F1F8-46F1-A3EE-E84762B3CF71} 2013-09-13 09:38 - 2011-09-27 11:26 - 00000000 ____D C:\Users\In Tandem\Documents\OLIVER 2013-09-12 20:05 - 2013-09-12 20:05 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{1B6C34D3-5DF0-4FE6-954A-D7969A29440C} 2013-09-12 06:28 - 2010-03-25 12:00 - 00622084 _____ C:\Windows\PFRO.log 2013-09-12 06:26 - 2012-11-11 09:28 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar 2013-09-11 22:57 - 2013-09-11 07:09 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{D419E848-59DF-4D6B-B77C-523EB5B4908D} 2013-09-11 10:34 - 2013-09-10 23:15 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-11 10:34 - 2013-09-10 23:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-11 10:31 - 2013-09-11 10:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\In Tandem\Downloads\mbam-setup-1.75.0.1300 (2).exe 2013-09-11 06:40 - 2011-09-07 11:03 - 00000000 ____D C:\Users\In Tandem\AppData\Roaming\Kyjel 2013-09-11 06:38 - 2011-09-05 21:15 - 00000000 ____D C:\Users\In Tandem 2013-09-10 23:15 - 2013-09-10 23:15 - 00000000 ____D C:\Users\In Tandem\AppData\Roaming\Malwarebytes 2013-09-10 23:15 - 2013-09-10 23:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-10 23:14 - 2013-09-10 23:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\In Tandem\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-09-10 23:10 - 2013-09-10 23:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\In Tandem\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-10 19:08 - 2013-09-10 19:08 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{9F5CF4F2-6E8A-4CBE-9F6C-4FB16644BB04} 2013-09-10 07:08 - 2013-09-10 07:08 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{E16CA6A5-B8F7-4FF0-92E0-A663828DC1F1} 2013-09-10 06:48 - 2013-09-09 21:02 - 00000000 ____D C:\Users\In Tandem\AppData\Local\LogMeIn Rescue Applet 2013-09-09 22:01 - 2013-09-09 22:01 - 00531968 _____ C:\Users\In Tandem\Downloads\Frameworks (6).ppt 2013-09-09 21:59 - 2013-09-09 21:59 - 01656320 _____ C:\Users\In Tandem\Downloads\SUPERVISION in Practice (5).ppt 2013-09-09 21:55 - 2013-09-09 21:55 - 00240128 _____ C:\Users\In Tandem\Downloads\PERSONAL SUPERVISION - your beliefs (4).ppt 2013-09-09 21:55 - 2013-09-09 21:55 - 00150016 _____ C:\Users\In Tandem\Downloads\YOUR SUPERVISION JOURNEY (3) handout.ppt 2013-09-09 21:50 - 2013-09-09 21:50 - 00840192 _____ C:\Users\In Tandem\Downloads\DEFINING SUPERVISION (2)-2.ppt 2013-09-09 21:43 - 2013-09-09 21:43 - 00719360 _____ C:\Users\In Tandem\Downloads\INTRO (1) handout.ppt 2013-09-09 21:30 - 2013-09-09 21:30 - 00205824 _____ C:\Users\In Tandem\Downloads\Master Client Invoices 2013.xls 2013-09-09 21:15 - 2013-09-09 21:15 - 00660480 _____ C:\Users\In Tandem\Downloads\COLCHESTER 2012 Counselling continuum 2.ppt 2013-09-09 21:02 - 2013-09-09 21:02 - 01291104 _____ (LogMeIn, Inc.) C:\Users\In Tandem\Downloads\Support-LogMeInRescue (3).exe 2013-09-09 21:02 - 2013-09-09 21:02 - 01291104 _____ (LogMeIn, Inc.) C:\Users\In Tandem\Downloads\Support-LogMeInRescue (2).exe 2013-09-09 21:02 - 2013-09-09 21:02 - 01291104 _____ (LogMeIn, Inc.) C:\Users\In Tandem\Downloads\Support-LogMeInRescue (1).exe 2013-09-09 20:35 - 2011-09-05 21:22 - 00000000 ____D C:\Users\In Tandem\AppData\Local\Google 2013-09-09 20:31 - 2013-09-09 20:31 - 00910752 _____ (Symantec Corporation) C:\Users\In Tandem\Downloads\AutoDetectPkg (1).exe 2013-09-09 19:43 - 2011-09-05 21:16 - 00104744 _____ C:\Users\In Tandem\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-09 19:42 - 2009-07-14 05:45 - 00407432 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-09 19:38 - 2010-04-27 04:20 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-09 19:33 - 2009-07-14 08:45 - 00000000 ____D C:\Windows\ShellNew 2013-09-09 19:08 - 2013-09-09 19:07 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{39C201EE-154A-47C3-BF3E-081C0E158727} 2013-09-09 16:21 - 2012-02-07 20:26 - 00000000 ____D C:\Users\In Tandem\Documents\CATHY PERSONAL 2013-09-09 16:15 - 2012-05-19 15:26 - 00000000 ____D C:\Users\Guest 2013-09-09 16:15 - 2011-11-17 11:44 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-09-09 16:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-09-09 16:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\IME 2013-09-09 16:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Cursors 2013-09-09 16:07 - 2013-09-09 16:07 - 00003006 _____ C:\Windows\System32\Tasks\{A4BB19BE-27F1-436E-8086-39911A6ACDC3} 2013-09-09 16:07 - 2013-09-09 16:07 - 00003006 _____ C:\Windows\System32\Tasks\{51A4D075-AC3F-468B-A148-A06FC3429F82} 2013-09-09 14:52 - 2009-07-14 06:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-09 14:30 - 2011-09-26 21:29 - 00000000 ____D C:\Users\In Tandem\Documents\TAFC 2013-09-09 07:07 - 2013-09-08 01:54 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{7BE9099B-FFDB-429F-B1AE-6E6BB71CAF9F} 2013-09-08 19:13 - 2011-12-29 09:53 - 00000000 ____D C:\Users\Public\Documents\CATHY 2013-09-08 19:13 - 2011-12-29 09:53 - 00000000 ____D C:\Users\Public\Documents\CATHY 2013-09-08 19:13 - 2011-12-29 09:53 - 00000000 ____D C:\Users\Public\Documents\CATHY 2013-09-08 19:13 - 2011-12-29 09:53 - 00000000 ____D C:\Users\Public\Documents\CATHY 2013-09-08 19:13 - 2011-12-29 09:53 - 00000000 ____D C:\Users\Public\Documents\CATHY 2013-09-08 19:13 - 2011-12-29 09:53 - 00000000 ____D C:\Users\Public\Documents\CATHY 2013-09-08 19:13 - 2011-12-29 09:53 - 00000000 ____D C:\Users\Public\Documents\CATHY 2013-09-08 19:13 - 2011-12-29 09:53 - 00000000 ____D C:\Users\Public\Documents\CATHY 2013-09-08 18:08 - 2013-05-21 14:08 - 00000000 ___SD C:\Users\In Tandem\Documents\My Data Sources 2013-09-08 18:07 - 2012-04-20 14:41 - 00000000 ____D C:\Users\In Tandem\Documents\LIFE CHANGES 2013-09-08 17:40 - 2013-04-21 16:21 - 00000000 ____D C:\Users\In Tandem\Documents\Biology EA project 2013-09-08 17:40 - 2011-09-10 20:41 - 00000000 ____D C:\TAFC 2013-09-08 17:40 - 2011-09-10 15:19 - 00000000 ____D C:\Users\In Tandem\Documents\In tandem 2013-09-08 17:37 - 2011-09-10 16:55 - 00000000 ____D C:\Old In Tandem Invoices 2013-09-07 12:38 - 2011-09-26 19:19 - 00000000 ____D C:\ProgramData\Citrix 2013-09-07 12:38 - 2011-09-26 19:18 - 00000000 ____D C:\Users\In Tandem\AppData\Local\Citrix 2013-09-07 12:38 - 2011-09-26 19:18 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-09-07 12:33 - 2013-09-07 12:32 - 53565824 _____ (Citrix Systems, Inc.) C:\Users\In Tandem\Downloads\CitrixReceiverWeb.exe 2013-09-07 12:30 - 2013-09-05 07:00 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{DDAEFBDB-9CFB-42CA-96F6-5774B1D42550} 2013-09-06 17:59 - 2013-09-06 17:59 - 00903080 _____ (Oracle Corporation) C:\Users\In Tandem\Downloads\chromeinstall-7u25 (4).exe 2013-09-06 17:57 - 2013-09-06 17:58 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-09-06 17:57 - 2013-09-06 17:58 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-06 17:57 - 2013-09-06 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-06 17:57 - 2013-09-06 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-06 17:57 - 2013-09-06 17:58 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-06 17:57 - 2011-09-06 23:15 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-09-06 17:57 - 2010-04-27 04:39 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-06 17:54 - 2013-09-06 17:53 - 00903080 _____ (Oracle Corporation) C:\Users\In Tandem\Downloads\chromeinstall-7u25 (3).exe 2013-08-27 09:11 - 2010-04-27 04:15 - 00000000 ____D C:\Program Files\mcafee 2013-08-27 09:05 - 2013-08-27 09:04 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{61E2F8D5-C66D-465F-A3B8-7B552288881B} 2013-08-26 16:33 - 2013-08-22 10:58 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{593E1343-10F5-4346-8126-054423A2A4DC} 2013-08-23 09:50 - 2011-09-12 20:40 - 00000000 ____D C:\Users\In Tandem\AppData\Roaming\Suhe 2013-08-22 10:12 - 2012-02-25 10:31 - 00005607 _____ C:\test.xml 2013-08-22 08:57 - 2010-04-27 04:37 - 00000000 ____D C:\ProgramData\Skype 2013-08-22 08:54 - 2012-10-18 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-21 22:57 - 2013-08-10 17:03 - 00000000 ____D C:\Users\In Tandem\AppData\Local\{53C90829-FE5B-4455-A75B-DA8ABB7C4D42} 2013-08-21 09:25 - 2013-08-21 09:25 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-08-21 09:24 - 2013-08-21 09:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-21 09:24 - 2013-08-21 09:23 - 00000000 ____D C:\Program Files\iTunes 2013-08-21 09:24 - 2013-08-21 09:23 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-21 09:23 - 2013-08-21 09:23 - 00000000 ____D C:\Program Files\iPod Files to move or delete: ==================== C:\Users\In Tandem\CTX.DAT Some content of TEMP: ==================== C:\Users\In Tandem\AppData\Local\Temp\586B.exe C:\Users\In Tandem\AppData\Local\Temp\7EB5.exe C:\Users\In Tandem\AppData\Local\Temp\ApnStub.exe C:\Users\In Tandem\AppData\Local\Temp\AskSLib.dll C:\Users\In Tandem\AppData\Local\Temp\DealsPluginROW.exe C:\Users\In Tandem\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe C:\Users\In Tandem\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe C:\Users\In Tandem\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\In Tandem\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\In Tandem\AppData\Local\Temp\setup.exe C:\Users\In Tandem\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-11 00:14 ==================== End Of Log ============================