Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013 Ran by SYSTEM on 26-08-2013 11:19:36 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [344872 2010-03-15] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-26] (IDT, Inc.) HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] () HKLM\...\Run: [Skyhook Wireless XPS Service] - C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe [726856 2010-06-28] (Skyhook Wireless) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-01-27] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [MSN Toolbar] - "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [x] HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe [3331944 2009-12-03] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [536488 2013-05-08] (McAfee, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [536488 2013-05-08] (McAfee, Inc.) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKU\Bradford\...\Run: [Google Update] - C:\Users\Bradford\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-05-20] (Google Inc.) HKU\Bradford\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-09-22] (Microsoft Corporation) HKU\Bradford\...\Winlogon: [Shell] explorer.exe,C:\Users\Bradford\AppData\Roaming\skype.dat [170496 2011-11-16] (DigTech Software Int) <==== ATTENTION HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] () Startup: C:\Users\Bradford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Services (Whitelisted) ================= S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c521dcc548568ccf\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.) S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [174440 2013-05-08] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-04-11] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.) S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-02-28] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-04-03] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-04-03] (McAfee, Inc.) S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.) S2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [331512 2010-05-12] (QUALCOMM, Inc.) S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c521dcc548568ccf\STacSV64.exe [244736 2010-02-26] (IDT, Inc.) S2 xpssvc; C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe [919880 2010-06-28] (Skyhook Wireless) ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-04-03] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-04-03] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309968 2013-04-03] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [516608 2013-04-03] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [772944 2013-04-03] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [337120 2013-02-18] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95856 2013-02-18] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [342416 2013-04-03] (McAfee, Inc.) S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.) S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2010-05-12] (QUALCOMM Incorporated) S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [440832 2010-05-12] (QUALCOMM Incorporated) S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2010-05-12] (QUALCOMM Incorporated) S3 XPSVCOM; C:\Windows\System32\DRIVERS\XPSVCOM.sys [16896 2010-06-01] (Skyhook Wireless) S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-26 05:51 - 2013-08-26 05:51 - 00000000 ____D C:\Windows\System32\SPReview 2013-08-22 05:39 - 2013-08-26 07:11 - 00000004 _____ C:\Users\Bradford\AppData\Roaming\skype.ini 2013-08-16 05:04 - 2013-08-16 05:04 - 00000000 ____D C:\Windows\System32\MRT 2013-08-16 05:04 - 2013-08-16 05:04 - 00000000 ____D C:\77b92e7533a7710664afa03d628b01f0 2013-08-15 13:26 - 2012-05-28 06:28 - 00197264 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys ==================== One Month Modified Files and Folders ======= 2013-08-26 07:12 - 2009-07-13 21:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-26 07:11 - 2013-08-22 05:39 - 00000004 _____ C:\Users\Bradford\AppData\Roaming\skype.ini 2013-08-26 07:11 - 2012-02-07 18:24 - 00000000 ____D C:\Users\Bradford\Tracing 2013-08-26 07:11 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-26 07:11 - 2009-07-13 20:51 - 00096525 _____ C:\Windows\setupact.log 2013-08-26 07:00 - 2010-09-17 00:18 - 01952424 _____ C:\Windows\WindowsUpdate.log 2013-08-26 06:49 - 2009-07-13 21:13 - 00727182 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-26 06:49 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-26 06:49 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-26 06:29 - 2011-05-20 18:33 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1907468030-502022553-1166557208-1000UA.job 2013-08-26 06:02 - 2010-09-17 00:27 - 00258364 _____ C:\Windows\PFRO.log 2013-08-26 05:54 - 2011-05-20 18:33 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1907468030-502022553-1166557208-1000Core.job 2013-08-26 05:51 - 2013-08-26 05:51 - 00000000 ____D C:\Windows\System32\SPReview 2013-08-24 13:18 - 2013-07-23 19:04 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBradford 2013-08-24 13:18 - 2013-07-23 19:04 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForBradford.job 2013-08-22 10:02 - 2011-08-23 04:57 - 00000000 ____D C:\Users\Bradford\AppData\Local\CrashDumps 2013-08-22 05:43 - 2011-05-20 18:34 - 00002341 _____ C:\Users\Bradford\Desktop\Google Chrome.lnk 2013-08-20 19:33 - 2011-07-04 07:53 - 00000000 ____D C:\Program Files\Common Files\McAfee 2013-08-19 19:26 - 2013-01-16 19:46 - 00000000 ____D C:\Users\Bradford\AppData\Local\Windows Live 2013-08-16 05:04 - 2013-08-16 05:04 - 00000000 ____D C:\Windows\System32\MRT 2013-08-16 05:04 - 2013-08-16 05:04 - 00000000 ____D C:\77b92e7533a7710664afa03d628b01f0 2013-08-16 05:04 - 2011-08-02 08:27 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-08-15 14:24 - 2011-07-04 07:12 - 00000000 ____D C:\ProgramData\McAfee Files to move or delete: ==================== C:\Users\Bradford\AppData\Roaming\skype.dat C:\Users\Bradford\AppData\Roaming\skype.ini C:\Users\Bradford\AppData\Local\Temp\5692762189874811461593.exe C:\Users\Bradford\AppData\Local\Temp\ApnStub.exe C:\Users\Bradford\AppData\Local\Temp\Extract.exe C:\Users\Bradford\AppData\Local\Temp\GUR671B.exe C:\Users\Bradford\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Bradford\AppData\Local\Temp\HPQSi.exe C:\Users\Bradford\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Bradford\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Bradford\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe C:\Users\Bradford\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Bradford\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Bradford\AppData\Local\Temp\njskwr_w.dll C:\Users\Bradford\AppData\Local\Temp\Resource.exe C:\Users\Bradford\AppData\Local\Temp\setup.exe C:\Users\Bradford\AppData\Local\Temp\SP48591.exe C:\Users\Bradford\AppData\Local\Temp\sp52110.exe.exe C:\Users\Bradford\AppData\Local\Temp\sp54373.exe C:\Users\Bradford\AppData\Local\Temp\sp54620.exe C:\Users\Bradford\AppData\Local\Temp\SP56878.exe C:\Users\Bradford\AppData\Local\Temp\SP56929.exe C:\Users\Bradford\AppData\Local\Temp\SP57232.exe C:\Users\Bradford\AppData\Local\Temp\SP57698.exe C:\Users\Bradford\AppData\Local\Temp\sp58915.exe C:\Users\Bradford\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Bradford\AppData\Local\Temp\UninstallHPTCA.exe C:\Users\Bradford\AppData\Local\Temp\{BCFA7E50-C96A-4876-862C-081F9A94B05F}\InstallFlashPlayer.exe C:\Users\Bradford\AppData\Local\Temp\{A1126C31-DF89-430B-A521-D176A5F40B05}\ISBEW64.exe C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleCrashHandler.exe C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleCrashHandler64.exe C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleUpdate.exe C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleUpdateBroker.exe C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleUpdateOnDemand.exe C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleUpdateSetup.exe C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdate.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_am.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ar.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_bg.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_bn.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ca.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_cs.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_da.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_de.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_el.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_en-GB.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_en.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_es-419.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_es.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_et.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_fa.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_fi.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_fil.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_fr.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_gu.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_hi.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_hr.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_hu.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_id.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_is.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_it.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_iw.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ja.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_kn.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ko.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_lt.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_lv.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ml.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_mr.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ms.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_nl.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_no.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_pl.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_pt-BR.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_pt-PT.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ro.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ru.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_sk.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_sl.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_sr.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_sv.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_sw.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ta.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_te.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_th.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_tr.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_uk.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ur.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_vi.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_zh-CN.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_zh-TW.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\npGoogleUpdate3.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\psmachine.dll C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\psuser.dll C:\Users\Bradford\AppData\Local\Temp\{36D336DA-468E-43F1-8060-9EC84BDC7D00}\ISBEW64.exe C:\Users\Bradford\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\ISBEW64.exe C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\GoogleCrashHandler.exe C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\GoogleUpdate.exe C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\GoogleUpdateBroker.exe C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\GoogleUpdateOnDemand.exe C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdate.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_am.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ar.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_bg.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_bn.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ca.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_cs.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_da.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_de.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_el.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_en-GB.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_en.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_es-419.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_es.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_et.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_fa.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_fi.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_fil.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_fr.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_gu.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_hi.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_hr.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_hu.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_id.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_is.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_it.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_iw.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ja.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_kn.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ko.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_lt.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_lv.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ml.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_mr.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ms.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_nl.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_no.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_pl.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_pt-BR.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_pt-PT.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ro.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ru.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_sk.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_sl.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_sr.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_sv.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_sw.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ta.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_te.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_th.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_tr.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_uk.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ur.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_vi.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_zh-CN.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_zh-TW.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\npGoogleUpdate3.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\psmachine.dll C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\psuser.dll C:\Users\Bradford\AppData\Local\Temp\x86\HPWarrantyIDDll.dll C:\Users\Bradford\AppData\Local\Temp\x64\HPWarrantyIDDll.dll C:\Users\Bradford\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll C:\Users\Bradford\AppData\Local\Temp\Ceement\src\setup.exe C:\Users\Bradford\AppData\Local\Temp\CC5BC2B2A58C41C89F58D48F392AB2EC\HPNTDFButton2\7.1.361\JewelExtension.dll C:\Users\Bradford\AppData\Local\Temp\CC5BC2B2A58C41C89F58D48F392AB2EC\HPNTDFButton1\7.1.361\JewelExtension.dll C:\Users\Bradford\AppData\Local\Temp\B9FC.dir\InstallFlashPlayer.exe C:\Users\Bradford\AppData\Local\Temp\B79C.dir\InstallFlashPlayer.exe C:\Users\Bradford\AppData\Local\Temp\B55B.dir\InstallFlashPlayer.exe C:\Users\Bradford\AppData\Local\Temp\9730.dir\InstallFlashPlayer.exe C:\Users\Bradford\AppData\Local\Temp\88BF.dir\InstallFlashPlayer.exe C:\Users\Bradford\AppData\Local\Temp\8372.dir\InstallFlashPlayer.exe C:\Users\Bradford\AppData\Local\Temp\77EE.dir\InstallFlashPlayer.exe C:\Users\Bradford\AppData\Local\Temp\5EF2.dir\InstallFlashPlayer.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-26 05:51:08 ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 1786.9 MB Available physical RAM: 1190.39 MB Total Pagefile: 1786.9 MB Available Pagefile: 1181.87 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:279.56 GB) (Free:225.64 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:18.24 GB) (Free:2.64 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 84FC2B45) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=280 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-08-22 10:27 ==================== End Of Log ============================