Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Terminator needed for Stealth Cyberstalking Expert [Closed]


  • This topic is locked This topic is locked

#1
Bambi289

Bambi289

    Member

  • Member
  • PipPip
  • 14 posts
Stealth Cyber-stalker - worked at NetForensics, Tirgeo,Pragmatiec, Sophos, Eset.and now Logrhythm.. He sells $40,000 appliance to multi-million dollar companies like Merrill Lynch. He has destroyed my business and 17 peoples computers who have tried to help me. Sociopath.

Computer Security Specialist was helping. She says: "It takes someone at his skill level to prove or understand what he is capable of.."

6 Hacked computers going to forensics were stolen when she started helping me.

Challenges:

I do not get emails. People do not receive mine or they are altered.
My computer gets 404, 401, 505,4 errors and randomly shuts down all the time - especially if I am working on legal or getting support.
I had to write this TWICE - the first time I posted it completely disappeared.

I was not able to use GMER, etc. because they would not load or run or had errors but I used the recommendations exe.helper and it worked. Shut down message "..ran into a problem and needs to restart..

Domestic Violence Specialist put hi m in top 10% or most dangerous perpetrators. I have no privacy. He knows too much about me and stalks me via computers/technology but I cannot "prove" it is him bc of his expertise level.

I print screen messages and hard print now to prove I sent them but it is mind-numbing.

Facebook I have sent messages. They are time-stamped and print screened and people still did not get them. Middlemanware

Settings; I disable Bluetooth and it comes back on. I enable logs and error reporting and it is always turned off. He has "ownership and administrative privileges" of my computers at all times but his technology is designed to be stealth.

I know that at one point he used SpectorSoft pro and something from Eset ..

I've had technicians help in the past but then he is always able to "intrude" on my new computers or they did not understand fully what he is capable of.. I think I need to lock down ports, and only connect through a secure Ethernet etc.. but it is pointless to try those precautions until my computer is clean.Also I would like to sue him for malicious criminal invasion of privacy to I will be saving logs and activity.

This is just a Walmart computer but any help you could give me would be greatly appreciated.


TL logfile created on: 12/29/2013 4:35:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 42.84% Memory free
7.74 Gb Paging File | 5.69 Gb Available in Paging File | 73.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.42 Gb Total Space | 411.81 Gb Free Space | 90.03% Space Free | Partition Type: NTFS
Drive X: | 500.00 Mb Total Space | 228.57 Mb Free Space | 45.71% Space Free | Partition Type: NTFS
Drive Y: | 7.20 Gb Total Space | 0.30 Gb Free Space | 4.16% Space Free | Partition Type: NTFS

Computer Name: LOVE | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/29 16:34:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
PRC - [2013/12/29 15:50:02 | 000,377,856 | ---- | M] () -- C:\Users\Mary\Desktop\random.exe
PRC - [2013/11/06 15:00:10 | 000,151,848 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
PRC - [2013/11/06 14:59:20 | 001,167,656 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe
PRC - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
PRC - [2012/09/12 22:18:36 | 004,037,480 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2012/09/12 22:18:34 | 001,914,728 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/09 14:47:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/07/09 14:47:14 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/07 22:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/29 15:50:02 | 000,377,856 | ---- | M] () -- C:\Users\Mary\Desktop\random.exe
MOD - [2013/10/13 16:42:24 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8089e3484b45e44781f0c7a1a78881d5\System.IdentityModel.ni.dll
MOD - [2013/10/13 16:39:36 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\d8755f81e94bff4954c305caf7a93a05\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/10/12 15:16:45 | 001,075,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\32379693bdcd278fe2951267458193e4\System.ServiceModel.Web.ni.dll
MOD - [2013/10/12 15:16:00 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6029d35b6cfaf94b1d39ec54c724a8c7\System.Xml.Linq.ni.dll
MOD - [2013/10/12 13:49:27 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6606a84f8a4cdc18c74e63ec807c689\System.Windows.Forms.ni.dll
MOD - [2013/10/12 13:49:14 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\6b40a60180e23feff705e28e351e10e1\System.ServiceModel.ni.dll
MOD - [2013/10/12 13:48:51 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\e1c6945213ca43ec9769fe95576962ce\System.Runtime.Serialization.ni.dll
MOD - [2013/10/12 13:48:44 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c508451271803f1677317735db499f5c\System.Configuration.ni.dll
MOD - [2013/10/12 13:48:42 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3e52c3479469fe72eed0716b48859e91\WindowsBase.ni.dll
MOD - [2013/10/12 13:48:36 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\79e8b7b183668471ab364d4132fb8018\System.Core.ni.dll
MOD - [2013/08/31 12:44:28 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\0a71c7804f1648e41fafdd407af38c96\IAStorCommon.ni.dll
MOD - [2013/08/31 12:43:56 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\15412a4711e5447bd0a45681c8e355ab\IAStorUtil.ni.dll
MOD - [2013/08/31 12:43:52 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d438e7ec4899763070e7b5db3f166373\System.ServiceModel.Internals.ni.dll
MOD - [2013/08/31 12:43:52 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3df2fdd27a3e685ce5dda8bce4956e5b\SMDiagnostics.ni.dll
MOD - [2013/08/31 12:34:01 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\624ad6159b6e241ad6d28bf4dca9f14b\System.Xml.ni.dll
MOD - [2013/08/31 12:33:56 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\123cf617d7b6b31c44e39f8594f064c5\System.Xaml.ni.dll
MOD - [2013/08/31 12:32:51 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2e5a89ab2f90d59d374eb8d093602939\System.Management.ni.dll
MOD - [2013/08/31 12:32:48 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3603744988436295da5d16e76038e484\System.Drawing.ni.dll
MOD - [2013/08/31 12:32:40 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\972bf4ffab06e561447d12baf3b3dfa9\PresentationFramework.ni.dll
MOD - [2013/08/31 12:32:40 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\cb65dcc8c60f33d257283ef1416a2175\PresentationFramework.Aero2.ni.dll
MOD - [2013/08/31 12:32:26 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5b504b7cd800dcd6c06d841d94ca099a\PresentationCore.ni.dll
MOD - [2013/08/31 12:32:08 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll
MOD - [2013/08/31 12:31:58 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll
MOD - [2012/09/12 22:18:38 | 002,003,304 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2012/08/06 11:59:24 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012/08/06 11:59:16 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 22:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/06 20:16:40 | 000,007,168 | ---- | M] (Cirrus Logic) [Auto | Stopped] -- c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe -- (CirrusAudioService)
SRV:64bit: - [2012/08/06 20:12:02 | 000,099,696 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AECLSr64.exe -- (AECLFilters)
SRV:64bit: - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 22:08:48 | 000,011,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2012/07/25 22:08:45 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2012/07/25 22:08:33 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers)
SRV:64bit: - [2012/07/25 22:08:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2012/07/25 22:08:30 | 000,016,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:51 | 000,034,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2012/07/25 22:05:40 | 000,369,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/19 16:09:48 | 002,247,992 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2013/12/28 18:22:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/10 13:45:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/06 15:00:10 | 000,151,848 | ---- | M] (Sophos Limited) [On_Demand | Running] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool)
SRV - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe -- (MCLIENT)
SRV - [2012/10/06 00:12:10 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/12 22:18:34 | 001,914,728 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:20:59 | 000,010,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2012/07/25 22:20:56 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 22:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 22:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2012/07/25 22:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/09 14:47:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/19 21:25:39 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 19:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 17:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/27 00:02:10 | 000,651,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/06 00:12:34 | 009,004,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/03 12:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\MCLIENTx64\0302020.00C\ccsetx64.sys -- (ccSet_MCLIENT)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/06 20:12:02 | 000,041,328 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CSLFDx64.sys -- (CirrusLFD)
DRV:64bit: - [2012/08/05 01:22:10 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\DellRbtn.sys -- (DellRbtn)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:30:26 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 21:25:01 | 000,146,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/19 16:09:46 | 000,164,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/07/11 10:04:30 | 000,445,304 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012/07/10 15:00:56 | 006,824,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 21:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012/06/13 00:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV - [2013/12/28 11:04:20 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131228.006\ex64.sys -- (NAVEX15)
DRV - [2013/12/28 11:04:20 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131228.006\eng64.sys -- (NAVENG)
DRV - [2013/12/13 01:17:12 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131227.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/03 13:27:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/29 12:32:16 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/20 22:39:31 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EA33A3E5-AB0A-4A06-A611-1BF48D457D1B}
IE:64bit: - HKLM\..\SearchScopes\{EA33A3E5-AB0A-4A06-A611-1BF48D457D1B}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EA33A3E5-AB0A-4A06-A611-1BF48D457D1B}
IE - HKLM\..\SearchScopes\{EA33A3E5-AB0A-4A06-A611-1BF48D457D1B}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {8AE3B960-A6E1-4745-8B0F-E57A7AEA21EA}
IE - HKCU\..\SearchScopes\{2C648A44-81C4-4029-A980-F27D93F6FAB8}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{8AE3B960-A6E1-4745-8B0F-E57A7AEA21EA}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=278&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.23.4
FF - prefs.js..extensions.enabledAddons: %7B73007fef-a6e0-47d3-b4e7-dfc116ed6f65%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7BF32E7E42-9AFA-47CA-A0C4-D07EE651D404%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.2.3
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.type: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2013/12/29 15:58:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/11/20 18:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2013/09/02 11:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Extensions
[2013/12/17 10:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\hymemkmm.default\extensions
[2013/12/15 14:03:27 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\hymemkmm.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
[2013/12/17 10:34:45 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\hymemkmm.default\extensions\[email protected]
[2013/11/05 17:18:03 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\hymemkmm.default\extensions\[email protected]
[2013/11/05 18:10:04 | 000,003,771 | ---- | M] () (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\hymemkmm.default\extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi
[2013/11/06 11:05:58 | 000,002,531 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\hymemkmm.default\searchplugins\safesearch.xml
[2013/12/28 18:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/28 18:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/28 18:22:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/29 15:58:03 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\COFFPLGN
[2013/11/20 18:10:01 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox64.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Dell Audio] c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKCU..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB18565-B211-4604-B561-FBB02414F6C3}: DhcpNameServer = 172.41.1.171
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{804C0BC9-E39E-44B2-9070-0E6E717CA368}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox64.dll File not found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b11676f0-4fb4-11e3-be8d-642737f9b920}\Shell - "" = AutoRun
O33 - MountPoints2\{b11676f0-4fb4-11e3-be8d-642737f9b920}\Shell\AutoRun\command - "" = "E:\MotoCastSetup.exe" -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/29 16:50:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\3rd try otl.com
[2013/12/29 16:41:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\otl22222.scr
[2013/12/29 16:34:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2013/12/29 16:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/12/29 16:11:37 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/12/29 16:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013/12/29 16:05:07 | 081,357,672 | ---- | C] (Sophos Limited) -- C:\Users\Mary\Desktop\sopotool.exe
[2013/12/29 15:51:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/29 13:49:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2013/12/29 12:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/29 12:43:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/28 18:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/25 15:26:49 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Apple Computer
[2013/12/25 15:26:49 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Apple Computer
[2013/12/25 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/25 15:25:34 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/12/25 15:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/25 15:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/25 15:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/12/25 15:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/12/25 15:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/12/25 15:20:19 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Apple
[2013/12/25 15:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/12/25 15:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/12/25 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/25 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/12/25 15:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/12/25 15:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/12/16 17:38:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/16 17:38:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/16 17:37:51 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/16 17:37:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/16 17:37:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/16 17:37:41 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/12/16 17:37:23 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/16 17:37:06 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/12/16 17:37:06 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/12/16 17:37:06 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resutils.dll
[2013/12/16 17:37:06 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
[2013/12/16 17:37:05 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/12/16 17:37:05 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013/12/16 17:37:05 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resutils.dll
[2013/12/16 17:37:05 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/12/16 17:37:05 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clusapi.dll
[2013/12/16 17:37:05 | 000,285,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013/12/16 17:37:04 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/12/16 17:37:04 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/12/16 17:37:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/12/16 17:37:04 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/12/16 17:37:04 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/12/16 17:37:04 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/12/16 17:37:04 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/12/16 17:37:04 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/12/16 17:37:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/12/16 17:36:40 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrobj.dll
[2013/12/16 17:36:40 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/16 17:36:40 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2013/12/16 17:36:40 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/16 17:36:40 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/16 17:36:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/16 17:36:40 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/16 17:36:38 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/16 17:36:38 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/16 17:36:34 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/16 17:36:33 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/16 17:36:33 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/15 14:03:28 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2013/12/15 14:03:12 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/15 14:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/15 14:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
[2013/12/15 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Expert PDF Jobs
[2013/12/15 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Expert PDF 7
[2013/12/15 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2013/12/15 14:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest
[2013/12/15 14:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Weather Channel
[2013/12/15 14:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/12/15 14:01:59 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\FileAssociationManager
[2013/12/15 14:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileAssociationManager
[2013/12/15 14:01:56 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\The Weather Channel
[2013/12/15 13:20:27 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Musicnotes
[2013/12/15 13:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Musicnotes
[2013/12/15 13:20:12 | 000,000,000 | ---D | C] -- C:\Users\Mary\Documents\Musicnotes
[2013/12/15 13:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Musicnotes
[2013/12/15 13:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Musicnotes
[2013/12/15 13:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Musicnotes
[2013/12/10 13:45:05 | 009,272,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/06 11:01:14 | 000,078,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/06 11:01:13 | 000,694,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/04 19:57:06 | 013,661,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013/12/04 19:57:02 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013/12/04 19:56:56 | 001,173,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2013/12/04 19:56:56 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2013/12/04 19:56:56 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013/12/04 19:56:55 | 000,151,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013/12/04 19:56:53 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013/12/04 19:56:53 | 000,061,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013/12/04 19:56:35 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/12/04 19:56:29 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/12/04 19:56:22 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys
[2013/12/04 19:55:33 | 002,062,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/12/04 19:55:33 | 001,711,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/12/04 19:55:23 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/12/04 19:55:23 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/29 16:50:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\3rd try otl.com
[2013/12/29 16:49:13 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 16:45:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/29 16:41:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\otl22222.scr
[2013/12/29 16:34:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2013/12/29 16:11:37 | 000,003,201 | ---- | M] () -- C:\Users\Mary\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/29 16:09:14 | 000,000,000 | ---- | M] () -- C:\Users\Mary\Desktop\random.reg
[2013/12/29 16:09:08 | 000,000,000 | ---- | M] () -- C:\Users\Mary\Desktop\random.bat
[2013/12/29 16:05:07 | 081,357,672 | ---- | M] (Sophos Limited) -- C:\Users\Mary\Desktop\sopotool.exe
[2013/12/29 16:04:20 | 000,949,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/29 16:04:20 | 000,792,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/29 16:04:20 | 000,158,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/29 15:59:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/29 15:57:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/29 15:57:05 | 3321,122,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/29 15:51:37 | 582,492,442 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/29 15:50:02 | 000,377,856 | ---- | M] () -- C:\Users\Mary\Desktop\random.exe
[2013/12/29 12:43:41 | 000,001,135 | ---- | M] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/29 11:08:51 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\ArcadeParlor.job
[2013/12/29 10:28:09 | 000,434,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/25 15:26:41 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/25 00:55:27 | 000,000,215 | ---- | M] () -- C:\Users\Mary\Desktop\Help Terry Taylor.url
[2013/12/24 12:23:02 | 000,000,157 | ---- | M] () -- C:\Windows\SysWow64\SystemPreferences.xml
[2013/12/16 15:57:23 | 000,141,980 | ---- | M] () -- C:\Users\Mary\Documents\ResumeExamples.pdf
[2013/12/15 17:31:55 | 000,292,650 | ---- | M] () -- C:\Users\Mary\Documents\GAL.pdf
[2013/12/15 14:02:52 | 000,002,153 | ---- | M] () -- C:\Users\Public\Desktop\Expert PDF 7 Reader.lnk
[2013/12/15 13:20:13 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Musicnotes Player.lnk
[2013/12/10 13:45:05 | 009,272,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/06 17:29:23 | 000,032,361 | ---- | M] () -- C:\Users\Mary\Desktop\dear self.jpg
[2013/12/03 19:53:54 | 000,694,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/03 19:53:54 | 000,078,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/29 16:11:37 | 000,003,201 | ---- | C] () -- C:\Users\Mary\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/29 16:09:14 | 000,000,000 | ---- | C] () -- C:\Users\Mary\Desktop\random.reg
[2013/12/29 16:09:08 | 000,000,000 | ---- | C] () -- C:\Users\Mary\Desktop\random.bat
[2013/12/29 15:51:37 | 582,492,442 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/12/29 15:50:02 | 000,377,856 | ---- | C] () -- C:\Users\Mary\Desktop\random.exe
[2013/12/29 12:43:41 | 000,001,135 | ---- | C] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/29 12:43:40 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 10:27:53 | 000,434,392 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/25 15:26:41 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/25 15:20:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/12/25 00:55:27 | 000,000,215 | ---- | C] () -- C:\Users\Mary\Desktop\Help Terry Taylor.url
[2013/12/16 17:37:04 | 000,385,528 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/12/16 15:57:23 | 000,141,980 | ---- | C] () -- C:\Users\Mary\Documents\ResumeExamples.pdf
[2013/12/15 17:31:55 | 000,292,650 | ---- | C] () -- C:\Users\Mary\Documents\GAL.pdf
[2013/12/15 14:03:24 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\ArcadeParlor.job
[2013/12/15 14:02:52 | 000,002,153 | ---- | C] () -- C:\Users\Public\Desktop\Expert PDF 7 Reader.lnk
[2013/12/15 13:20:13 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Musicnotes Player.lnk
[2013/12/06 17:30:05 | 000,032,361 | ---- | C] () -- C:\Users\Mary\Desktop\dear self.jpg
[2013/11/29 18:58:10 | 000,000,157 | ---- | C] () -- C:\Windows\SysWow64\SystemPreferences.xml
[2013/10/16 20:21:49 | 000,007,638 | ---- | C] () -- C:\Users\Mary\AppData\Local\Resmon.ResmonCfg
[2013/09/11 17:51:12 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/09/02 11:34:08 | 000,000,258 | RHS- | C] () -- C:\Users\Mary\ntuser.pol
[2012/11/15 11:09:20 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/11/15 11:09:05 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/11/15 09:48:27 | 000,866,452 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/06 00:12:10 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/04/20 15:49:19 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 01:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 00:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >













OTL Extras logfile created on: 12/29/2013 4:35:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 42.84% Memory free
7.74 Gb Paging File | 5.69 Gb Available in Paging File | 73.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.42 Gb Total Space | 411.81 Gb Free Space | 90.03% Space Free | Partition Type: NTFS
Drive X: | 500.00 Mb Total Space | 228.57 Mb Free Space | 45.71% Space Free | Partition Type: NTFS
Drive Y: | 7.20 Gb Total Space | 0.30 Gb Free Space | 4.16% Space Free | Partition Type: NTFS

Computer Name: LOVE | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0797430B-29A7-4759-9197-ADFB2E0504A2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{19639FBF-6965-4F0B-A219-DBEAF656924B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{29E676DB-7AA9-47BC-862B-0BBDD8E2CD4C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{BE7D77D4-4851-4D4F-A223-18E6D4E3E9EA}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0356B944-6EF4-4772-8A62-B1F00E8529D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0378519A-4937-432A-8EEC-FAE5DE095A74}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{0A9ACF72-11BE-49F5-907F-826E3770248F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{13B26A90-A5C7-41BE-84EE-62DDE78A2663}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{22B703B6-EBBD-4534-89CE-95106C4AB398}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{24BBE964-1B04-4A42-B285-6C85023C1CEA}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{280B41A4-77B9-40C8-B4F4-A673028F1AC7}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{295F0E47-A843-4D40-97BD-D3E9BA748D97}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2BB5D53B-C6EA-4D84-9D5E-DAED75D869A4}" = dir=out | name=ebay |
"{2C68A6F5-BF18-44B9-BAEE-742272839EFA}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{36A0DA7F-FD24-4215-8CE0-89AF54D09EFC}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{36B2D205-B802-484D-8A11-E0FF67C472A8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3A207017-537C-40AB-8EF5-2D75D96704CF}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3B9F4731-446B-4947-8CF5-7D0D79193007}" = dir=in | name=hp printer control |
"{434269A6-D8E9-47ED-9D87-F3CC731B6F16}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4358AD52-6535-4727-8B82-2FF8569E3181}" = dir=out | name=kindle |
"{4395AD07-898D-452E-AD76-431F756461BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43D3A601-FF6A-49DF-A8D0-B19185791BE7}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{4F2E44BE-0774-4776-B7BE-79B154B9FFAC}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5D31D723-27C8-4BB0-905D-AC788118D475}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6EBF9C4E-67F2-46FB-9BA2-2A39013CB05F}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{786048D0-B8D3-43B6-9274-6C3E410B3494}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9094B1C4-52C6-4721-98C0-CE0936127EB1}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{94594AAA-C100-4B53-97DF-B2076BB240FE}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{994B748C-18E1-4FD1-975E-2147ABD64D65}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9F040CF5-5A6F-4FBA-AF5F-1E9FA5CD3246}" = dir=in | name=ebay |
"{A6D6B075-C31C-4A50-B5C5-E94DC083DF03}" = dir=out | n[email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{AE3A934A-E1E2-4900-BC88-A654D3F4793A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{B2E55563-B512-488B-A293-D6547DC0CDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{B932404D-ED9D-4A99-B0A9-50C9B67F56A0}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{BC4C4B2B-6800-422F-9E21-758E01FA884B}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{C5E0EC4B-5096-4DA7-B7F3-B9273F50D9A4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{CB37A6B6-E9AD-402A-94F2-21000CEDC402}" = dir=in | name=kindle |
"{CCA1E379-34E4-49FA-BB24-A22DA9B9AEF6}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{D420647D-5F5A-4EDC-9000-5568175779D6}" = dir=in | name=amazon for windows |
"{DA45AA28-76A9-4AF7-9646-FB4492AC0614}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DF0AFB61-0F70-4A70-8CB0-4B5363084D51}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{DFBDD96B-38C0-4ED3-B7A3-06F45982FD7F}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{DFCFCE0B-855A-4F3E-8D03-963A6710B16A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E3403595-C96D-425C-8DB4-43712AA009C3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E3955AAB-720B-450E-AB8B-493BCF1BCEB6}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F41F0B2D-DD51-4780-8446-E979C33A8B94}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F6957548-43EE-49E8-808E-D00A4667222E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{F86BD490-5D72-4D29-AEAA-E677722C17E2}" = dir=out | name=amazon for windows |
"{FC5CCFEE-97A7-4B40-B44C-C7FA1FCB42F1}" = dir=out | name=hp printer control |
"{FE564E1B-9223-44C6-B260-30780A010A52}" = dir=out | name=dell shop |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{327AD405-F05D-4AB9-81DB-CA6964C5D7C8}" = Cirrus Logic Audio Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"DW WLAN Card" = DW WLAN Card
"PC-Doctor for Windows" = My Dell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228288D-975E-42F7-9993-E91A82E6BBD9}" = CWA Reminder by We-Care.com v4.1.24.3
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E08426B6-7ADC-439F-1739-EA9938651933}" = Bulkr
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = Expert PDF 7 Reader
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.prakaz.project.photogettr" = Bulkr
"FileAssociationManager" = File Association Manager
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCLIENT" = Norton Management
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Musicnotes Player_is1" = Musicnotes Player V1.32.2 and Viewer V1.19.0
"N360" = Norton 360
"PrintProjects" = PrintProjects
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2013 9:24:59 PM | Computer Name = Love | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fa64 Start
Time: 01cf00c38da673c9 Termination Time: 3044 Application Path: C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE Report Id: 56492f44-6d03-11e3-be98-642737f9b920

Faulting
package full name: Faulting package-relative application ID:

Error - 12/24/2013 9:27:18 PM | Computer Name = Love | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cf8 Start
Time: 01cefd9772074d4c Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe

Report
Id: 47c1f492-6d03-11e3-be98-642737f9b920 Faulting package full name: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: Microsoft.WindowsLive.Mail

Error - 12/25/2013 12:03:03 PM | Computer Name = Love | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d4b0 Start
Time: 01cf0184d319d24c Termination Time: 32 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 05bb4250-6d7e-11e3-be98-642737f9b920 Faulting package
full name: Faulting package-relative application ID:

Error - 12/25/2013 12:04:35 PM | Computer Name = Love | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c63c Start
Time: 01cf018aca8498a1 Termination Time: 46 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 3d63dba5-6d7e-11e3-be98-642737f9b920 Faulting package
full name: Faulting package-relative application ID:

Error - 12/25/2013 3:07:05 PM | Computer Name = Love | Source = .NET Runtime | ID = 1026
Description =

Error - 12/25/2013 3:07:08 PM | Computer Name = Love | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrcui.exe, version: 6.0.6308.28, time
stamp: 0x5226cda4 Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451,
time stamp: 0x50988aa6 Exception code: 0xe0434352 Fault offset: 0x000000000003811c
Faulting
process id: 0xd45c Faulting application start time: 0x01cf01a47daed56d Faulting application
path: C:\Program Files\My Dell\pcdrcui.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: bfcef3a1-6d97-11e3-be98-642737f9b920 Faulting package full name: Faulting package-relative
application ID:

Error - 12/25/2013 9:15:39 PM | Computer Name = Love | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: MSHTML.dll, version: 10.0.9200.16750,
time stamp: 0x5269d985 Exception code: 0xc0000005 Fault offset: 0x001f9d40 Faulting
process id: 0x128a4 Faulting application start time: 0x01cf01c47cc042ee Faulting
application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting
module path: C:\Windows\SYSTEM32\MSHTML.dll Report Id: 3a9abf39-6dcb-11e3-be98-642737f9b920
Faulting
package full name: Faulting package-relative application ID:

Error - 12/26/2013 4:23:36 AM | Computer Name = Love | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/26/2013 4:23:37 AM | Computer Name = Love | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15547

Error - 12/26/2013 4:23:37 AM | Computer Name = Love | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15547

Error - 12/26/2013 12:52:18 PM | Computer Name = Love | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 12/6/2013 12:00:37 PM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 12/7/2013 5:44:01 PM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 12/11/2013 12:10:00 AM | Computer Name = Love | Source = DCOM | ID = 10010
Description =

Error - 12/11/2013 12:10:00 AM | Computer Name = Love | Source = DCOM | ID = 10010
Description =

Error - 12/12/2013 6:19:41 PM | Computer Name = Love | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:04:12 PM on ?12/?12/?2013 was unexpected.

Error - 12/12/2013 6:20:28 PM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 12/13/2013 1:55:17 AM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 12/16/2013 1:57:31 PM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 12/20/2013 11:19:32 AM | Computer Name = Love | Source = Service Control Manager | ID = 7043
Description = The Windows Modules Installer service did not shut down properly after
receiving a preshutdown control.

Error - 12/20/2013 11:22:26 AM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.


< End of report >
  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hello Bambi289 and :welcome:

My name is Machiavelli and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be reviewed by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

  • Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
  • Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
  • Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
  • If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
  • Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
  • Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
  • Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
  • If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed

 

I'll come back with an answer some time later today. Don't worry, we will fix your problem.
  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hello!

I must say I do only see some Adware. But we take a deeper look into your system later.

  • You said you run exeHelper? Can you please post the Log? It is called exehelperlog.txt and it is saved under the same directory where you saved exeHelper
  • Also, you said your second post disappeared ... I can still see it - it is located here - are you able to see it?
  • Which error Codes do you receive when you start GMER?

Also, I like to ask about these files:

[2013/12/29 16:09:14 | 000,000,000 | ---- | M] () -- C:\Users\Mary\Desktop\random.reg
[2013/12/29 16:09:08 | 000,000,000 | ---- | M] () -- C:\Users\Mary\Desktop\random.bat
[2013/12/29 15:50:02 | 000,377,856 | ---- | M] () -- C:\Users\Mary\Desktop\random.exe


They are located under your desktop. What are these files? Are they legit?

 

  • Step 1: OTL Fix

  • Right click on the OTL icon and select Run as Administrator.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    IE - HKCU\..\SearchScopes\{2C648A44-81C4-4029-A980-F27D93F6FAB8}: "URL" = http://search.condui...q={searchTerms}
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=278&lng=en
    FF - prefs.js..network.proxy.type: 4
    [2013/12/15 14:03:27 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\hymemkmm.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
    [2013/12/17 10:34:45 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\hymemkmm.default\extensions\[email protected]
    [2013/11/06 11:05:58 | 000,002,531 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\hymemkmm.default\searchplugins\safesearch.xml
    O2:64bit: - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox64.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox64.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox64.dll File not found
    O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll File not found
    O33 - MountPoints2\{b11676f0-4fb4-11e3-be8d-642737f9b920}\Shell - "" = AutoRun
    O33 - MountPoints2\{b11676f0-4fb4-11e3-be8d-642737f9b920}\Shell\AutoRun\command - "" = "E:\MotoCastSetup.exe" -a
    [2013/12/15 14:03:28 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • Your computer will restart - after this restart a text file will open - please post the content of that file into your next reply

  • Step 2: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

  • Step 3: JRT Run

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Things I need to see in your next post:

  • exeHelper Logfile
  • OTL Fix Log
  • Adwarecleaner Log
  • JRT Log
  • Answers to my questions

  • 0

#4
Bambi289

Bambi289

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you!

the random.exe file was gmer - I just renamed it as instructed before saving it to my desktop. :)

Exehelper logfile
exeHelper by Raktor
Build 20100414
Run at 16:45:21 on 12/29/13
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

----------------------------------------------------


So I just want to update you: I cut and copied and followed lots of steps then my post got and error and was completely deleted.?
Then I was signed out - and I didn't sign out of Geekstogo -
Next I tried to log in and gave my KNOWN username and KNOWN password - and the sign in said - "wrong username or password I had to reset my password - which meant I clicked "copy" twice and LOST all my work - to try to sign in again!
I know I did NOT change my password and it was correct - but *password stripping* has been a "game" of my cyber-stalker for years! I set this up yesterday and used the most non forgettable password I have, andn I typed it correctly.
HE is monitoring this computer and effing with me for his own sadist thrills - :( When I finally completely all the requested information and typed up the error messages and hit *save changes" my computer froze and I got a message which I screenshot - cannot connect to geekstogo.com I lost all the work for the 3rd time.

I will begin again - and try to get this done again tonight -PLEASE be patient with me.

Also the topic is "locked' and this option "edit" is the only way for me to post. I am hoping that is correct and will work fine.

GMER errors codes known : Ntuser.dat and system32 cannot be a processed cannot access the file because they are in use by another process
GMER error users\Mary\Appdata\Local\Temp\fxloapow.sys couldn't be deleted Error 0x000000002!: the system cannot find the file specified -
GMER errors other - similar to above - I only have screenshots of those three but there were more. I don't have a place to attach the screenshots to the post or I would - please direct me if you need them.

------------------------------------------------------------------------

OTL FIX LOG -

OTL logfile created on: 12/29/2013 4:50:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 39.58% Memory free
7.74 Gb Paging File | 5.66 Gb Available in Paging File | 73.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.42 Gb Total Space | 411.85 Gb Free Space | 90.04% Space Free | Partition Type: NTFS
Drive X: | 500.00 Mb Total Space | 228.57 Mb Free Space | 45.71% Space Free | Partition Type: NTFS
Drive Y: | 7.20 Gb Total Space | 0.30 Gb Free Space | 4.16% Space Free | Partition Type: NTFS

Computer Name: LOVE | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/29 16:50:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\3rd try otl.com
PRC - [2013/12/29 16:48:35 | 000,712,264 | ---- | M] () -- C:\Users\Mary\AppData\Local\Temp\is-NJUG3.tmp\mbam-setup-1.75.0.1300.tmp
PRC - [2013/12/29 16:48:31 | 000,712,264 | ---- | M] () -- C:\Users\Mary\AppData\Local\Temp\is-1K6PS.tmp\mbam-setup-1.75.0.1300.tmp
PRC - [2013/12/29 16:48:20 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4O1ZU7D\mbam-setup-1.75.0.1300.exe
PRC - [2013/12/29 16:45:15 | 000,294,400 | ---- | M] () -- C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B062ZGL\exeHelper.com
PRC - [2013/12/29 16:34:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
PRC - [2013/12/29 15:50:02 | 000,377,856 | ---- | M] () -- C:\Users\Mary\Desktop\random.exe
PRC - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
PRC - [2012/09/12 22:18:36 | 004,037,480 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2012/09/12 22:18:34 | 001,914,728 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2012/07/25 22:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/09 14:47:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/07/09 14:47:14 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/07 22:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/29 16:48:35 | 000,712,264 | ---- | M] () -- C:\Users\Mary\AppData\Local\Temp\is-NJUG3.tmp\mbam-setup-1.75.0.1300.tmp
MOD - [2013/12/29 16:48:31 | 000,712,264 | ---- | M] () -- C:\Users\Mary\AppData\Local\Temp\is-1K6PS.tmp\mbam-setup-1.75.0.1300.tmp
MOD - [2013/12/29 16:45:15 | 000,294,400 | ---- | M] () -- C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B062ZGL\exeHelper.com
MOD - [2013/12/29 15:50:02 | 000,377,856 | ---- | M] () -- C:\Users\Mary\Desktop\random.exe
MOD - [2013/10/13 16:42:24 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8089e3484b45e44781f0c7a1a78881d5\System.IdentityModel.ni.dll
MOD - [2013/10/13 16:39:36 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\d8755f81e94bff4954c305caf7a93a05\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/10/12 15:16:45 | 001,075,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\32379693bdcd278fe2951267458193e4\System.ServiceModel.Web.ni.dll
MOD - [2013/10/12 15:16:00 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6029d35b6cfaf94b1d39ec54c724a8c7\System.Xml.Linq.ni.dll
MOD - [2013/10/12 13:49:27 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6606a84f8a4cdc18c74e63ec807c689\System.Windows.Forms.ni.dll
MOD - [2013/10/12 13:49:14 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\6b40a60180e23feff705e28e351e10e1\System.ServiceModel.ni.dll
MOD - [2013/10/12 13:48:51 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\e1c6945213ca43ec9769fe95576962ce\System.Runtime.Serialization.ni.dll
MOD - [2013/10/12 13:48:44 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c508451271803f1677317735db499f5c\System.Configuration.ni.dll
MOD - [2013/10/12 13:48:42 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3e52c3479469fe72eed0716b48859e91\WindowsBase.ni.dll
MOD - [2013/10/12 13:48:36 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\79e8b7b183668471ab364d4132fb8018\System.Core.ni.dll
MOD - [2013/08/31 12:44:28 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\0a71c7804f1648e41fafdd407af38c96\IAStorCommon.ni.dll
MOD - [2013/08/31 12:43:56 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\15412a4711e5447bd0a45681c8e355ab\IAStorUtil.ni.dll
MOD - [2013/08/31 12:43:52 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d438e7ec4899763070e7b5db3f166373\System.ServiceModel.Internals.ni.dll
MOD - [2013/08/31 12:43:52 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3df2fdd27a3e685ce5dda8bce4956e5b\SMDiagnostics.ni.dll
MOD - [2013/08/31 12:34:01 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\624ad6159b6e241ad6d28bf4dca9f14b\System.Xml.ni.dll
MOD - [2013/08/31 12:33:56 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\123cf617d7b6b31c44e39f8594f064c5\System.Xaml.ni.dll
MOD - [2013/08/31 12:32:51 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2e5a89ab2f90d59d374eb8d093602939\System.Management.ni.dll
MOD - [2013/08/31 12:32:48 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3603744988436295da5d16e76038e484\System.Drawing.ni.dll
MOD - [2013/08/31 12:32:40 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\972bf4ffab06e561447d12baf3b3dfa9\PresentationFramework.ni.dll
MOD - [2013/08/31 12:32:40 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\cb65dcc8c60f33d257283ef1416a2175\PresentationFramework.Aero2.ni.dll
MOD - [2013/08/31 12:32:26 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5b504b7cd800dcd6c06d841d94ca099a\PresentationCore.ni.dll
MOD - [2013/08/31 12:32:08 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll
MOD - [2013/08/31 12:31:58 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll
MOD - [2012/09/12 22:18:38 | 002,003,304 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2012/08/06 11:59:24 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012/08/06 11:59:16 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 22:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/06 20:16:40 | 000,007,168 | ---- | M] (Cirrus Logic) [Auto | Stopped] -- c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe -- (CirrusAudioService)
SRV:64bit: - [2012/08/06 20:12:02 | 000,099,696 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AECLSr64.exe -- (AECLFilters)
SRV:64bit: - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 22:08:48 | 000,011,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2012/07/25 22:08:45 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2012/07/25 22:08:33 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers)
SRV:64bit: - [2012/07/25 22:08:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2012/07/25 22:08:30 | 000,016,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:51 | 000,034,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2012/07/25 22:05:40 | 000,369,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/19 16:09:48 | 002,247,992 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2013/12/28 18:22:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/10 13:45:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe -- (MCLIENT)
SRV - [2012/10/06 00:12:10 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/12 22:18:34 | 001,914,728 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:20:59 | 000,010,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2012/07/25 22:20:56 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 22:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 22:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2012/07/25 22:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/09 14:47:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/19 21:25:39 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 19:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 17:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | Disabled | Stop_Pending] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/27 00:02:10 | 000,651,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/06 00:12:34 | 009,004,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/03 12:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\MCLIENTx64\0302020.00C\ccsetx64.sys -- (ccSet_MCLIENT)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/06 20:12:02 | 000,041,328 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CSLFDx64.sys -- (CirrusLFD)
DRV:64bit: - [2012/08/05 01:22:10 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\DellRbtn.sys -- (DellRbtn)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:30:26 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 21:25:01 | 000,146,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/19 16:09:46 | 000,164,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/07/11 10:04:30 | 000,445,304 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012/07/10 15:00:56 | 006,824,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 21:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012/06/13 00:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV - [2013/12/28 11:04:20 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131228.006\ex64.sys -- (NAVEX15)
DRV - [2013/12/28 11:04:20 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131228.006\eng64.sys -- (NAVENG)
DRV - [2013/12/13 01:17:12 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131227.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/03 13:27:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/29 12:32:16 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/20 22:39:31 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EA33A3E5-AB0A-4A06-A611-1BF48D457D1B}
IE:64bit: - HKLM\..\SearchScopes\{EA33A3E5-AB0A-4A06-A611-1BF48D457D1B}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EA33A3E5-AB0A-4A06-A611-1BF48D457D1B}
IE - HKLM\..\SearchScopes\{EA33A3E5-AB0A-4A06-A611-1BF48D457D1B}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {8AE3B960-A6E1-4745-8B0F-E57A7AEA21EA}
IE - HKCU\..\SearchScopes\{2C648A44-81C4-4029-A980-F27D93F6FAB8}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{8AE3B960-A6E1-4745-8B0F-E57A7AEA21EA}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=278&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.23.4
FF - prefs.js..extensions.enabledAddons: %7B73007fef-a6e0-47d3-b4e7-dfc116ed6f65%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7BF32E7E42-9AFA-47CA-A0C4-D07EE651D404%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.2.3
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.type: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2013/12/29 15:58:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/11/20 18:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2013/09/02 11:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Extensions
[2013/12/17 10:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\hymemkmm.default\extensions
[2013/12/15 14:03:27 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\hymemkmm.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
[2013/12/17 10:34:45 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\Mary\AppData\Roaming\mozilla\Firefox\Profiles\hymemkmm.default\extensions\[email protected]
[2013/11/05 17:18:03 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\hymemkmm.default\extensions\[email protected]
[2013/11/05 18:10:04 | 000,003,771 | ---- | M] () (No name found) -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\hymemkmm.default\extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi
[2013/11/06 11:05:58 | 000,002,531 | ---- | M] () -- C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\hymemkmm.default\searchplugins\safesearch.xml
[2013/12/28 18:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/28 18:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/28 18:22:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/29 15:58:03 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\COFFPLGN
[2013/11/20 18:10:01 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox64.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Dell Audio] c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKCU..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB18565-B211-4604-B561-FBB02414F6C3}: DhcpNameServer = 172.41.1.171
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{804C0BC9-E39E-44B2-9070-0E6E717CA368}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox64.dll File not found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b11676f0-4fb4-11e3-be8d-642737f9b920}\Shell - "" = AutoRun
O33 - MountPoints2\{b11676f0-4fb4-11e3-be8d-642737f9b920}\Shell\AutoRun\command - "" = "E:\MotoCastSetup.exe" -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/29 16:50:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\3rd try otl.com
[2013/12/29 16:41:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\otl22222.scr
[2013/12/29 16:34:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2013/12/29 16:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/12/29 16:11:37 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/12/29 16:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013/12/29 16:05:07 | 081,357,672 | ---- | C] (Sophos Limited) -- C:\Users\Mary\Desktop\sopotool.exe
[2013/12/29 15:51:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/29 13:49:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2013/12/29 12:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/29 12:43:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/28 18:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/25 15:26:49 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Apple Computer
[2013/12/25 15:26:49 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Apple Computer
[2013/12/25 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/25 15:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/25 15:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/25 15:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/12/25 15:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/12/25 15:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/12/25 15:20:19 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\Apple
[2013/12/25 15:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/12/25 15:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/12/25 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/25 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/12/25 15:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/12/25 15:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/12/15 14:03:28 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2013/12/15 14:03:12 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/15 14:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/15 14:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest
[2013/12/15 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Expert PDF Jobs
[2013/12/15 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Expert PDF 7
[2013/12/15 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2013/12/15 14:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest
[2013/12/15 14:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Weather Channel
[2013/12/15 14:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/12/15 14:01:59 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\FileAssociationManager
[2013/12/15 14:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileAssociationManager
[2013/12/15 14:01:56 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Local\The Weather Channel
[2013/12/15 13:20:27 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\Musicnotes
[2013/12/15 13:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Musicnotes
[2013/12/15 13:20:12 | 000,000,000 | ---D | C] -- C:\Users\Mary\Documents\Musicnotes
[2013/12/15 13:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Musicnotes
[2013/12/15 13:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Musicnotes
[2013/12/15 13:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Musicnotes
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/29 17:07:00 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\ArcadeParlor.job
[2013/12/29 16:50:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\3rd try otl.com
[2013/12/29 16:49:13 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 16:45:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/29 16:41:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\otl22222.scr
[2013/12/29 16:34:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe
[2013/12/29 16:11:37 | 000,003,201 | ---- | M] () -- C:\Users\Mary\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/29 16:09:14 | 000,000,000 | ---- | M] () -- C:\Users\Mary\Desktop\random.reg
[2013/12/29 16:09:08 | 000,000,000 | ---- | M] () -- C:\Users\Mary\Desktop\random.bat
[2013/12/29 16:05:07 | 081,357,672 | ---- | M] (Sophos Limited) -- C:\Users\Mary\Desktop\sopotool.exe
[2013/12/29 16:04:20 | 000,949,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/29 16:04:20 | 000,792,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/29 16:04:20 | 000,158,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/29 15:59:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/29 15:57:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/29 15:57:05 | 3321,122,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/29 15:51:37 | 582,492,442 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/29 15:50:02 | 000,377,856 | ---- | M] () -- C:\Users\Mary\Desktop\random.exe
[2013/12/29 12:43:41 | 000,001,135 | ---- | M] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/29 10:28:09 | 000,434,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/25 15:26:41 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/25 00:55:27 | 000,000,215 | ---- | M] () -- C:\Users\Mary\Desktop\Help Terry Taylor.url
[2013/12/24 12:23:02 | 000,000,157 | ---- | M] () -- C:\Windows\SysWow64\SystemPreferences.xml
[2013/12/16 15:57:23 | 000,141,980 | ---- | M] () -- C:\Users\Mary\Documents\ResumeExamples.pdf
[2013/12/15 17:31:55 | 000,292,650 | ---- | M] () -- C:\Users\Mary\Documents\GAL.pdf
[2013/12/15 14:02:52 | 000,002,153 | ---- | M] () -- C:\Users\Public\Desktop\Expert PDF 7 Reader.lnk
[2013/12/15 13:20:13 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Musicnotes Player.lnk
[2013/12/06 17:29:23 | 000,032,361 | ---- | M] () -- C:\Users\Mary\Desktop\dear self.jpg
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/29 16:11:37 | 000,003,201 | ---- | C] () -- C:\Users\Mary\Desktop\Sophos Virus Removal Tool.lnk
[2013/12/29 16:09:14 | 000,000,000 | ---- | C] () -- C:\Users\Mary\Desktop\random.reg
[2013/12/29 16:09:08 | 000,000,000 | ---- | C] () -- C:\Users\Mary\Desktop\random.bat
[2013/12/29 15:51:37 | 582,492,442 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/12/29 15:50:02 | 000,377,856 | ---- | C] () -- C:\Users\Mary\Desktop\random.exe
[2013/12/29 12:43:41 | 000,001,135 | ---- | C] () -- C:\Users\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/29 12:43:40 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 10:27:53 | 000,434,392 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/25 15:26:41 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/25 15:20:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/12/25 00:55:27 | 000,000,215 | ---- | C] () -- C:\Users\Mary\Desktop\Help Terry Taylor.url
[2013/12/16 17:37:04 | 000,385,528 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/12/16 15:57:23 | 000,141,980 | ---- | C] () -- C:\Users\Mary\Documents\ResumeExamples.pdf
[2013/12/15 17:31:55 | 000,292,650 | ---- | C] () -- C:\Users\Mary\Documents\GAL.pdf
[2013/12/15 14:03:24 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\ArcadeParlor.job
[2013/12/15 14:02:52 | 000,002,153 | ---- | C] () -- C:\Users\Public\Desktop\Expert PDF 7 Reader.lnk
[2013/12/15 13:20:13 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Musicnotes Player.lnk
[2013/12/06 17:30:05 | 000,032,361 | ---- | C] () -- C:\Users\Mary\Desktop\dear self.jpg
[2013/11/29 18:58:10 | 000,000,157 | ---- | C] () -- C:\Windows\SysWow64\SystemPreferences.xml
[2013/10/16 20:21:49 | 000,007,638 | ---- | C] () -- C:\Users\Mary\AppData\Local\Resmon.ResmonCfg
[2013/09/11 17:51:12 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/09/02 11:34:08 | 000,000,258 | RHS- | C] () -- C:\Users\Mary\ntuser.pol
[2012/11/15 11:09:20 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/11/15 11:09:05 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/11/15 09:48:27 | 000,866,452 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/06 00:12:10 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/04/20 15:49:19 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 01:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 00:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/22 14:45:23 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\com.prakaz.project.photogettr
[2013/12/15 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\FileAssociationManager
[2013/08/25 19:45:19 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Leadertech
[2013/12/15 13:44:48 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Musicnotes
[2013/08/29 17:33:17 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\PCDr
[2013/10/12 12:09:49 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Temp
[2013/10/10 17:58:04 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\WebApp

========== Purity Check ==========



< End of report >
---------------------------------------------------------------------------

OTL Extras logfile created on: 12/29/2013 4:50:44 PM - Run 1


OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 39.58% Memory free
7.74 Gb Paging File | 5.66 Gb Available in Paging File | 73.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.42 Gb Total Space | 411.85 Gb Free Space | 90.04% Space Free | Partition Type: NTFS
Drive X: | 500.00 Mb Total Space | 228.57 Mb Free Space | 45.71% Space Free | Partition Type: NTFS
Drive Y: | 7.20 Gb Total Space | 0.30 Gb Free Space | 4.16% Space Free | Partition Type: NTFS

Computer Name: LOVE | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0797430B-29A7-4759-9197-ADFB2E0504A2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{19639FBF-6965-4F0B-A219-DBEAF656924B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{29E676DB-7AA9-47BC-862B-0BBDD8E2CD4C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{BE7D77D4-4851-4D4F-A223-18E6D4E3E9EA}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0356B944-6EF4-4772-8A62-B1F00E8529D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0378519A-4937-432A-8EEC-FAE5DE095A74}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{0A9ACF72-11BE-49F5-907F-826E3770248F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{13B26A90-A5C7-41BE-84EE-62DDE78A2663}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{22B703B6-EBBD-4534-89CE-95106C4AB398}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{24BBE964-1B04-4A42-B285-6C85023C1CEA}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{280B41A4-77B9-40C8-B4F4-A673028F1AC7}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{295F0E47-A843-4D40-97BD-D3E9BA748D97}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2BB5D53B-C6EA-4D84-9D5E-DAED75D869A4}" = dir=out | name=ebay |
"{2C68A6F5-BF18-44B9-BAEE-742272839EFA}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{36A0DA7F-FD24-4215-8CE0-89AF54D09EFC}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{36B2D205-B802-484D-8A11-E0FF67C472A8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3A207017-537C-40AB-8EF5-2D75D96704CF}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3B9F4731-446B-4947-8CF5-7D0D79193007}" = dir=in | name=hp printer control |
"{434269A6-D8E9-47ED-9D87-F3CC731B6F16}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4358AD52-6535-4727-8B82-2FF8569E3181}" = dir=out | name=kindle |
"{4395AD07-898D-452E-AD76-431F756461BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43D3A601-FF6A-49DF-A8D0-B19185791BE7}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{4F2E44BE-0774-4776-B7BE-79B154B9FFAC}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5D31D723-27C8-4BB0-905D-AC788118D475}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6EBF9C4E-67F2-46FB-9BA2-2A39013CB05F}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{786048D0-B8D3-43B6-9274-6C3E410B3494}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9094B1C4-52C6-4721-98C0-CE0936127EB1}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{94594AAA-C100-4B53-97DF-B2076BB240FE}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{994B748C-18E1-4FD1-975E-2147ABD64D65}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9F040CF5-5A6F-4FBA-AF5F-1E9FA5CD3246}" = dir=in | name=ebay |
"{A6D6B075-C31C-4A50-B5C5-E94DC083DF03}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{AE3A934A-E1E2-4900-BC88-A654D3F4793A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{B2E55563-B512-488B-A293-D6547DC0CDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{B932404D-ED9D-4A99-B0A9-50C9B67F56A0}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{BC4C4B2B-6800-422F-9E21-758E01FA884B}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{C5E0EC4B-5096-4DA7-B7F3-B9273F50D9A4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{CB37A6B6-E9AD-402A-94F2-21000CEDC402}" = dir=in | name=kindle |
"{CCA1E379-34E4-49FA-BB24-A22DA9B9AEF6}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{D420647D-5F5A-4EDC-9000-5568175779D6}" = dir=in | name=amazon for windows |
"{DA45AA28-76A9-4AF7-9646-FB4492AC0614}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DF0AFB61-0F70-4A70-8CB0-4B5363084D51}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{DFBDD96B-38C0-4ED3-B7A3-06F45982FD7F}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{DFCFCE0B-855A-4F3E-8D03-963A6710B16A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E3403595-C96D-425C-8DB4-43712AA009C3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E3955AAB-720B-450E-AB8B-493BCF1BCEB6}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F41F0B2D-DD51-4780-8446-E979C33A8B94}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F6957548-43EE-49E8-808E-D00A4667222E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{F86BD490-5D72-4D29-AEAA-E677722C17E2}" = dir=out | name=amazon for windows |
"{FC5CCFEE-97A7-4B40-B44C-C7FA1FCB42F1}" = dir=out | name=hp printer control |
"{FE564E1B-9223-44C6-B260-30780A010A52}" = dir=out | name=dell shop |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{327AD405-F05D-4AB9-81DB-CA6964C5D7C8}" = Cirrus Logic Audio Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"DW WLAN Card" = DW WLAN Card
"PC-Doctor for Windows" = My Dell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228288D-975E-42F7-9993-E91A82E6BBD9}" = CWA Reminder by We-Care.com v4.1.24.3
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E08426B6-7ADC-439F-1739-EA9938651933}" = Bulkr
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = Expert PDF 7 Reader
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.prakaz.project.photogettr" = Bulkr
"FileAssociationManager" = File Association Manager
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCLIENT" = Norton Management
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Musicnotes Player_is1" = Musicnotes Player V1.32.2 and Viewer V1.19.0
"N360" = Norton 360
"PrintProjects" = PrintProjects
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2013 9:24:59 PM | Computer Name = Love | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fa64 Start
Time: 01cf00c38da673c9 Termination Time: 3044 Application Path: C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE Report Id: 56492f44-6d03-11e3-be98-642737f9b920

Faulting
package full name: Faulting package-relative application ID:

Error - 12/24/2013 9:27:18 PM | Computer Name = Love | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cf8 Start
Time: 01cefd9772074d4c Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe

Report
Id: 47c1f492-6d03-11e3-be98-642737f9b920 Faulting package full name: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe

Faulting
package-relative application ID: Microsoft.WindowsLive.Mail

Error - 12/25/2013 12:03:03 PM | Computer Name = Love | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d4b0 Start
Time: 01cf0184d319d24c Termination Time: 32 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 05bb4250-6d7e-11e3-be98-642737f9b920 Faulting package
full name: Faulting package-relative application ID:

Error - 12/25/2013 12:04:35 PM | Computer Name = Love | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c63c Start
Time: 01cf018aca8498a1 Termination Time: 46 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 3d63dba5-6d7e-11e3-be98-642737f9b920 Faulting package
full name: Faulting package-relative application ID:

Error - 12/25/2013 3:07:05 PM | Computer Name = Love | Source = .NET Runtime | ID = 1026
Description =

Error - 12/25/2013 3:07:08 PM | Computer Name = Love | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrcui.exe, version: 6.0.6308.28, time
stamp: 0x5226cda4 Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451,
time stamp: 0x50988aa6 Exception code: 0xe0434352 Fault offset: 0x000000000003811c
Faulting
process id: 0xd45c Faulting application start time: 0x01cf01a47daed56d Faulting application
path: C:\Program Files\My Dell\pcdrcui.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: bfcef3a1-6d97-11e3-be98-642737f9b920 Faulting package full name: Faulting package-relative
application ID:

Error - 12/25/2013 9:15:39 PM | Computer Name = Love | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: MSHTML.dll, version: 10.0.9200.16750,
time stamp: 0x5269d985 Exception code: 0xc0000005 Fault offset: 0x001f9d40 Faulting
process id: 0x128a4 Faulting application start time: 0x01cf01c47cc042ee Faulting
application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting
module path: C:\Windows\SYSTEM32\MSHTML.dll Report Id: 3a9abf39-6dcb-11e3-be98-642737f9b920
Faulting
package full name: Faulting package-relative application ID:

Error - 12/26/2013 4:23:36 AM | Computer Name = Love | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/26/2013 4:23:37 AM | Computer Name = Love | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15547

Error - 12/26/2013 4:23:37 AM | Computer Name = Love | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15547

Error - 12/26/2013 12:52:18 PM | Computer Name = Love | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 12/6/2013 12:00:37 PM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 12/7/2013 5:44:01 PM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 12/11/2013 12:10:00 AM | Computer Name = Love | Source = DCOM | ID = 10010
Description =

Error - 12/11/2013 12:10:00 AM | Computer Name = Love | Source = DCOM | ID = 10010
Description =

Error - 12/12/2013 6:19:41 PM | Computer Name = Love | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:04:12 PM on ?12/?12/?2013 was unexpected.

Error - 12/12/2013 6:20:28 PM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 12/13/2013 1:55:17 AM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 12/16/2013 1:57:31 PM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 12/20/2013 11:19:32 AM | Computer Name = Love | Source = Service Control Manager | ID = 7043
Description = The Windows Modules Installer service did not shut down properly after
receiving a preshutdown control.

Error - 12/20/2013 11:22:26 AM | Computer Name = Love | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.


< End of report >


---------------------------------------------------------------------------------


ADwcleaner sent me this error on starting:

Line 3945 (C:\Users\Mary\Desktop\AdwCleaner.exe 0 Error: subscript used with non-array variables.

-------------------------------------------------
The log report for AdwCleaner:

# AdwCleaner v3.016 - Report created 30/12/2013 at 20:27:48
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Mary - LOVE
# Running from : C:\Users\Mary\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\hymemkmm.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4909 octets] - [30/12/2013 19:26:19]
AdwCleaner[R1].txt - [4314 octets] - [30/12/2013 20:25:52]
AdwCleaner[S0].txt - [577 octets] - [30/12/2013 19:43:41]
AdwCleaner[S1].txt - [4120 octets] - [30/12/2013 20:27:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4180 octets] ##########

----------------------------------------------------------------------------
JRT log:


Error on starting:

x Exception EAccess violation in module ERUNT.exe at0003A38.
Access violation at address 00403A38 in module "ERUNT.EXE" read of address 0076005D

-----------------------------------------------------------------------------

Log file:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Mary on Mon 12/30/2013 at 20:47:10.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\hymemkmm.default\prefs.js

user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\
Emptied folder: C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\hymemkmm.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/30/2013 at 20:55:31.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I think I got all the logs you requested and answered the questions! I appreciate your assistance! :)

Edited by Bambi289, 30 December 2013 - 08:46 PM.

  • 0

#5
Bambi289

Bambi289

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
deleted this second post as it was a duplicate. :cool:

Edited by Bambi289, 30 December 2013 - 08:36 PM.

  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hello!

As I said before I like to take a deeper look into your system. Also, happy new Year and so sorry for the delay!

the random.exe file was gmer - I just renamed it as instructed before saving it to my desktop.

OK. From where did you got that instructions?

  • Step 1: FRST Run

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1


  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Right click on FRST64.exe and select Run as Administrator(depending on which version you downloaded) to run it.
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#7
Bambi289

Bambi289

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Mary (administrator) on LOVE on 01-01-2014 12:44:32
Running from C:\Users\Mary\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] - C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Administrator\...\Run: [Dell Audio] - [x]
HKU\Administrator\...\Run: [] - [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {EA33A3E5-AB0A-4A06-A611-1BF48D457D1B} URL = http://www.bing.com/...E10TR&pc=MDDCJS
SearchScopes: HKLM - {EA33A3E5-AB0A-4A06-A611-1BF48D457D1B} URL = http://www.bing.com/...E10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {EA33A3E5-AB0A-4A06-A611-1BF48D457D1B} URL = http://www.bing.com/...E10TR&pc=MDDCJS
SearchScopes: HKCU - {EA33A3E5-AB0A-4A06-A611-1BF48D457D1B} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\hymemkmm.default
FF Homepage: about:home
FF NetworkProxy: "type", ""
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Extension: ArcadeParlor - C:\Users\Mary\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
FF Extension: Lightbeam - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\hymemkmm.default\Extensions\jid1-F9UJ2thwoAm[email protected]
FF Extension: Google Image Search - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\hymemkmm.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2247992 2012-07-19] (Broadcom Corporation.)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [369152 2012-07-25] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16384 2012-07-25] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [34816 2012-07-25] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-25] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [168960 2012-07-25] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2012-07-25] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWow64\snmp.exe [45056 2012-07-25] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [164152 2012-07-19] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-29] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131231.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-25] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140101.001\ENG64.SYS [126040 2013-12-28] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140101.001\EX64.SYS [2099288 2013-12-28] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [x]
S3 btwaudio; \SystemRoot\system32\drivers\btwaudio.sys [x]
S3 btwavdt; \SystemRoot\System32\drivers\btwavdt.sys [x]
S3 btwl2cap; \SystemRoot\system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; \SystemRoot\System32\drivers\btwrchid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 12:44 - 2014-01-01 12:45 - 00014990 _____ C:\Users\Mary\Desktop\FRST.txt
2014-01-01 12:43 - 2014-01-01 12:43 - 01931302 _____ (Farbar) C:\Users\Mary\Desktop\FRST64.exe
2014-01-01 12:43 - 2014-01-01 12:43 - 00000000 ____D C:\FRST
2013-12-30 20:55 - 2013-12-30 20:55 - 00001161 _____ C:\Users\Mary\Desktop\JRT.txt
2013-12-30 20:43 - 2013-12-30 20:43 - 01034531 _____ (Thisisu) C:\Users\Mary\Desktop\JRT.exe
2013-12-30 19:26 - 2013-12-30 20:27 - 00000000 ____D C:\AdwCleaner
2013-12-30 19:25 - 2013-12-30 19:25 - 01233962 _____ C:\Users\Mary\Desktop\AdwCleaner.exe
2013-12-30 15:34 - 2013-12-30 15:34 - 00000000 ____D C:\_OTL
2013-12-29 19:07 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2013-12-29 19:07 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2013-12-29 19:06 - 2013-12-29 20:48 - 00000000 ____D C:\VIPRERESCUE
2013-12-29 18:26 - 2013-12-29 18:30 - 148119552 _____ C:\Users\Mary\Desktop\VIPRERescue24870.exe
2013-12-29 17:01 - 2013-12-29 17:10 - 00053310 _____ C:\Users\Mary\Desktop\Extras.Txt
2013-12-29 17:00 - 2013-12-29 17:09 - 00130260 _____ C:\Users\Mary\Desktop\OTL.Txt
2013-12-29 16:50 - 2013-12-29 16:50 - 00602112 _____ (OldTimer Tools) C:\Users\Mary\Desktop\3rd try otl.com
2013-12-29 16:41 - 2013-12-29 16:41 - 00602112 _____ (OldTimer Tools) C:\Users\Mary\Desktop\otl22222.scr
2013-12-29 16:34 - 2013-12-29 16:34 - 00602112 _____ (OldTimer Tools) C:\Users\Mary\Desktop\OTL.exe
2013-12-29 16:11 - 2013-12-29 16:11 - 00003201 _____ C:\Users\Mary\Desktop\Sophos Virus Removal Tool.lnk
2013-12-29 16:11 - 2013-12-29 16:11 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-12-29 16:11 - 2013-12-29 16:11 - 00000000 ____D C:\ProgramData\Sophos
2013-12-29 16:11 - 2013-12-29 16:11 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-12-29 16:09 - 2013-12-29 16:09 - 00000000 _____ C:\Users\Mary\Desktop\random.reg
2013-12-29 16:09 - 2013-12-29 16:09 - 00000000 _____ C:\Users\Mary\Desktop\random.bat
2013-12-29 16:05 - 2013-12-29 16:05 - 81357672 _____ (Sophos Limited) C:\Users\Mary\Desktop\sopotool.exe
2013-12-29 15:51 - 2013-12-29 15:51 - 582492442 _____ C:\Windows\MEMORY.DMP
2013-12-29 15:51 - 2013-12-29 15:51 - 00284496 _____ C:\Windows\Minidump\122913-35265-01.dmp
2013-12-29 15:51 - 2013-12-29 15:51 - 00000000 ____D C:\Windows\Minidump
2013-12-29 15:50 - 2013-12-29 15:50 - 00377856 _____ C:\Users\Mary\Desktop\random.exe
2013-12-29 14:49 - 2013-12-29 14:49 - 00000020 ___SH C:\Users\.NET v4.5.IIS APPPOOL\ntuser.ini
2013-12-29 14:49 - 2013-12-29 14:49 - 00000020 ___SH C:\Users\.NET v4.5 Classic.IIS APPPOOL\ntuser.ini
2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\.NET v4.5.IIS APPPOOL
2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\.NET v4.5 Classic.IIS APPPOOL
2013-12-29 14:49 - 2013-11-22 14:44 - 00000000 ____D C:\Users\.NET v4.5.IIS APPPOOL\AppData\Roaming\Macromedia
2013-12-29 14:49 - 2013-11-22 14:44 - 00000000 ____D C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Roaming\Macromedia
2013-12-29 14:49 - 2013-11-06 14:59 - 00002036 _____ C:\Users\.NET v4.5.IIS APPPOOL\AppData\Local\installer.log
2013-12-29 14:49 - 2013-11-06 14:59 - 00002036 _____ C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Local\installer.log
2013-12-29 14:49 - 2013-11-06 14:57 - 00000000 ____D C:\Users\.NET v4.5.IIS APPPOOL\AppData\Local\Eastman_Kodak_Company
2013-12-29 14:49 - 2013-11-06 14:57 - 00000000 ____D C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Local\Eastman_Kodak_Company
2013-12-29 14:49 - 2013-11-06 14:55 - 00800824 _____ (Microsoft Corporation) C:\Users\.NET v4.5.IIS APPPOOL\AppData\Roaming\DPInst.exe
2013-12-29 14:49 - 2013-11-06 14:55 - 00800824 _____ (Microsoft Corporation) C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Roaming\DPInst.exe
2013-12-29 14:49 - 2013-11-06 14:55 - 00106496 _____ (Microsoft Corporation) C:\Users\.NET v4.5.IIS APPPOOL\AppData\Roaming\gacutil.exe
2013-12-29 14:49 - 2013-11-06 14:55 - 00106496 _____ (Microsoft Corporation) C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Roaming\gacutil.exe
2013-12-29 14:49 - 2013-11-06 14:55 - 00036352 _____ (Microsoft Corporation) C:\Users\.NET v4.5.IIS APPPOOL\AppData\Roaming\PnPutil.exe
2013-12-29 14:49 - 2013-11-06 14:55 - 00036352 _____ (Microsoft Corporation) C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Roaming\PnPutil.exe
2013-12-29 14:49 - 2013-11-06 14:55 - 00000000 ____D C:\Users\.NET v4.5.IIS APPPOOL\AppData\Roaming\KODAK AiO Home Center1722268966
2013-12-29 14:49 - 2013-11-06 14:55 - 00000000 ____D C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Roaming\KODAK AiO Home Center1722268966
2013-12-29 14:49 - 2013-08-31 10:47 - 00000000 ___RD C:\Users\.NET v4.5.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-29 14:49 - 2013-08-31 10:47 - 00000000 ___RD C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-29 14:49 - 2013-08-31 10:46 - 00000000 ___RD C:\Users\.NET v4.5.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-29 14:49 - 2013-08-31 10:46 - 00000000 ___RD C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-29 14:49 - 2012-07-26 03:13 - 00000000 ___RD C:\Users\.NET v4.5.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-29 14:49 - 2012-07-26 03:13 - 00000000 ___RD C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-29 14:49 - 2012-07-26 03:13 - 00000000 ____D C:\Users\.NET v4.5.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-29 14:49 - 2012-07-26 03:13 - 00000000 ____D C:\Users\.NET v4.5 Classic.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-29 13:49 - 2013-12-29 13:49 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2013-12-29 12:43 - 2013-12-29 16:49 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-29 12:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-29 10:27 - 2013-12-29 10:28 - 00434392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 18:21 - 2013-12-28 18:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-25 15:26 - 2013-12-25 15:40 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Apple Computer
2013-12-25 15:26 - 2013-12-25 15:26 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-25 15:26 - 2013-12-25 15:26 - 00000000 ____D C:\Users\Mary\AppData\Local\Apple Computer
2013-12-25 15:25 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-12-25 15:21 - 2013-12-25 15:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-25 15:21 - 2013-12-25 15:25 - 00000000 ____D C:\Program Files\iTunes
2013-12-25 15:21 - 2013-12-25 15:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-25 15:21 - 2013-12-25 15:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-25 15:21 - 2013-12-25 15:21 - 00000000 ____D C:\Program Files\iPod
2013-12-25 15:20 - 2013-12-25 15:20 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-12-25 15:20 - 2013-12-25 15:20 - 00000000 ____D C:\Users\Mary\AppData\Local\Apple
2013-12-25 15:20 - 2013-12-25 15:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-25 15:18 - 2013-12-25 15:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-25 15:18 - 2013-12-25 15:18 - 00000000 ____D C:\Program Files\Bonjour
2013-12-25 15:18 - 2013-12-25 15:18 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-25 15:17 - 2013-12-25 15:19 - 00000000 ____D C:\ProgramData\Apple
2013-12-25 00:55 - 2013-12-25 00:55 - 00000215 _____ C:\Users\Mary\Desktop\Help Terry Taylor.url
2013-12-16 17:38 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-16 17:38 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-16 17:38 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-16 17:38 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-16 17:38 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-16 17:38 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-16 17:38 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-16 17:38 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-16 17:38 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-16 17:38 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-16 17:37 - 2013-10-25 01:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-16 17:37 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-16 17:37 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-16 17:37 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-16 17:37 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-16 17:37 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-16 17:37 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-16 17:37 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-16 17:37 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-16 17:37 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-16 17:37 - 2013-10-08 20:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-16 17:37 - 2013-10-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-12-16 17:37 - 2013-10-08 17:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-12-16 17:37 - 2013-10-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-12-16 17:37 - 2013-10-08 17:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-12-16 17:37 - 2013-10-08 17:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-16 17:37 - 2013-10-08 17:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-16 17:37 - 2013-10-08 17:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-16 17:37 - 2013-10-08 17:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-16 17:37 - 2013-10-08 17:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-12-16 17:37 - 2013-10-08 17:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-12-16 17:37 - 2013-10-08 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-16 17:37 - 2013-10-08 17:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-16 17:37 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-12-16 17:37 - 2013-10-03 17:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-12-16 17:37 - 2013-10-01 21:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-12-16 17:37 - 2013-09-28 00:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-16 17:37 - 2013-09-27 22:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-12-16 17:37 - 2013-09-19 02:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-16 17:37 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-12-16 17:37 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-12-16 17:37 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-12-16 17:37 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-12-16 17:36 - 2013-11-23 01:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-16 17:36 - 2013-11-23 00:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-16 17:36 - 2013-11-06 18:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-16 17:36 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-16 17:36 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-16 17:36 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-16 17:36 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-16 17:36 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-16 17:36 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-16 17:36 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-16 17:36 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-16 17:36 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-16 17:36 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-15 14:03 - 2014-01-01 02:07 - 00000278 _____ C:\Windows\Tasks\ArcadeParlor.job
2013-12-15 14:03 - 2013-12-15 14:03 - 00003110 _____ C:\Windows\System32\Tasks\ArcadeParlor
2013-12-15 14:03 - 2013-12-15 14:03 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
2013-12-15 14:02 - 2013-12-29 15:06 - 00000000 ____D C:\ProgramData\Yahoo!
2013-12-15 14:02 - 2013-12-15 14:02 - 00003544 _____ C:\Windows\System32\Tasks\FileAssociationManagerUpdater
2013-12-15 14:02 - 2013-12-15 14:02 - 00002153 _____ C:\Users\Public\Desktop\Expert PDF 7 Reader.lnk
2013-12-15 14:02 - 2013-12-15 14:02 - 00000000 ____D C:\ProgramData\Expert PDF Jobs
2013-12-15 14:02 - 2013-12-15 14:02 - 00000000 ____D C:\ProgramData\Expert PDF 7
2013-12-15 14:02 - 2013-12-15 14:02 - 00000000 ____D C:\ProgramData\Avanquest
2013-12-15 14:02 - 2013-12-15 14:02 - 00000000 ____D C:\Program Files (x86)\The Weather Channel
2013-12-15 14:02 - 2013-12-15 14:02 - 00000000 ____D C:\Program Files (x86)\Avanquest
2013-12-15 14:01 - 2013-12-15 14:03 - 00000000 ____D C:\Program Files (x86)\FileAssociationManager
2013-12-15 14:01 - 2013-12-15 14:01 - 00000000 ____D C:\Users\Mary\AppData\Roaming\FileAssociationManager
2013-12-15 14:01 - 2013-12-15 14:01 - 00000000 ____D C:\Users\Mary\AppData\Local\The Weather Channel
2013-12-15 13:20 - 2013-12-15 13:44 - 00000000 ____D C:\Users\Mary\Documents\Musicnotes
2013-12-15 13:20 - 2013-12-15 13:44 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Musicnotes
2013-12-15 13:20 - 2013-12-15 13:20 - 00001138 _____ C:\Users\Public\Desktop\Musicnotes Player.lnk
2013-12-15 13:20 - 2013-12-15 13:20 - 00000000 ____D C:\ProgramData\Musicnotes
2013-12-15 13:20 - 2013-12-15 13:20 - 00000000 ____D C:\Program Files\Musicnotes
2013-12-15 13:20 - 2013-12-15 13:20 - 00000000 ____D C:\Program Files (x86)\Musicnotes
2013-12-10 13:45 - 2013-12-10 13:45 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-10 13:28 - 2013-12-10 13:28 - 00053109 _____ C:\Users\Mary\Downloads\mime-attachment
2013-12-06 11:01 - 2013-12-03 19:53 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-06 11:01 - 2013-12-03 19:53 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-04 19:57 - 2013-07-24 18:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-12-04 19:57 - 2013-07-24 18:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-12-04 19:56 - 2013-10-10 06:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-12-04 19:56 - 2013-10-10 04:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-04 19:56 - 2013-10-10 04:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-12-04 19:56 - 2013-10-02 18:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-04 19:56 - 2013-10-01 18:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-04 19:56 - 2013-10-01 18:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-04 19:56 - 2013-10-01 17:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-04 19:56 - 2013-09-23 17:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-04 19:56 - 2013-09-23 17:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-04 19:56 - 2013-09-13 17:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-12-04 19:56 - 2013-09-13 17:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-12-04 19:56 - 2013-09-03 22:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-04 19:56 - 2013-08-30 00:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-12-04 19:56 - 2013-08-30 00:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-12-04 19:56 - 2013-08-29 18:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-12-04 19:56 - 2013-08-21 01:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-12-04 19:56 - 2013-08-10 01:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-12-04 19:56 - 2013-08-10 00:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-12-04 19:56 - 2013-08-09 22:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-12-04 19:56 - 2013-07-11 20:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-12-04 19:56 - 2013-07-11 20:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-12-04 19:55 - 2013-10-01 18:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-04 19:55 - 2013-10-01 18:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-04 19:55 - 2013-08-23 02:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-04 19:55 - 2013-08-22 20:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

==================== One Month Modified Files and Folders =======

2014-01-01 12:45 - 2014-01-01 12:44 - 00014990 _____ C:\Users\Mary\Desktop\FRST.txt
2014-01-01 12:45 - 2013-04-25 17:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 12:43 - 2014-01-01 12:43 - 01931302 _____ (Farbar) C:\Users\Mary\Desktop\FRST64.exe
2014-01-01 12:43 - 2014-01-01 12:43 - 00000000 ____D C:\FRST
2014-01-01 12:43 - 2013-10-23 21:25 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{24452329-D663-479D-9798-9E36582FA802}
2014-01-01 12:43 - 2013-04-20 21:37 - 00000000 ____D C:\Users\Mary\AppData\Local\CrashDumps
2014-01-01 12:38 - 2013-04-16 13:22 - 01272365 _____ C:\Windows\WindowsUpdate.log
2014-01-01 12:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-01 02:07 - 2013-12-15 14:03 - 00000278 _____ C:\Windows\Tasks\ArcadeParlor.job
2013-12-31 21:53 - 2012-11-15 09:59 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-12-31 21:49 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\NDF
2013-12-31 21:43 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\inetsrv
2013-12-31 21:41 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-31 19:27 - 2012-07-26 02:28 - 00949944 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-31 19:23 - 2013-04-20 14:45 - 00000000 ____D C:\Users\Mary\AppData\Local\softthinks
2013-12-30 23:51 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-30 20:55 - 2013-12-30 20:55 - 00001161 _____ C:\Users\Mary\Desktop\JRT.txt
2013-12-30 20:43 - 2013-12-30 20:43 - 01034531 _____ (Thisisu) C:\Users\Mary\Desktop\JRT.exe
2013-12-30 20:27 - 2013-12-30 19:26 - 00000000 ____D C:\AdwCleaner
2013-12-30 19:25 - 2013-12-30 19:25 - 01233962 _____ C:\Users\Mary\Desktop\AdwCleaner.exe
2013-12-30 16:13 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2013-12-30 15:41 - 2013-04-16 13:21 - 00000000 ____D C:\Users\Mary
2013-12-30 15:34 - 2013-12-30 15:34 - 00000000 ____D C:\_OTL
2013-12-29 20:48 - 2013-12-29 19:06 - 00000000 ____D C:\VIPRERESCUE
2013-12-29 19:03 - 2013-04-20 17:32 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-744825404-3774847557-1324005263-1001
2013-12-29 18:30 - 2013-12-29 18:26 - 148119552 _____ C:\Users\Mary\Desktop\VIPRERescue24870.exe
2013-12-29 17:10 - 2013-12-29 17:01 - 00053310 _____ C:\Users\Mary\Desktop\Extras.Txt
2013-12-29 17:09 - 2013-12-29 17:00 - 00130260 _____ C:\Users\Mary\Desktop\OTL.Txt
2013-12-29 16:50 - 2013-12-29 16:50 - 00602112 _____ (OldTimer Tools) C:\Users\Mary\Desktop\3rd try otl.com
2013-12-29 16:49 - 2013-12-29 12:43 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-29 16:49 - 2013-09-22 20:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-29 16:41 - 2013-12-29 16:41 - 00602112 _____ (OldTimer Tools) C:\Users\Mary\Desktop\otl22222.scr
2013-12-29 16:34 - 2013-12-29 16:34 - 00602112 _____ (OldTimer Tools) C:\Users\Mary\Desktop\OTL.exe
2013-12-29 16:11 - 2013-12-29 16:11 - 00003201 _____ C:\Users\Mary\Desktop\Sophos Virus Removal Tool.lnk
2013-12-29 16:11 - 2013-12-29 16:11 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-12-29 16:11 - 2013-12-29 16:11 - 00000000 ____D C:\ProgramData\Sophos
2013-12-29 16:11 - 2013-12-29 16:11 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-12-29 16:09 - 2013-12-29 16:09 - 00000000 _____ C:\Users\Mary\Desktop\random.reg
2013-12-29 16:09 - 2013-12-29 16:09 - 00000000 _____ C:\Users\Mary\Desktop\random.bat
2013-12-29 16:05 - 2013-12-29 16:05 - 81357672 _____ (Sophos Limited) C:\Users\Mary\Desktop\sopotool.exe
2013-12-29 15:51 - 2013-12-29 15:51 - 582492442 _____ C:\Windows\MEMORY.DMP
2013-12-29 15:51 - 2013-12-29 15:51 - 00284496 _____ C:\Windows\Minidump\122913-35265-01.dmp
2013-12-29 15:51 - 2013-12-29 15:51 - 00000000 ____D C:\Windows\Minidump
2013-12-29 15:51 - 2013-11-05 17:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-29 15:51 - 2012-11-15 11:30 - 00099700 _____ C:\Windows\PFRO.log
2013-12-29 15:50 - 2013-12-29 15:50 - 00377856 _____ C:\Users\Mary\Desktop\random.exe
2013-12-29 15:06 - 2013-12-15 14:02 - 00000000 ____D C:\ProgramData\Yahoo!
2013-12-29 14:52 - 2013-10-12 12:09 - 00000000 ____D C:\ProgramData\Kodak
2013-12-29 14:50 - 2013-08-29 00:45 - 00102730 _____ C:\Windows\iis.log
2013-12-29 14:49 - 2013-12-29 14:49 - 00000020 ___SH C:\Users\.NET v4.5.IIS APPPOOL\ntuser.ini
2013-12-29 14:49 - 2013-12-29 14:49 - 00000020 ___SH C:\Users\.NET v4.5 Classic.IIS APPPOOL\ntuser.ini
2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\.NET v4.5.IIS APPPOOL
2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\.NET v4.5 Classic.IIS APPPOOL
2013-12-29 14:49 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\registration
2013-12-29 14:48 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2013-12-29 13:49 - 2013-12-29 13:49 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2013-12-29 10:30 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-29 10:28 - 2013-12-29 10:27 - 00434392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 18:22 - 2013-12-28 18:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-26 11:51 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-25 15:40 - 2013-12-25 15:26 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Apple Computer
2013-12-25 15:26 - 2013-12-25 15:26 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-25 15:26 - 2013-12-25 15:26 - 00000000 ____D C:\Users\Mary\AppData\Local\Apple Computer
2013-12-25 15:25 - 2013-12-25 15:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-25 15:25 - 2013-12-25 15:21 - 00000000 ____D C:\Program Files\iTunes
2013-12-25 15:25 - 2013-12-25 15:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-25 15:21 - 2013-12-25 15:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-25 15:21 - 2013-12-25 15:21 - 00000000 ____D C:\Program Files\iPod
2013-12-25 15:20 - 2013-12-25 15:20 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-12-25 15:20 - 2013-12-25 15:20 - 00000000 ____D C:\Users\Mary\AppData\Local\Apple
2013-12-25 15:20 - 2013-12-25 15:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-25 15:19 - 2013-12-25 15:17 - 00000000 ____D C:\ProgramData\Apple
2013-12-25 15:18 - 2013-12-25 15:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-25 15:18 - 2013-12-25 15:18 - 00000000 ____D C:\Program Files\Bonjour
2013-12-25 15:18 - 2013-12-25 15:18 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-25 00:55 - 2013-12-25 00:55 - 00000215 _____ C:\Users\Mary\Desktop\Help Terry Taylor.url
2013-12-24 12:23 - 2013-11-29 18:58 - 00000157 _____ C:\Windows\SysWOW64\SystemPreferences.xml
2013-12-20 00:46 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-17 12:01 - 2013-08-29 17:54 - 00000000 ____D C:\Windows\system32\MRT
2013-12-17 11:56 - 2013-04-20 21:49 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-17 11:55 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\system32\oobe
2013-12-15 14:03 - 2013-12-15 14:03 - 00003110 _____ C:\Windows\System32\Tasks\ArcadeParlor
2013-12-15 14:03 - 2013-12-15 14:03 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
2013-12-15 14:03 - 2013-12-15 14:01 - 00000000 ____D C:\Program Files (x86)\FileAssociationManager
2013-12-15 14:02 - 2013-12-15 14:02 - 00003544 _____ C:\Windows\System32\Tasks\FileAssociationManagerUpdater
2013-12-15 14:02 - 2013-12-15 14:02 - 00002153 _____ C:\Users\Public\Desktop\Expert PDF 7 Reader.lnk
2013-12-15 14:02 - 2013-12-15 14:02 - 00000000 ____D C:\ProgramData\Expert PDF Jobs
2013-12-15 14:02 - 2013-12-15 14:02 - 00000000 ____D C:\ProgramData\Expert PDF 7
2013-12-15 14:02 - 2013-12-15 14:02 - 00000000 ____D C:\ProgramData\Avanquest
2013-12-15 14:02 - 2013-12-15 14:02 - 00000000 ____D C:\Program Files (x86)\The Weather Channel
2013-12-15 14:02 - 2013-12-15 14:02 - 00000000 ____D C:\Program Files (x86)\Avanquest
2013-12-15 14:02 - 2012-11-15 09:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-15 14:01 - 2013-12-15 14:01 - 00000000 ____D C:\Users\Mary\AppData\Roaming\FileAssociationManager
2013-12-15 14:01 - 2013-12-15 14:01 - 00000000 ____D C:\Users\Mary\AppData\Local\The Weather Channel
2013-12-15 13:44 - 2013-12-15 13:20 - 00000000 ____D C:\Users\Mary\Documents\Musicnotes
2013-12-15 13:44 - 2013-12-15 13:20 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Musicnotes
2013-12-15 13:24 - 2012-07-26 02:21 - 00027411 _____ C:\Windows\setupact.log
2013-12-15 13:20 - 2013-12-15 13:20 - 00001138 _____ C:\Users\Public\Desktop\Musicnotes Player.lnk
2013-12-15 13:20 - 2013-12-15 13:20 - 00000000 ____D C:\ProgramData\Musicnotes
2013-12-15 13:20 - 2013-12-15 13:20 - 00000000 ____D C:\Program Files\Musicnotes
2013-12-15 13:20 - 2013-12-15 13:20 - 00000000 ____D C:\Program Files (x86)\Musicnotes
2013-12-10 13:45 - 2013-12-10 13:45 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-10 13:45 - 2013-04-25 17:09 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 13:28 - 2013-12-10 13:28 - 00053109 _____ C:\Users\Mary\Downloads\mime-attachment
2013-12-05 23:45 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ToastData
2013-12-05 23:45 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\WinStore
2013-12-05 10:12 - 2013-11-05 22:19 - 00000000 ____D C:\Users\Mary\AppData\Local\Adobe
2013-12-03 19:53 - 2013-12-06 11:01 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-03 19:53 - 2013-12-06 11:01 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Mary\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by Mary at 2014-01-01 12:45:35
Running from C:\Users\Mary\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name)
Amazon Browser App (x32 Version: 1.0.0.0 - Amazon)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bulkr (x32 Version: 1.6 - Prakash Bajracharya)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic)
CWA Reminder by We-Care.com v4.1.24.3 (x32 Version: 4.1.24.3 - We-Care.com)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.)
CyberLink Media Suite Essentials (x32 Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)
Dell Backup and Recovery - Support Software (x32 Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (x32 Version: 1.0.0.2 - Dell Inc.)
Dell Product Registration (x32 Version: 1.16.1 - Dell Inc.)
Dell Touchpad (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
DW WLAN Card (Version: 6.30.59.26 - Dell Inc.)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company)
Expert PDF 7 Reader (x32 Version: 7.0.1370.0 - Avanquest software)
File Association Manager (x32 Version: 0.5 - Amnis Technology Ltd)
Intel® Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.2849 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company)
KODAK AiO Software (x32 Version: 7.7.6.0 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft)
Musicnotes Player V1.32.2 and Viewer V1.19.0 (x32 Version: 1.32.2 - Musicnotes Inc.)
My Dell (Version: 3.4.6308.28 - PC-Doctor, Inc.)
Norton 360 (x32 Version: 21.1.0.18 - Symantec Corporation)
Norton Management (x32 Version: 3.2.2.12 - Symantec Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company)
PrintProjects (x32 Version: 1.0.0.9282 - RocketLife Inc.)
Quickset64 (Version: 11.1.003 - Dell Inc.)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Sophos Virus Removal Tool (x32 Version: 2.4 - Sophos Limited)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Restore Points =========================

17-12-2013 16:53:23 Windows Update
24-12-2013 19:50:14 Scheduled Checkpoint
25-12-2013 20:20:40 Installed iTunes
29-12-2013 19:48:02 Windows Modules Installer
30-12-2013 20:34:21 OTL Restore Point - 12/30/2013 3:34:18 PM

==================== Hosts content: ==========================

2012-07-26 00:26 - 2013-12-30 15:37 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {4560F1D4-329F-483E-A7AD-9A593FCFC79C} - System32\Tasks\ArcadeParlor => C:\Users\Mary\AppData\Local\ArcadeParlor\versioncheck.exe
Task: {5FB09190-A30D-4464-A3D6-E5029A930D09} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {6F21010F-6148-4D37-AA5E-4EA5475F7BE8} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {70177773-6E2E-40A6-8AF1-0B5D0BF4EAF4} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {7BADED35-FE77-4E80-9E66-F143223140A0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {85C5F01A-CF63-428F-825E-536FB39DF54F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B8D68AD9-573E-4DD5-BB42-91DE68920F18} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {C2D5C99E-CA29-498B-B3E8-74836A8BAEAE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CCCBB64B-C81C-4241-B9D0-9030CEB30845} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {DBCB42D5-224B-48F1-9550-AF13B3B516CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DE15037B-8FEB-48F4-BEBA-645E22297ABF} - System32\Tasks\FileAssociationManagerUpdater => C:\Program Files (x86)\FileAssociationManager\Updater.exe [2013-10-03] ()
Task: {E05B881D-DCF4-42D9-BB09-309F85B85DBA} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4A8B77B-64AB-4063-B0D9-204CA8FD69CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {FA352DB5-4623-494A-9A71-88A2AC16A4D7} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ArcadeParlor.job => C:\Users\Mary\AppData\Local\ArcadeParlor\versioncheck.exe

==================== Loaded Modules (whitelisted) =============

2012-07-26 02:55 - 2012-07-26 02:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-31 12:44 - 2013-08-31 12:44 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\d4b49cde56288aa4c132208d7aba2a82\PSIClient.ni.dll
2012-11-15 09:42 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-11-15 09:59 - 2012-09-12 22:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2012-11-15 09:59 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2012-11-15 09:59 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2012-11-15 09:51 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2014 00:43:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x0005682b
Faulting process id: 0x584
Faulting application start time: 0xERUNT.exe0
Faulting application path: ERUNT.exe1
Faulting module path: ERUNT.exe2
Report Id: ERUNT.exe3
Faulting package full name: ERUNT.exe4
Faulting package-relative application ID: ERUNT.exe5

Error: (12/31/2013 10:10:08 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14c0

Start Time: 01cf069c38e1f7a9

Termination Time: 47

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 353c8253-7292-11e3-bea3-642737f9b920

Faulting package full name:

Faulting package-relative application ID:

Error: (12/31/2013 09:41:16 PM) (Source: CirrusAudioService) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
at CirrusService.ServiceContractImpl..ctor()
at CirrusService.CirrusService.CreateServiceHost()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/31/2013 10:20:30 AM) (Source: CirrusAudioService) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
at CirrusService.ServiceContractImpl..ctor()
at CirrusService.CirrusService.CreateServiceHost()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2013 11:37:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537, time stamp: 0x512347f7
Faulting module name: MSHTML.dll, version: 10.0.9200.16750, time stamp: 0x5269d985
Exception code: 0xc0000005
Fault offset: 0x004c2176
Faulting process id: 0x12b8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/30/2013 10:27:33 PM) (Source: CirrusAudioService) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
at CirrusService.ServiceContractImpl..ctor()
at CirrusService.CirrusService.CreateServiceHost()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2013 09:30:37 PM) (Source: CirrusAudioService) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
at CirrusService.ServiceContractImpl..ctor()
at CirrusService.CirrusService.CreateServiceHost()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (12/31/2013 09:41:18 PM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (12/31/2013 09:40:53 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:30:30 PM on ‎12/‎31/‎2013 was unexpected.

Error: (12/31/2013 10:20:34 AM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (12/30/2013 10:27:36 PM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (12/30/2013 09:30:47 PM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (12/30/2013 09:30:16 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:20:03 PM on ‎12/‎30/‎2013 was unexpected.


Microsoft Office Sessions:
=========================
Error: (01/01/2014 00:43:52 PM) (Source: Application Error)(User: )
Description: ERUNT.exe0.0.0.02a425e19ntdll.dll6.2.9200.16578515fac6ec00000050005682b58401cf0719083aa761C:\Windows\ERUNT.exeC:\Windows\SYSTEM32\ntdll.dll4692decf-730c-11e3-bea3-642737f9b920

Error: (12/31/2013 10:10:08 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1653714c001cf069c38e1f7a947C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE353c8253-7292-11e3-bea3-642737f9b920

Error: (12/31/2013 09:41:16 PM) (Source: CirrusAudioService)(User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
at CirrusService.ServiceContractImpl..ctor()
at CirrusService.CirrusService.CreateServiceHost()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/31/2013 10:20:30 AM) (Source: CirrusAudioService)(User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
at CirrusService.ServiceContractImpl..ctor()
at CirrusService.CirrusService.CreateServiceHost()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2013 11:37:32 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7MSHTML.dll10.0.9200.167505269d985c0000005004c217612b801cf05d8e926def0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MSHTML.dll42ead3f7-71d5-11e3-bea1-642737f9b920

Error: (12/30/2013 10:27:33 PM) (Source: CirrusAudioService)(User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
at CirrusService.ServiceContractImpl..ctor()
at CirrusService.CirrusService.CreateServiceHost()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2013 09:30:37 PM) (Source: CirrusAudioService)(User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
at CirrusService.ServiceContractImpl..ctor()
at CirrusService.CirrusService.CreateServiceHost()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


CodeIntegrity Errors:
===================================
Date: 2013-12-16 16:44:21.446
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2013-12-16 16:39:40.863
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2013-12-16 16:38:24.124
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2013-12-16 16:37:58.998
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2013-12-16 16:37:01.823
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2013-11-17 20:55:18.876
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2013-11-13 17:46:44.364
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2013-11-05 15:36:23.937
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2013-11-05 14:54:52.506
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2013-10-29 11:26:40.614
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe with signing level Unsigned while the system requires signing level 6 or better to load.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3959.09 MB
Available physical RAM: 2306.71 MB
Total Pagefile: 7927.09 MB
Available Pagefile: 5909.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:457.42 GB) (Free:412.59 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.2 GB) (Free:0.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: ECAE527E)

Partition: GPT Partition Type
==================== End Of Log ============================
  • 0

#8
Bambi289

Bambi289

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Update:

Everyday my computer still "freezes" and Explorer "stops" and web pages "not responding. It happens about once every two hours. Several times a day. sometimes I also loose sound altogether. Usually if I am sending an email ( if it is important ) my internet connection gets mysteriously disconnected. I used to put airplane mode on for a few seconds and then reconnect but that no longer works. I have to totally restart the computer and run the network diagnostics. The "on" switch for the wireless network no longer works.

Example of my email problems.
I copied my long post yesterday and pasted it into and email just in case I had the predictable interrupts of service. I sent the email to myself. It said 'Sent' - now it is nowhere - not in my sent file, not in my inbox and no where. (

The computer security specialist I was working with a wihle back said my ex ( stalker ) is using the computer to monitor and have "access" to all my information. I wonder if the sound problems are relative to him using the computer with a backdoor Trojan? to listen in on my conversations.. ?

Again he is a high level sales person in "intrusion" - monitoring, surveillance, and control - of multi-million dollar companies computer systems and information and employees... He has worked at Eset, Sophos, NetForensics, Trigeo, Pragmatec ( now Kadient) and he will be amused at your efforts to help me.. :(

I sincerely appreciate the assistance.

Edited by Bambi289, 01 January 2014 - 04:06 PM.

  • 0

#9
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
  • Step 1: TFC

Download TFC to your desktop
  • Right click on the TFC icon and select Run as Administrator
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

  • Step 2: FRST Fix

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64.exe and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

  • Step 3: Malwarebytes

  • Right click on the Malwarebytes Icon and select Run as Administrator
  • Go to the tab called Update and click on Check for Updates
  • Then go to the tab called Scanner, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

  • Step 4: ESET

ESET Online Scanner

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here

How to do this?

  • Visit this website here
  • You will see a screen like this:


    Posted Image

    • Click Run ESET Online Scanner

      Posted Image
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      Posted Image
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      Posted Image
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

      Posted Image
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
    • ESET Online Scanner

  • Step 5: Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Right click on SecurityCheck.exe and select Run as Administrator - follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Attached Files


  • 0

#10
Bambi289

Bambi289

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am still here. I keep having trouble with the computer. It keeps loosing the internet or freezing when I am trying to follow your instructions.
I got the TFC done and am running the FRST64.EXE. These files were not "links" in this thread I had to find them and downloaded tham from bleeping computer. The first download of FRST64.EXE said it was not compatible. I tried another time and got this error:

Application Error:
Exception EAccess violation in module ERUNT.EXE at 00003A62
Access violation at address 00403A62 in module "ERUNT.EXE"
Read of address 006F004E

Will send results ASAP.

You do realize he used to work at Eset as a top sales executive?
  • 0

Advertisements


#11
Bambi289

Bambi289

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014
Ran by Mary at 2014-01-04 16:22:36 Run:1
Running from C:\Users\Mary\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\Administrator\...\Run: [] - [x]
C:\Windows\Tasks\ArcadeParlor.job
C:\Windows\System32\Tasks\ArcadeParlor
C:\Users\Mary\AppData\Local\ArcadeParlor
*****************

HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Windows\Tasks\ArcadeParlor.job => Moved successfully.
C:\Windows\System32\Tasks\ArcadeParlor => Moved successfully.
"C:\Users\Mary\AppData\Local\ArcadeParlor" => File/Directory not found.

==== End of Fixlog ====
  • 0

#12
Bambi289

Bambi289

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Malwarebytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.04.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Mary :: LOVE [administrator]

1/4/2014 4:25:03 PM
mbam-log-2014-01-04 (16-25-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 412759
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#13
Bambi289

Bambi289

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Trying to download Eset -- on step 2 I got UNEXPECTED ERROR ( In red ) nothing else.. it stopped.

Edited by Bambi289, 04 January 2014 - 03:45 PM.

  • 0

#14
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

Trying to download Eset -- on step 2 I got UNEXPECTED ERROR ( In red ) nothing else.. it stopped.

Make sure you are connected to the Internet. At which step exactly does this error pop up? Can you make a screenshot?
  • 0

#15
Bambi289

Bambi289

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
◦A Window will open (see above) - please click on the link

◦A window will pop up - please download the file to your Desktop

◦When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)


When I try to install-- it doesn't do this. It just runs. I am not given an option to save to my desktop so I cannot access the option to "run as administrator. I did run it twice and both times it disappeared so I was not able to follow the instructed steps through to the end. While running it had found one thread hiddenstart.A. -- I am going to try it again..
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP