Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer will not download ANYTHING!

Started by Lauriek1970 , Aug 30 2013 03:37 PM

  • Please log in to reply

#31
Lauriek1970
Posted 04 September 2013 - 12:15 PM

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
They're not hidden
  • 0

Advertisements

#32
RKinner
Posted 04 September 2013 - 12:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If they are not hidden then they are probably on the wrong desktop. Each user account has its own desktop. Copy then next line:

cd %userprofile%

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. The prompt should change to the current user. C:\Users\"CurrentUser"

What does it say for CurrentUser?
  • 0

#33
Lauriek1970
Posted 04 September 2013 - 12:32 PM

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
It says C:\Users\Mary's
  • 0

#34
Lauriek1970
Posted 04 September 2013 - 12:37 PM

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Ok, I don't know how to get to the Run Fix log. It's not there. The three txt files all were created at 8:57 this morning. There is a file with a magnifying glass symbol but it won't open.
  • 0

#35
Lauriek1970
Posted 04 September 2013 - 12:40 PM

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
oh my gosh, you're right. I just switched users and all recent downloads are on the desktop. How do I switch them?
  • 0

#36
RKinner
Posted 04 September 2013 - 12:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Right now IE appears to be saving files to the wrong desktop. Let's see if we can copy the files to your desktop:

Copy the next line:

copy \Users\Servpro\Desktop\*.* \Users\Mary's\desktop\

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter.

Copy the next line:

copy \Users\Servpro\Desktop\*.* \Users\Mary's\desktop\

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter.

The next time you download something type in

\Users\Mary's\desktop\
followed by the filename then hit Enter and it should save it directly to your desktop.
  • 0

#37
Lauriek1970
Posted 04 September 2013 - 12:59 PM

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Ok, I got all of the files onto my current desktop. I still don't know how to access the Run Fix log because I still can't find it. Unfortunately, I'm off work early today so I will have to check to see what to do next in the morning. Thanks, hope the rest of your day is fab!!!
Laurie
  • 0

#38
RKinner
Posted 04 September 2013 - 01:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We don't really need the Run Fix log as long as it appeared to run ok. When you get in, just make a new OTL:

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#39
Lauriek1970
Posted 05 September 2013 - 09:11 AM

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Good morning,
Here is the log

OTL logfile created on: 9/5/2013 8:00:50 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary's\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.07% Memory free
3.93 Gb Paging File | 2.36 Gb Available in Paging File | 60.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 90.05 Gb Free Space | 67.04% Space Free | Partition Type: NTFS
Drive D: | 271.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.45 Gb Total Space | 6.98 Gb Free Space | 93.63% Space Free | Partition Type: FAT32

Computer Name: MARYS-PC | User Name: Mary's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/03 09:25:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary's\Desktop\OTL.com
PRC - [2013/03/13 06:26:52 | 003,845,464 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2013/03/13 06:26:52 | 001,319,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2013/03/13 06:26:50 | 002,511,192 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2013/03/13 06:26:46 | 002,613,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2012/09/06 21:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 21:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/06/06 15:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2011/09/21 17:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
PRC - [2011/09/07 10:59:00 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Users\Mary's\AppData\Local\CrossLoop\CrossLoopService.exe
PRC - [2011/03/15 14:02:05 | 000,901,600 | ---- | M] () -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/14 14:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/14 12:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009/08/26 15:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009/08/14 11:30:56 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/07/27 11:18:02 | 000,134,656 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/11 20:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/06/11 17:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/07 15:50:23 | 000,036,352 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2012/06/14 03:33:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:33:04 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 03:42:24 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 03:38:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:38:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:38:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:38:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/03/15 14:02:05 | 000,901,600 | ---- | M] () -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
MOD - [2010/02/11 13:04:45 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll
MOD - [2010/02/11 13:04:45 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2009/07/27 11:15:32 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/06/03 11:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008/11/12 12:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll


========== Services (SafeList) ==========

SRV - [2013/08/20 12:30:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/13 06:26:52 | 001,319,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/09/21 17:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe -- (N360)
SRV - [2011/09/07 10:59:00 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Users\Mary's\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/09/14 12:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/25 17:09:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/11 17:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/06/03 11:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV - [2013/07/30 03:15:46 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130730.003\navex15.sys -- (NAVEX15)
DRV - [2013/07/30 03:15:46 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130730.003\naveng.sys -- (NAVENG)
DRV - [2013/07/19 17:13:40 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20130730.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/03/13 06:15:48 | 000,028,416 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\monblanking.sys -- (monblanking)
DRV - [2012/07/31 17:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/31 17:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/21 17:40:13 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\cchpx86.sys -- (ccHP)
DRV - [2011/09/21 17:40:13 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\symtdi.sys -- (SYMTDI)
DRV - [2011/09/21 17:40:13 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0308030.006\symfw.sys -- (SYMFW)
DRV - [2011/09/21 17:40:13 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0308030.006\symndisv.sys -- (SYMNDISV)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/24 12:43:49 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/24 12:43:42 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0308030.006\SymEFA.sys -- (SymEFA)
DRV - [2010/02/24 12:43:42 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0308030.006\srtsp.sys -- (SRTSP)
DRV - [2010/02/24 12:43:42 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/24 12:43:42 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\srtspx.sys -- (SRTSPX)
DRV - [2010/02/24 12:43:42 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/09/04 10:35:00 | 002,747,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/07/27 11:17:56 | 000,200,192 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 17:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/06/20 05:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/05/11 10:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2005/06/20 10:12:00 | 000,215,040 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0805CFF4-599A-4BF8-8FE9-608B2D364D7F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.sso.serv...MTcyLjEuMS4xMjI
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/11 10:24:17 | 000,000,000 | ---D | M]

[2012/09/26 10:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\google\chrome\application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Mary's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mary's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Mary's\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Gmail = C:\Users\Mary's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [BIBLauncher] C:\Program Files\Business-in-a-Box\BIBLauncher.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EADCC00-63D2-4599-9C98-1BB5A1240CC5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE20CC82-747C-4D7F-8B76-7BCE8C73CFAA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/03/28 07:50:44 | 000,000,000 | ---D | M] - D:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [2007/10/09 08:30:04 | 000,000,078 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{79508d84-1757-11df-ab73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{79508d84-1757-11df-ab73-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun\ShelExec.exe index.html
O33 - MountPoints2\{aa1f35bc-30c4-11e1-b712-002564b7421a}\Shell - "" = AutoRun
O33 - MountPoints2\{aa1f35bc-30c4-11e1-b712-002564b7421a}\Shell\AutoRun\command - "" = E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
O33 - MountPoints2\{aa1f35c8-30c4-11e1-b712-002564b7421a}\Shell - "" = AutoRun
O33 - MountPoints2\{aa1f35c8-30c4-11e1-b712-002564b7421a}\Shell\AutoRun\command - "" = E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/04 11:56:55 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Users\Mary's\Desktop\NPE.exe
[2013/09/04 11:56:55 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mary's\Desktop\tdsskiller.exe
[2013/09/04 11:56:55 | 001,069,208 | ---- | C] (InstallManager) -- C:\Users\Mary's\Desktop\Setup.exe
[2013/09/04 11:56:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mary's\Desktop\OTL.com
[2013/09/04 11:56:54 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Mary's\Desktop\aswmbr.exe
[2013/09/04 11:56:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Users\Mary's\Desktop\dbmsadsn.dll
[2013/09/04 10:46:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/03 15:23:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/03 13:09:27 | 000,000,000 | ---D | C] -- C:\Users\Mary's\Desktop\AdwCleaner
[2013/09/03 09:19:06 | 000,000,000 | ---D | C] -- C:\Users\Mary's\Temp2
[2013/08/29 15:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SERVPRO Office Automation Software
[2013/08/29 15:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sagekey Software
[2013/08/29 15:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\ManagER
[2013/08/19 15:43:57 | 000,000,000 | ---D | C] -- C:\Users\Mary's\AppData\Local\NPE
[2013/08/16 14:50:36 | 000,000,000 | ---D | C] -- C:\Users\Mary's\AppData\Local\Intel
[2012/09/06 14:15:16 | 000,693,648 | ---- | C] (MindSpark) -- C:\Program Files\12Uninstall My Scrap Nook.dll

========== Files - Modified Within 30 Days ==========

[2013/09/05 07:58:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/05 07:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/04 19:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/04 11:42:37 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/04 11:42:37 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/04 11:35:37 | 000,000,000 | ---- | M] () -- C:\Users\Mary's\AppData\Local\WavXMapDrive.bat
[2013/09/04 11:35:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/04 11:35:19 | 1582,022,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/04 11:13:53 | 000,000,309 | ---- | M] () -- C:\Users\Mary's\Desktop\Show_Desktop_Icons.bat
[2013/09/03 14:19:58 | 000,000,476 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/09/03 14:11:10 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Users\Mary's\Desktop\dbmsadsn.dll
[2013/09/03 14:04:16 | 032,860,159 | ---- | M] ( ) -- C:\Users\Mary's\Desktop\soaupdate.exe
[2013/09/03 13:43:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mary's\Desktop\tdsskiller.exe
[2013/09/03 13:27:19 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mary's\Desktop\aswmbr.exe
[2013/09/03 13:18:35 | 001,037,222 | ---- | M] () -- C:\Users\Mary's\Desktop\AdwCleaner.exe
[2013/09/03 13:06:53 | 001,069,208 | ---- | M] (InstallManager) -- C:\Users\Mary's\Desktop\Setup.exe
[2013/09/03 09:25:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mary's\Desktop\OTL.com
[2013/08/30 11:02:03 | 000,001,130 | ---- | M] () -- C:\Users\Mary's\Desktop\Continue Zip Opener Installation.lnk
[2013/08/29 15:41:40 | 000,001,096 | ---- | M] () -- C:\Users\Mary's\Desktop\Servpro stuff.zip
[2013/08/29 15:35:06 | 000,002,038 | ---- | M] () -- C:\Users\Mary's\Desktop\Servpro stuff.lnk
[2013/08/29 15:03:45 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Users\Mary's\Desktop\NPE.exe
[2013/08/29 14:59:39 | 000,002,203 | ---- | M] () -- C:\Users\Mary's\Desktop\Google Chrome.lnk
[2013/08/29 13:30:52 | 000,002,227 | ---- | M] () -- C:\Users\Mary's\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/20 12:30:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/20 12:30:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/14 12:06:27 | 000,631,208 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/14 12:06:27 | 000,109,326 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/14 11:24:43 | 000,042,652 | ---- | M] () -- C:\Users\Mary's\Desktop\SERVPRO%20Eployment%20Application%20-%2031808%20-%2001-10.pdf

========== Files Created - No Company Name ==========

[2013/09/04 11:56:55 | 032,860,159 | ---- | C] ( ) -- C:\Users\Mary's\Desktop\soaupdate.exe
[2013/09/04 11:56:55 | 000,042,652 | ---- | C] () -- C:\Users\Mary's\Desktop\SERVPRO%20Eployment%20Application%20-%2031808%20-%2001-10.pdf
[2013/09/04 11:56:55 | 000,002,203 | ---- | C] () -- C:\Users\Mary's\Desktop\Google Chrome.lnk
[2013/09/04 11:56:54 | 001,037,222 | ---- | C] () -- C:\Users\Mary's\Desktop\AdwCleaner.exe
[2013/09/04 11:56:54 | 000,001,130 | ---- | C] () -- C:\Users\Mary's\Desktop\Continue Zip Opener Installation.lnk
[2013/09/04 11:13:49 | 000,000,309 | ---- | C] () -- C:\Users\Mary's\Desktop\Show_Desktop_Icons.bat
[2013/08/29 15:41:40 | 000,001,096 | ---- | C] () -- C:\Users\Mary's\Desktop\Servpro stuff.zip
[2013/07/30 15:50:02 | 000,316,553 | ---- | C] () -- C:\Users\Mary's\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
[2013/07/23 14:55:30 | 000,000,248 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/07/23 14:55:30 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/07/23 14:54:17 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/07/23 14:50:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/07/23 14:50:05 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013/01/24 15:18:56 | 000,000,000 | ---- | C] () -- C:\Users\Mary's\AppData\Roaming\SharedSettings.ccs
[2012/09/06 14:15:16 | 000,174,016 | ---- | C] () -- C:\Program Files\12res.dll
[2012/05/07 10:33:25 | 000,000,476 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/05/07 10:33:25 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9440cn.dat
[2012/05/07 10:33:25 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/05/07 10:33:15 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
[2012/05/07 10:33:15 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012/05/07 10:33:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/05/07 10:33:04 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/05/07 10:33:02 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT
[2012/03/01 12:36:19 | 000,072,080 | ---- | C] () -- C:\Users\Mary's\g2mdlhlpx.exe
[2011/10/10 12:40:01 | 000,000,000 | ---- | C] () -- C:\Users\Mary's\AppData\Roaming\bibstats
[2010/05/07 09:22:02 | 000,000,369 | ---- | C] () -- C:\Users\Mary's\Servpro of Grays Harbor & Pacific Counties 9762.QBW.ND
[2010/05/07 09:22:00 | 000,196,608 | R--- | C] () -- C:\Users\Mary's\Servpro of Grays Harbor & Pacific Counties 9762.QBW.TLG
[2010/05/07 09:21:38 | 000,000,465 | ---- | C] () -- C:\Users\Mary's\Servpro of Grays Harbor & Pacific Counties 9762.ND
[2010/05/07 09:21:37 | 009,977,856 | R--- | C] () -- C:\Users\Mary's\Servpro of Grays Harbor & Pacific Counties 9762.QBW
[2010/02/19 17:16:53 | 000,000,000 | ---- | C] () -- C:\Users\Mary's\AppData\Local\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 01:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
OTL Extras logfile created on: 9/5/2013 8:00:50 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mary's\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.07% Memory free
3.93 Gb Paging File | 2.36 Gb Available in Paging File | 60.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 90.05 Gb Free Space | 67.04% Space Free | Partition Type: NTFS
Drive D: | 271.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.45 Gb Total Space | 6.98 Gb Free Space | 93.63% Space Free | Partition Type: FAT32

Computer Name: MARYS-PC | User Name: Mary's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15EC42CE-134B-41DA-81A5-DC85621F7E86}" = rport=445 | protocol=6 | dir=out | app=system |
"{1613C833-22CE-481F-9548-51390489BD9B}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D0630CE-7955-40FF-9A47-10E711F7FE19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{337C9F0D-35F3-401A-9A08-2E0EDEF81D94}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{35129F09-B6E3-439B-9594-0E5F498F19CB}" = lport=5910 | protocol=6 | dir=in | name=vnc5910 |
"{3911BAAD-9985-4818-B903-4292632E84CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5100346B-35EE-49EC-BAFC-C74D1F9CF2E5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6569FA33-D05F-4479-BCE6-09C2D7CDAF35}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7AA3566B-EC5E-44BD-A9D8-9A1F05677AA3}" = lport=139 | protocol=6 | dir=in | app=system |
"{7DEBE913-0665-4F0B-9B3F-EBEF304566C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{824AA1A9-4A67-4ECF-BB72-83FF720B1E9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{827666FD-A829-4EEA-957A-F54AA2ABE761}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83F971A8-7ABE-460A-850C-282C9C6FB567}" = lport=138 | protocol=17 | dir=in | app=system |
"{8918CEC8-856E-4550-AA96-605F027E88D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D2935B6-5AB0-40F0-8C27-83369FDEEB5C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EF92507-5613-493F-9E6D-43BDDCBC757B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{97775D74-A4ED-4C72-8B0B-9F597DAAAEA7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A5196BA1-44C2-42D0-BE2B-CC917EA1A140}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AEA2E75E-FC66-4584-926C-5DD36564250F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B1E7885E-596A-4EE8-BB09-AB87CB6E4D3A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B41819B7-1440-49A2-85DE-F72A98D2A9BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B421199C-3154-430C-BA98-EEDE58D74D24}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B863157B-0615-40D6-A549-CF79B203FADC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC2024D0-766A-409C-AE6F-A056A26A537F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE9501BE-0019-4507-8FB7-5D0291138A19}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C1A27972-921C-4950-80C3-5C2A5015A520}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFC25A8C-85D9-4DC2-8416-001B457B962B}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{D1563B1F-9F52-48B7-84F8-230868AC10C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5F6AC01-B2B3-4567-AFC1-7D6641303EFB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6717AFC-2418-4D2A-9CFB-A8097E65A435}" = lport=445 | protocol=6 | dir=in | app=system |
"{D9B20961-71F2-464A-9DE6-C69C5FAC299B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2991B3B-3339-49BA-9C57-7ADC2A64F9FC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E64548BF-3210-4498-BC68-173B6ACDC1B8}" = rport=137 | protocol=17 | dir=out | app=system |
"{E9F3D5BF-8626-4FEA-A8B9-5A971F7DDF5E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFA2E449-FB8D-4EF2-9229-E40AC3774950}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFD280D6-195A-42C2-B193-CCB1F8B8B50A}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0391F635-1635-436F-87BD-3CAA96DEBE7D}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl11b\faxrx.exe |
"{0D6783F9-8073-4EFF-9706-B27E4C950262}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EEBDE26-6DA3-474C-A700-6E944A4FB04E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{39A85FEB-981E-48D6-8B8B-6D8A842BC59E}" = protocol=1 | dir=in | [email protected],-28543 |
"{46171C88-108B-48EF-8964-EB0148771546}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{594FFBD7-AF04-405F-8BFE-18A33E3CA8CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F6E4C7D-5EFD-43B1-BE35-9E013275E5C4}" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{5FDA00CF-8E2B-48A0-A29A-FFA114831B85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64DEB59A-CF80-4D23-8903-680FA32045E1}" = protocol=58 | dir=in | [email protected],-28545 |
"{65A5B15C-1241-4A8A-9786-5DCEDA4C90E0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{66AC3B5F-98AC-4D29-B99E-9B4D63F6014E}" = protocol=6 | dir=out | app=system |
"{698A8FC6-C080-41D1-9CCE-6B38530E1BDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BAF1D5F-2FC2-4E64-B5C8-5CE889BE5B35}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{8152D204-EE06-42A7-A41E-C0647CDD7109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8632E4A8-212F-40D8-9FA2-187B3343C8F1}" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"{8E00E0CC-6F1A-4929-A4C9-438798F8D4D4}" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{9BDC7503-353F-42B1-8C2D-33FC0177A64E}" = protocol=17 | dir=in | app=c:\users\mary's\appdata\local\crossloop\tvnserver.exe |
"{A240961B-544D-4D42-A0EE-8B4FACB3EFC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9732FBD-7F75-4E29-A760-10BE07D2F05E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACF1FB7E-71DE-4C07-B6D1-B03943BAF610}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B63C955D-0DE3-4F79-94F2-EA4C3C3099AD}" = protocol=58 | dir=out | [email protected],-28546 |
"{B8F4F8D2-668E-4780-8704-AFE0D604CF27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF158D2A-A833-4402-9DB2-DADBF1764A9D}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl11b\faxrx.exe |
"{C6AB5167-A0D8-449D-B469-A936B2F0517E}" = protocol=17 | dir=in | app=c:\users\mary's\appdata\local\crossloop\vncviewer.exe |
"{C9CE0070-A2C1-4439-BA8E-5B60E4A98500}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{CFB5F9BD-D1E8-48C9-9F5E-B0FE2115C478}" = protocol=1 | dir=out | [email protected],-28544 |
"{D0F0DD30-FA8E-4847-8854-21F9A95B0B66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D79295C4-9E2F-4C5E-9CAD-E5CFEB043745}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9F2B28D-C385-4788-906D-7A635521F610}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DDFAADA6-29EE-49A0-93AA-954528C881C1}" = protocol=6 | dir=in | app=c:\users\mary's\appdata\local\crossloop\tvnserver.exe |
"{EE0A4DDC-D1DC-4595-A1BD-EB4A1AF82895}" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"{F2A2E955-546A-4B59-A2E7-A60532121965}" = protocol=6 | dir=in | app=c:\users\mary's\appdata\local\crossloop\vncviewer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74EA06CC-9EFD-410D-88B4-CB5ABD2BE785}" = GoToMyPC
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{830F55B6-4398-4B72-A0D8-66397B902C0E}" = Brother MFL-Pro Suite MFC-J5910DW
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DD67529-BA26-4D12-97A8-3853D0C4B67D}" = Dell Backup and Recovery Manager
"{8FC5E2A8-F0EA-48D1-BB21-67E89CB778E1}" = Brother MFC-9440CN
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9ED7D6FD-1B8C-4D89-B970-CC119C05AE3A}" = Mastering Accounting Basics for QuickBooks 2010
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader
"{D0EA1D95-53E2-4094-B347-3EDC8AFC52C2}" = Mastering QuickBooks 2010 for Construction DVD
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EA85A846-62C3-499C-9E6E-FF738D7F40F6}" = SERVPRO Office Automation Software
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"B55781558C6FAB4237DDEE317F2409086B83E855" = Windows Driver Package - Citrix Systems monblanking Citrix Driver (06/26/2012 6.3.0.48)
"Business-in-a-Box" = Business-in-a-Box
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CrossLoop_is1" = CrossLoop 2.81
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Mastering Accounting Basics for QuickBooks 2010" = Mastering Accounting Basics for QuickBooks 2010
"Mastering QuickBooks 2010 for Construction DVD" = Mastering QuickBooks 2010 for Construction DVD
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"N360" = Norton 360
"SiS163u" = 802.11 USB Wireless LAN Adapter
"STANDARDR" = Microsoft Office Standard 2007
"TVWiz" = Intel® TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2013 1:59:26 PM | Computer Name = Marys-PC | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 9/4/2013 2:35:48 PM | Computer Name = Marys-PC | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 9/4/2013 2:38:34 PM | Computer Name = Marys-PC | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 9/5/2013 3:30:27 AM | Computer Name = Marys-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 4/22/2010 2:12:31 PM | Computer Name = Marys-PC | Source = MCUpdate | ID = 0
Description = 11:12:30 AM - Failed to retrieve Broadband-2.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 4/22/2010 3:13:40 PM | Computer Name = Marys-PC | Source = MCUpdate | ID = 0
Description = 12:13:38 PM - Failed to retrieve Broadband-2.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 4/22/2010 4:14:00 PM | Computer Name = Marys-PC | Source = MCUpdate | ID = 0
Description = 1:13:58 PM - Failed to retrieve Broadband-2.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 4/22/2010 5:17:20 PM | Computer Name = Marys-PC | Source = MCUpdate | ID = 0
Description = 2:17:18 PM - Failed to retrieve Broadband-2.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 1/11/2011 2:28:27 AM | Computer Name = Marys-PC | Source = MCUpdate | ID = 0
Description = 10:28:24 PM - Failed to retrieve SportsSchedule (Error: The remote
name could not be resolved: 'data.tvdownload.microsoft.com')

Error - 2/15/2011 12:15:29 PM | Computer Name = Marys-PC | Source = MCUpdate | ID = 0
Description = 8:15:25 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 3/29/2011 2:07:38 AM | Computer Name = Marys-PC | Source = MCUpdate | ID = 0
Description = 11:07:33 PM - Error connecting to the internet. 11:07:33 PM - Unable
to contact server..

Error - 3/29/2011 3:07:55 AM | Computer Name = Marys-PC | Source = MCUpdate | ID = 0
Description = 12:07:54 AM - Error connecting to the internet. 12:07:54 AM - Unable
to contact server..

Error - 3/29/2011 4:08:27 AM | Computer Name = Marys-PC | Source = MCUpdate | ID = 0
Description = 1:08:22 AM - Error connecting to the internet. 1:08:22 AM - Unable
to contact server..

Error - 3/29/2011 5:08:44 AM | Computer Name = Marys-PC | Source = MCUpdate | ID = 0
Description = 2:08:43 AM - Error connecting to the internet. 2:08:43 AM - Unable
to contact server..

[ OSession Events ]
Error - 7/1/2013 11:54:53 AM | Computer Name = Marys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 516
seconds with 420 seconds of active time. This session ended with a crash.

Error - 7/3/2013 11:48:39 AM | Computer Name = Marys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 115
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/17/2013 5:29:46 PM | Computer Name = Marys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1274
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 7/19/2013 11:09:22 AM | Computer Name = Marys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 480
seconds with 180 seconds of active time. This session ended with a crash.

Error - 7/23/2013 7:02:07 PM | Computer Name = Marys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 142
seconds with 120 seconds of active time. This session ended with a crash.

Error - 7/30/2013 6:10:33 PM | Computer Name = Marys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2298
seconds with 660 seconds of active time. This session ended with a crash.

Error - 7/31/2013 1:59:36 PM | Computer Name = Marys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 199
seconds with 180 seconds of active time. This session ended with a crash.

Error - 8/15/2013 11:17:51 AM | Computer Name = Marys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 118
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/3/2013 11:17:39 AM | Computer Name = Marys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 91
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/3/2013 11:21:44 AM | Computer Name = Marys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 237
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/4/2013 2:00:00 PM | Computer Name = Marys-PC | Source = DCOM | ID = 10016
Description =

Error - 9/4/2013 2:36:32 PM | Computer Name = Marys-PC | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

#40
Lauriek1970
Posted 05 September 2013 - 09:37 AM

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Professional x86
Ran by Mary's on Thu 09/05/2013 at 8:34:02.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/05/2013 at 8:36:14.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements

#41
RKinner
Posted 05 September 2013 - 09:56 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Are you able to download now? When you download, make sure they are being saved on Mary's Desktop and not ServPro. I would uninstall Chrome and download a new copy. https://www.google.c...chrome/browser/ Then see if Chrome works. Also download and install Firefox. http://www.mozilla.o...fox/fx/#desktop
  • 0

#42
Lauriek1970
Posted 05 September 2013 - 09:58 AM

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Yes, I can download thank you, thank you, thank you
  • 0

#43
Lauriek1970
Posted 05 September 2013 - 09:59 AM

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
I downloaded Firefox, couldn't download Chrome
  • 0

#44
RKinner
Posted 05 September 2013 - 10:05 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
What happened when you tried to download Chrome? (Did you uninstall it first?) Now that you have Firefox, try and download it with Firefox.

Probably should run one scan to make sure we don't have an infection:

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

Then I would
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#45
Lauriek1970
Posted 05 September 2013 - 10:06 AM

Lauriek1970

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Fireox setup is on my desktop. It won't run. I double click, click run, nothing happens.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP