My computer started acting strange about 8 months ago. I noticed that the file and folder permissions kept changing and my printer wouldn't work. I was supposed to be the owner on all files and folders, but the permissions kept changing to make Trusted Installer, Windows Media Player Network Sharing Service, or Administrator the owner. The computer also started running really slow. I brought up task manager and Wmp sharing service was using anywhere from 50-80% of my CPU. I disabled it in Services, but then iexplore.exe or svchost.exe started doing the same thing. I have tried over and over to change all of the folder and file permissions back to me as the owner, but within a day, they all change back. I've tried Malwarebytes and several anti-virus programs, but whatever virus or malware is on my computer took over those types of programs 1st. Windows Defender and Windows Essentials do nothing. Then my icons started changing. I noticed today that when I tried to change the permisions back on my downloads, it didn't show a drive (\\KELLY-PC\Kelly\Downloads) and wouldn't allow me to change the auditing permissions. It said "You do not have permission to view or edit this object's permissions". It said it opens with Windows Shell Commor. That was another thing I noticed. A lot of the names of my programs in Program Files, such as F12Tools.dll had a little blue bolt icon next to them. There are so many application extensions that have that, I wouldn't be able to count. HELP!!!!!! Here is the report that was generated by OTL:
OTL logfile created on: 1/22/2015 3:58:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kelly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.93 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.46% Memory free
7.86 Gb Paging File | 5.81 Gb Available in Paging File | 73.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 247.29 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
Computer Name: KELLY-PC | User Name: Kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015/01/22 15:58:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/06 14:26:26 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/12/11 16:47:32 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2009/08/20 19:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2015/01/14 19:18:31 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/07/22 21:17:28 | 000,089,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2014/05/06 14:26:26 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2014/04/03 19:21:48 | 000,315,008 | ---- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/11 16:47:32 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/28 06:04:49 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/08/20 19:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2015/01/22 15:27:02 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/03/31 20:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2014/03/19 14:27:44 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/03 15:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/08/09 22:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 05:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/06 11:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/05/25 15:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/13 19:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...vast&type=iedef
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...vast&type=iedef
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Kelly\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...vast&type=iedef
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...&p={searchTerms}
IE - HKCU\..\SearchScopes\{CB58EFCC-020E-4273-9EB9-4C8696A4541E}: "URL" = https://search.yahoo...rtPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2014/10/26 20:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\mMSRbFBY.default\extensions
[2014/10/29 23:25:03 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\mMSRbFBY.default\extensions\[email protected]
O1 HOSTS File: ([2014/06/24 19:24:49 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 957kjr.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: paypal.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([screen] https in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.n...X_WEB_Win32.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3684E32D-4846-436A-B1F8-95238FCB0EFA}: DhcpNameServer = 168.95.1.1
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/01/22 15:58:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
[2015/01/16 12:54:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2015/01/15 12:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2015/01/15 12:45:38 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Roaming\Lavasoft
[2015/01/15 12:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2015/01/15 12:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2015/01/15 12:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2015/01/15 12:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2015/01/14 12:06:36 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/14 12:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/14 12:06:15 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/01/14 12:06:15 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/01/14 12:06:15 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/01/14 12:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/01/14 12:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/01/13 18:05:36 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Documents\Malwarebytes scan log results
[2014/12/28 20:42:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 30 Days ==========
[2015/01/22 15:58:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
[2015/01/22 15:27:02 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/22 15:25:27 | 000,012,470 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat
[2015/01/22 15:25:27 | 000,008,704 | ---- | M] () -- C:\Users\Kelly\Documents\geeks to go.wps
[2015/01/22 15:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/22 14:42:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/21 21:11:52 | 000,093,818 | ---- | M] () -- C:\Users\Kelly\AppData\Local\recently-used.xbel
[2015/01/21 08:15:58 | 000,005,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 08:15:58 | 000,005,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 08:10:29 | 3166,158,848 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/20 15:43:44 | 000,011,776 | ---- | M] () -- C:\Users\Kelly\Documents\wilson.wps
[2015/01/20 11:54:43 | 000,016,896 | ---- | M] () -- C:\Users\Kelly\Documents\Cross The Line Member Agreement 2.wps
[2015/01/19 21:46:56 | 000,031,232 | ---- | M] () -- C:\Users\Kelly\Documents\CROSS THE LINE CONTRACT DRAFT.wps
[2015/01/19 17:41:27 | 000,016,384 | ---- | M] () -- C:\Users\Kelly\Documents\Three Cheers For Five Years Lyrics.wps
[2015/01/19 13:01:35 | 000,013,824 | ---- | M] () -- C:\Users\Kelly\Documents\uptown funk lyrics.wps
[2015/01/16 12:53:52 | 286,060,936 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/01/15 19:54:48 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2015/01/15 17:40:42 | 000,010,752 | ---- | M] () -- C:\Users\Kelly\Documents\SSI username and password.wps
[2015/01/15 16:39:49 | 000,011,776 | ---- | M] () -- C:\Users\Kelly\Documents\believe lyrics.wps
[2015/01/15 15:29:30 | 000,002,236 | ---- | M] () -- C:\Users\Kelly\Documents\SSI payee confirmation2.pdf
[2015/01/15 12:48:55 | 000,010,752 | ---- | M] () -- C:\Users\Kelly\Documents\ad aware lavasoft registration key.wps
[2015/01/14 12:06:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/14 11:46:42 | 000,781,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/14 11:46:42 | 000,650,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/14 11:46:42 | 000,118,302 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/13 18:43:41 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/13 18:43:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/11 19:59:19 | 000,027,648 | ---- | M] () -- C:\Users\Kelly\Documents\autoruns symbols.wps
[2015/01/11 19:39:47 | 000,001,087 | ---- | M] () -- C:\Users\Kelly\Documents\Documents - Shortcut.lnk
[2015/01/11 10:28:54 | 002,931,184 | ---- | M] () -- C:\Users\Kelly\Documents\football mc logo transparent100 red background plus transparency 300dpi.xcf
[2015/01/11 00:47:30 | 000,009,216 | ---- | M] () -- C:\Users\Kelly\Documents\facebook happy birthday.wps
[2015/01/10 13:40:18 | 000,009,728 | ---- | M] () -- C:\Users\Kelly\Documents\jewelry cleaner.wps
[2015/01/10 13:33:59 | 000,012,800 | ---- | M] () -- C:\Users\Kelly\Documents\JEWELRY CLEANER2.wps
[2015/01/06 12:51:39 | 000,010,240 | ---- | M] () -- C:\Users\Kelly\Documents\capital one.wps
[2015/01/05 13:47:36 | 000,008,704 | ---- | M] () -- C:\Users\Kelly\Documents\stannie's address.wps
[2015/01/05 11:18:54 | 000,071,938 | ---- | M] () -- C:\Users\Kelly\Documents\high five hand with alpha.png
[2015/01/05 11:18:43 | 000,110,870 | ---- | M] () -- C:\Users\Kelly\Documents\high five hand with alpha.xcf
[2015/01/05 10:09:27 | 000,057,398 | ---- | M] () -- C:\Users\Kelly\Documents\high five for not killing you with transparency.png
[2015/01/05 10:09:09 | 000,116,755 | ---- | M] () -- C:\Users\Kelly\Documents\high five for not killing you.xcf
[2015/01/05 09:59:28 | 000,059,176 | ---- | M] () -- C:\Users\Kelly\Documents\high five for not killing you.png
[2015/01/04 20:27:40 | 000,120,557 | ---- | M] () -- C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY.xcf
[2015/01/04 20:16:47 | 000,117,597 | ---- | M] () -- C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY maybe.xcf
[2015/01/04 11:31:39 | 000,007,605 | ---- | M] () -- C:\Users\Kelly\AppData\Local\Resmon.ResmonCfg
[2015/01/03 20:19:24 | 000,008,704 | ---- | M] () -- C:\Users\Kelly\Documents\Dish Info.wps
[2015/01/01 10:10:40 | 000,237,206 | ---- | M] () -- C:\Users\Kelly\Documents\Health Insurance - Jenny Morse Mandel.zip
[2014/12/29 13:00:40 | 004,147,416 | ---- | M] () -- C:\Users\Kelly\Documents\football mc logo transparent.xcf
[2014/12/27 23:20:33 | 000,012,800 | ---- | M] () -- C:\Users\Kelly\Documents\iexplore removal from ehow.wps
[2014/12/26 22:32:39 | 000,069,632 | ---- | M] () -- C:\Users\Kelly\Documents\log power shell.evtx
[2014/12/26 22:31:21 | 001,052,672 | ---- | M] () -- C:\Users\Kelly\Documents\event logs.evtx
[2014/12/26 16:52:31 | 000,011,776 | ---- | M] () -- C:\Users\Kelly\Documents\let it go lyrics.wps
[2014/12/24 11:47:44 | 000,047,104 | ---- | M] () -- C:\Users\Kelly\Documents\collage.wps
========== Files Created - No Company Name ==========
[2015/01/22 15:25:27 | 000,008,704 | ---- | C] () -- C:\Users\Kelly\Documents\geeks to go.wps
[2015/01/21 21:11:52 | 000,093,818 | ---- | C] () -- C:\Users\Kelly\AppData\Local\recently-used.xbel
[2015/01/20 15:43:43 | 000,011,776 | ---- | C] () -- C:\Users\Kelly\Documents\wilson.wps
[2015/01/20 11:54:42 | 000,016,896 | ---- | C] () -- C:\Users\Kelly\Documents\Cross The Line Member Agreement 2.wps
[2015/01/19 20:22:40 | 000,031,232 | ---- | C] () -- C:\Users\Kelly\Documents\CROSS THE LINE CONTRACT DRAFT.wps
[2015/01/19 17:41:26 | 000,016,384 | ---- | C] () -- C:\Users\Kelly\Documents\Three Cheers For Five Years Lyrics.wps
[2015/01/16 12:53:52 | 286,060,936 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015/01/15 16:33:59 | 000,011,776 | ---- | C] () -- C:\Users\Kelly\Documents\believe lyrics.wps
[2015/01/15 15:29:30 | 000,002,236 | ---- | C] () -- C:\Users\Kelly\Documents\SSI payee confirmation2.pdf
[2015/01/15 12:48:54 | 000,010,752 | ---- | C] () -- C:\Users\Kelly\Documents\ad aware lavasoft registration key.wps
[2015/01/15 12:45:05 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2015/01/14 19:18:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/14 12:06:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/11 19:59:18 | 000,027,648 | ---- | C] () -- C:\Users\Kelly\Documents\autoruns symbols.wps
[2015/01/11 19:39:47 | 000,001,087 | ---- | C] () -- C:\Users\Kelly\Documents\Documents - Shortcut.lnk
[2015/01/11 10:41:10 | 000,013,824 | ---- | C] () -- C:\Users\Kelly\Documents\uptown funk lyrics.wps
[2015/01/11 10:28:54 | 002,931,184 | ---- | C] () -- C:\Users\Kelly\Documents\football mc logo transparent100 red background plus transparency 300dpi.xcf
[2015/01/10 13:33:59 | 000,012,800 | ---- | C] () -- C:\Users\Kelly\Documents\JEWELRY CLEANER2.wps
[2015/01/05 11:18:54 | 000,071,938 | ---- | C] () -- C:\Users\Kelly\Documents\high five hand with alpha.png
[2015/01/05 11:18:43 | 000,110,870 | ---- | C] () -- C:\Users\Kelly\Documents\high five hand with alpha.xcf
[2015/01/05 10:09:26 | 000,057,398 | ---- | C] () -- C:\Users\Kelly\Documents\high five for not killing you with transparency.png
[2015/01/05 09:59:27 | 000,059,176 | ---- | C] () -- C:\Users\Kelly\Documents\high five for not killing you.png
[2015/01/05 09:58:53 | 000,116,755 | ---- | C] () -- C:\Users\Kelly\Documents\high five for not killing you.xcf
[2015/01/04 20:16:47 | 000,117,597 | ---- | C] () -- C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY maybe.xcf
[2015/01/03 20:12:07 | 000,008,704 | ---- | C] () -- C:\Users\Kelly\Documents\Dish Info.wps
[2015/01/03 18:42:34 | 000,120,557 | ---- | C] () -- C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY.xcf
[2014/12/31 23:06:21 | 000,237,206 | ---- | C] () -- C:\Users\Kelly\Documents\Health Insurance - Jenny Morse Mandel.zip
[2014/12/29 12:56:50 | 004,147,416 | ---- | C] () -- C:\Users\Kelly\Documents\football mc logo transparent.xcf
[2014/12/27 23:20:33 | 000,012,800 | ---- | C] () -- C:\Users\Kelly\Documents\iexplore removal from ehow.wps
[2014/12/26 22:32:38 | 000,069,632 | ---- | C] () -- C:\Users\Kelly\Documents\log power shell.evtx
[2014/12/26 22:31:20 | 001,052,672 | ---- | C] () -- C:\Users\Kelly\Documents\event logs.evtx
[2014/12/26 16:52:31 | 000,011,776 | ---- | C] () -- C:\Users\Kelly\Documents\let it go lyrics.wps
[2014/12/24 11:47:44 | 000,047,104 | ---- | C] () -- C:\Users\Kelly\Documents\collage.wps
[2014/12/14 17:59:51 | 053,303,296 | ---- | C] () -- C:\Program Files (x86)\Silverlight.msp
[2014/10/10 21:35:00 | 000,007,605 | ---- | C] () -- C:\Users\Kelly\AppData\Local\Resmon.ResmonCfg
[2014/09/21 18:53:55 | 000,027,947 | ---- | C] () -- C:\Users\Kelly\swimmernoback.xcf
[2014/06/24 18:28:46 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-KELLY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/06/13 13:06:29 | 000,001,102 | ---- | C] () -- C:\Program Files (x86)\AnvSoft - Shortcut.lnk
[2014/06/09 02:19:58 | 000,758,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/27 17:46:54 | 000,012,470 | ---- | C] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2015/01/19 11:48:56 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2015/01/16 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\AnvSoft
[2015/01/16 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Audacity
[2014/11/22 09:46:06 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\AVG2015
[2014/09/28 12:55:00 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Doblon
[2014/06/10 19:03:02 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Oracle
[2014/12/17 09:23:15 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Panda Security
[2014/06/09 14:59:41 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Temp
[2014/05/27 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Template
[2014/05/30 08:34:56 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\TuneUp Software
[2014/07/18 08:13:09 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
Hi and thanks. Here is the Extras log:
OTL Extras logfile created on: 1/22/2015 3:58:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kelly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.93 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.46% Memory free
7.86 Gb Paging File | 5.81 Gb Available in Paging File | 73.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 247.29 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
Computer Name: KELLY-PC | User Name: Kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C16063-607B-4B7F-89CA-E0DA65F221FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{094D4D87-48AE-4C67-BFC3-1CD29DA1A8B5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{095DA52B-4A4B-4EF3-AE2C-632569563126}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B34BBEF-6B53-4994-9311-986223D4477C}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DEFB883-AB5A-4EFE-A8F2-7D29B8D29CE3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{321918D6-BE8F-473D-B0C8-DBD23805B618}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3ACC4182-9CAE-4130-B742-423C2A6F33E8}" = lport=445 | protocol=6 | dir=in | app=system |
"{41A7D98E-7520-4027-A240-925A0D94D7F2}" = lport=139 | protocol=6 | dir=in | app=system |
"{44E22639-963E-4F60-B303-6FBDF990F975}" = lport=137 | protocol=17 | dir=in | app=system |
"{624F29C2-4B6D-4B66-9DD0-2ECA938CBF1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67F23FB4-D6E6-402B-A4DA-BAFF2AF25086}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6994657F-73DA-490A-B417-49BABB14BAF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D623210-A24D-493B-AAC1-20A91515F4F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74F2DE60-9132-42B7-BF14-FAFCC1E692D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{775AD816-1C72-4027-9DB5-B4FEBB3CA498}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77F073F4-0E47-4140-A0A0-D001EBD16EE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77FE3BDF-7F29-4AFB-B611-1D16F097A187}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B053284-B808-4D36-9857-8D254102896E}" = rport=138 | protocol=17 | dir=out | app=system |
"{7CE33628-BF52-40A2-A5E2-4513C7182EC8}" = lport=138 | protocol=17 | dir=in | app=system |
"{88A44C9A-24C9-4371-8365-EDE74047284D}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{8DC109E4-974E-4489-8307-624D88C7B011}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C69F2CF-AE6D-4FCB-8AAA-6170C2457911}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D9B6EF8-8E52-4C06-BBB0-76A23F8F475C}" = rport=445 | protocol=6 | dir=out | app=system |
"{A02B3A68-0783-4FAA-9768-39BABDC8EABE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2C920D4-2F67-4A21-933F-2FA323FBF7F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B362179E-C259-4102-AAB3-B3856A9A3A12}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B54C877A-2B6A-4B9E-8BD0-1D1DA3708AC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B65A30D2-C94F-495B-93DF-30FDAA52A32F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCB9DF92-E7C2-4EDC-8D79-CB0F63AFBA17}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{C422D013-4E7E-41A1-8D43-1B1FEFCC97E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD073948-00F2-46CA-9486-08AF304F6DBA}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{CF44A257-AE4C-4A09-BCA0-46B445BBE297}" = rport=139 | protocol=6 | dir=out | app=system |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D514CBF0-019B-48C5-99DF-0C7E3C670556}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E5857959-1C6E-43E6-A7F9-75931627A121}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA1FE76D-377D-4BDE-8957-7B7CD9648A1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBDA4FF0-1E4A-4B80-9FB2-6CCB0E242317}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{EE4E0D48-89FE-4A70-89E1-4EE21D6FDA3A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F3538A5D-E739-40DF-8E16-E0587702E5FD}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\wdexpress.exe |
"{F50BFED1-B13A-4ED9-A96B-B0D8540EB814}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018B1460-7FFA-4976-8061-7E9E69107693}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{0494849F-663E-4590-B4E5-6AAD17468B07}" = protocol=6 | dir=out | app=system |
"{066A6090-6094-4345-84A0-F1F353E50C72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B3DB9E1-2A11-4339-9501-18DE336B49AD}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{0E1E9C83-F34C-41F0-9105-3B32AB57C943}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{128D77D6-2C76-4809-B57C-F9E502911378}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17A4B59E-3195-4A79-A4F3-5335DF4B1385}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{18ACF084-E579-4B3F-9A92-83F43CC6216F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E8ADBC3-3BAC-4D76-81BE-B45E6CF2238C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22FD522B-6B76-4F50-8005-1F7E3F8D9805}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{26E1C9DF-E192-4A6F-B6DA-0BF63BB43D00}" = protocol=1 | dir=in | [email protected],-28543 |
"{27A8355E-E886-4D9A-AD26-9457BB202837}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{287209BA-19B1-4244-B0FE-9545A0D198D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{28A3224E-26AF-43E4-8B1F-9C0A76DC3AED}" = protocol=58 | dir=in | [email protected],-28545 |
"{2ACCBA01-9AFA-4788-8042-6553F8065374}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31DF0805-3789-41E7-9655-9357AFEF8D42}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{349A1A51-BB53-40C0-8181-DC56D6F1A9FE}" = protocol=1 | dir=out | [email protected],-28544 |
"{3548DBC7-9869-4D76-AA68-2D0325432AD4}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{39FDC151-8B06-4A14-B6FD-0E674C2C5D98}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B5B56BB-52F3-4936-BAD3-FD6ED57DC5E4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42112DF0-7AB3-46A7-A19B-C42A5422A011}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A0B3F82-34BC-4115-BC7D-C666CC12D9B7}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{578283D5-41FF-4FE0-B8C4-38CAEC72F9C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{591FF791-B802-4D40-84E2-5503E14FA6DD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5980535F-C8D9-488F-BD58-BB43406871E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65196E70-C515-47DC-A010-860E91199605}" = protocol=6 | dir=out | app=system |
"{6EA396F1-0F8D-4F59-B51F-B10D6D597809}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{74C8D90E-EEE3-41FD-91BF-1461CE4D7418}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{7C258521-3EDA-41F0-88EF-24E20F19194E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{860C08BF-CCB2-456E-8EB4-8CA6E2DA86E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87A85B45-7F72-4F90-8BE8-E9F6EECD6B15}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{8AAF36FA-9E56-4935-9B38-B7BC9378F182}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{942FF846-F5A0-4B13-83D9-D47F43CD140B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{943B1190-3523-49FE-9919-CCDE24E0B829}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9522A42F-D492-4704-88F6-F40D0EB57752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E2F669C-E415-466E-A8AD-2CD422A0E68E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3DF7D9C-E0FA-4756-8A4F-CD009DCF5695}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7D64641-CA44-49B7-B5AF-5C1A2F0886FF}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{B199A37B-85DE-4108-8F8A-58269AFE5C55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B312F392-13E9-4C0D-BB5C-54C0931CD3E3}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{C178AF2C-FCDC-452B-9C93-2286F6F94FB2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C67A4085-450C-4CAF-B133-5DB19F5E4E25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CD428526-9B76-44EE-9F65-D53D761B1C77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D00EAAF3-D93B-4281-9C10-0947C57A3924}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D751A7B8-AE53-43A8-97EA-42EA0FA61C3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D793DCCE-BED9-4276-A993-5FEE4201D0A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D82BED42-B3BC-46E7-A65E-C25E2CC18EC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DDF3C6B5-8CB3-4671-A128-6FA912B095C6}" = protocol=58 | dir=out | [email protected],-28546 |
"{E5A50D0A-B822-4389-823C-00FCD2620D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{E9C9F621-4D61-44F2-B1AF-42C534E2FB44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ECC18F95-AF34-4A19-A978-20385EB01DEC}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{F327E091-B9EF-4FB4-8A98-4E0B9CB23C1D}" = dir=in | app=c:\users\kelly\appdata\local\microsoft\skydrive\skydrive.exe |
"{F461BEB1-9DDA-4985-A938-4DAEB20C1264}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F877DAA0-1CEA-4171-BD07-37C9F8127590}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8DC20D7-DF7E-4CAE-B9C0-16BB835E0EA8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05FF8209-C4F1-4C77-BC28-791653156D20}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}" = Microsoft SQL Server 2014 Management Objects (x64)
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}" = Microsoft SQL Server 2012 Management Objects (x64)
"{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1}" = Windows Software Development Kit DirectX x64 Remote
"{54C5041B-0E91-4E92-8417-AAA12493C790}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{58FED865-4F13-408D-A5BF-996019C4B936}" = Microsoft SQL Server 2012 Command Line Utilities
"{60391499-BB97-3FC7-9F17-2BF560DCE231}" = Microsoft Visual Studio 2013 Express Prerequisites x64 - ENU
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C06D6DB-A391-4686-B050-99CC522A7843}" = Microsoft System CLR Types for SQL Server 2014
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F4525A-470D-F15C-796E-58D9988C3E5F}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{A6BA243E-85A3-4635-A269-32949C98AC7F}" = Microsoft SQL Server 2012 Data-Tier App Framework (x64)
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B74B199A-EDD4-B657-E055-327D454402D2}" = Windows Software Development Kit DirectX x64 Remote
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{C596D608-3E74-3232-8CA5-DF1DCB9F10DE}" = Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}" = Microsoft SQL Server 2012 Native Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"GIMP-2_is1" = GIMP 2.8.10
"HDMI" = Intel® Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}" = Microsoft SQL Server 2012 T-SQL Language Service
"{070C38AC-05CE-43DF-9A20-141332F6AB2B}" = Microsoft System CLR Types for SQL Server 2012
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0B698858-DAB0-4F9E-A10A-125B274EDA06}" = Microsoft Visual C++ x64 Libraries
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1AA110-D758-30C1-A1B4-5484C72BCACE}" = Microsoft Visual Studio Express 2013 for Windows Desktop - ENU
"{21373064-AD95-48DB-A32E-0D9E08EF7355}" = Prerequisites for SSDT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{2774595F-BC2A-4B12-A25B-0C37A37049B0}" = Microsoft SQL Server 2014 Management Objects
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F7DBBE6-8EBC-495C-9041-46A772F4E311}" = Microsoft SQL Server 2012 Management Objects
"{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}" = Prerequisites for SSDT
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{47D08E7A-92A1-489B-B0BF-415516497BCE}" = Microsoft SQL Server 2014 T-SQL Language Service
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{492FCC0B-45E1-383A-A2CF-9E7F305AC200}" = Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{4AEB505C-95E1-4964-9B64-8D27F3186D30}" = Microsoft System CLR Types for SQL Server 2014
"{5411060C-8F8C-393D-8D3B-26AF2C92FABB}" = Microsoft Visual Studio 2013 Shell (Minimum)
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D5CFAD6-9F93-8C63-3EB0-B6A0D3D4BD12}" = Windows Software Development Kit
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{64484316-E4BA-38B3-8954-0358522A8D40}" = Microsoft Visual Studio Express 2013 for Windows Desktop
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{678800C0-D94E-4513-89CB-478F2B781A0B}" = Microsoft Visual C++ 2013 x86-x64 Compilers
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6C06FEE9-C64E-453F-B8A5-D9E9B79ED040}" = Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{84D88F57-4130-30FE-A0B6-1E04428FE1F6}" = Microsoft Visual C++ 2013 Core Libraries
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{985EF141-95DD-3934-8F23-7C2C4C61E5F7}" = Microsoft Visual Studio 2013 Shell (Minimum) Resources
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9E7DE17D-A9E2-4762-8C10-1E80F5976F4A}" = Microsoft Visual Studio 2013 Preparation
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A3B8D9FB-CA7D-4487-8CA2-A6A2C8AD1077}" = Microsoft Visual C++ x86 Libraries
"{A6030DAD-1600-F767-C8DD-C722ADFE8FBC}" = Windows Software Development Kit DirectX x86 Remote
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{AE937DBA-FEFD-3BFE-9860-0591C0F91D61}" = Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}" = Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{C9E7751E-88ED-36CF-B610-71A1D262E906}" = Team Explorer for Microsoft Visual Studio 2013
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5CAE8D2-9F9F-3BEA-AA0F-B5B40611C704}" = Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Any Video Converter_is1" = Any Video Converter 5.7.6
"Audacity_is1" = Audacity 2.0.3
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LManager" = Launch Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/13/2015 2:11:59 PM | Computer Name = Kelly-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 68.1.168.192.in-addr.arpa.
PTR Kelly-PC.local.
Error - 1/15/2015 1:33:06 PM | Computer Name = Kelly-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: bfc Start
Time: 01d030e9235fb940 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 8a74b007-9cdc-11e4-b209-00262265ba35
Error - 1/15/2015 7:43:23 PM | Computer Name = Kelly-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: msi.dll, version: 5.0.7601.18637, time
stamp: 0x543c864f Exception code: 0xc0000005 Fault offset: 0x00000000001f1046 Faulting
process id: 0x478 Faulting application start time: 0x01d030eeea650c4f Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\msi.dll Report
Id: 4ad3dc81-9d10-11e4-b197-00262265ba35
Error - 1/20/2015 2:28:20 PM | Computer Name = Kelly-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
Error - 1/20/2015 2:28:22 PM | Computer Name = Kelly-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
Error - 1/20/2015 2:51:49 PM | Computer Name = Kelly-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
Error - 1/20/2015 2:51:52 PM | Computer Name = Kelly-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
Error - 1/21/2015 9:40:10 PM | Computer Name = Kelly-PC | Source = Application Hang | ID = 1002
Description = The program gimp-2.8.exe version 2.8.10.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 519c Start
Time: 01d035e4405ea08c Termination Time: 10 Application Path: C:\Program Files\GIMP
2\bin\gimp-2.8.exe Report Id: 95c7c72e-a1d7-11e4-95fa-00262265ba35
Error - 1/22/2015 1:48:58 PM | Computer Name = Kelly-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Kits\8.0\bin\x64\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 1/22/2015 1:48:59 PM | Computer Name = Kelly-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Kits\8.0\bin\x86\makecat.exe.Manifest". Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ System Events ]
Error - 1/22/2015 2:20:49 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7000
Description = The Peer Name Resolution Protocol service failed to start due to the
following error: %%1079
Error - 1/22/2015 2:20:49 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%1079
Error - 1/22/2015 2:21:35 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7000
Description = The Peer Name Resolution Protocol service failed to start due to the
following error: %%1079
Error - 1/22/2015 2:21:35 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%1079
Error - 1/22/2015 3:42:51 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7000
Description = The Peer Name Resolution Protocol service failed to start due to the
following error: %%1079
Error - 1/22/2015 3:42:51 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%1079
Error - 1/22/2015 3:42:51 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7000
Description = The Peer Name Resolution Protocol service failed to start due to the
following error: %%1079
Error - 1/22/2015 3:42:51 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%1079
Error - 1/22/2015 3:42:52 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7000
Description = The Peer Name Resolution Protocol service failed to start due to the
following error: %%1079
Error - 1/22/2015 3:42:52 PM | Computer Name = Kelly-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%1079
< End of report >
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kelly (administrator) on KELLY-PC on 23-01-2015 08:11:32
Running from C:\Users\Kelly\Desktop
Loaded Profiles: Kelly & (Available profiles: Kelly)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(OldTimer Tools) C:\Users\Kelly\Desktop\OTL.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\ALU.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...vast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKU\S-1-5-21-1519497777-177528772-3543348537-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...vast&type=iedef
HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...&p={searchTerms}
HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...vast&type=iedef
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> {CB58EFCC-020E-4273-9EB9-4C8696A4541E} URL = https://search.yahoo...rtPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CB58EFCC-020E-4273-9EB9-4C8696A4541E} URL = https://search.yahoo...rtPage?}&fr=ie8
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1519497777-177528772-3543348537-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.n...X_WEB_Win32.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-23 08:11 - 2015-01-23 08:12 - 00012395 _____ () C:\Users\Kelly\Desktop\FRST.txt
2015-01-23 08:11 - 2015-01-23 08:11 - 00000000 ____D () C:\FRST
2015-01-23 08:08 - 2015-01-23 08:08 - 02126848 _____ (Farbar) C:\Users\Kelly\Desktop\FRST64.exe
2015-01-22 16:09 - 2015-01-22 19:27 - 00080416 _____ () C:\Users\Kelly\Desktop\Extras.Txt
2015-01-22 16:09 - 2015-01-22 16:09 - 00079502 _____ () C:\Users\Kelly\Desktop\OTL.Txt
2015-01-22 15:58 - 2015-01-22 15:58 - 00602112 _____ (OldTimer Tools) C:\Users\Kelly\Desktop\OTL.exe
2015-01-22 15:25 - 2015-01-22 15:25 - 00008704 _____ () C:\Users\Kelly\Documents\geeks to go.wps
2015-01-21 21:11 - 2015-01-21 21:11 - 00093818 _____ () C:\Users\Kelly\AppData\Local\recently-used.xbel
2015-01-20 15:43 - 2015-01-20 15:43 - 00011776 _____ () C:\Users\Kelly\Documents\wilson.wps
2015-01-20 11:54 - 2015-01-20 11:54 - 00016896 _____ () C:\Users\Kelly\Documents\Cross The Line Member Agreement 2.wps
2015-01-20 11:51 - 2015-01-20 11:52 - 00030503 _____ () C:\Users\Kelly\Downloads\Band Member Agreement Take 2.zip
2015-01-19 20:22 - 2015-01-19 21:46 - 00031232 _____ () C:\Users\Kelly\Documents\CROSS THE LINE CONTRACT DRAFT.wps
2015-01-19 20:12 - 2015-01-19 20:12 - 00032374 _____ () C:\Users\Kelly\Downloads\Draft Band Member Agreement.zip
2015-01-19 17:41 - 2015-01-19 17:41 - 00016384 _____ () C:\Users\Kelly\Documents\Three Cheers For Five Years Lyrics.wps
2015-01-16 12:54 - 2015-01-16 12:54 - 00270720 _____ () C:\Windows\Minidump\011615-41199-01.dmp
2015-01-16 12:54 - 2015-01-16 12:54 - 00000000 ____D () C:\Windows\Minidump
2015-01-16 12:53 - 2015-01-16 12:53 - 286060936 _____ () C:\Windows\MEMORY.DMP
2015-01-15 19:33 - 2015-01-15 19:33 - 00000622 _____ () C:\Users\Kelly\Downloads\takeownership.zip
2015-01-15 16:33 - 2015-01-15 16:39 - 00011776 _____ () C:\Users\Kelly\Documents\believe lyrics.wps
2015-01-15 12:54 - 2015-01-15 12:54 - 00000000 ____D () C:\ProgramData\BitDefender
2015-01-15 12:48 - 2015-01-15 12:48 - 00010752 _____ () C:\Users\Kelly\Documents\ad aware lavasoft registration key.wps
2015-01-15 12:45 - 2015-01-15 19:54 - 00002288 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-15 12:45 - 2015-01-15 19:54 - 00002288 _____ () C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2015-01-15 12:45 - 2015-01-15 12:45 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Lavasoft
2015-01-15 12:45 - 2015-01-15 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-15 12:41 - 2015-01-15 12:41 - 00000000 ____D () C:\Program Files\Lavasoft
2015-01-15 12:40 - 2015-01-15 12:40 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-01-15 12:38 - 2015-01-15 12:38 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-14 20:36 - 2015-01-14 20:36 - 01054400 _____ (Adobe) C:\Users\Kelly\Downloads\install_flashplayer16x32ax_chrd_dn_awa_aih.exe
2015-01-14 19:18 - 2015-01-23 08:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 19:18 - 2015-01-22 22:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 19:18 - 2015-01-22 22:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 19:18 - 2015-01-22 22:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 12:55 - 2015-01-14 12:55 - 00003114 _____ () C:\Windows\System32\Tasks\{D4A4982A-88D2-470E-8CF6-7CB6E19C996A}
2015-01-14 12:06 - 2015-01-22 19:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 12:06 - 2015-01-16 15:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 12:06 - 2015-01-14 12:06 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 12:06 - 2015-01-14 12:06 - 00001109 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 12:06 - 2015-01-14 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 12:06 - 2015-01-14 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 12:06 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 12:06 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-14 12:06 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-13 18:06 - 2015-01-13 18:06 - 00001469 _____ () C:\Users\Kelly\Documents\mwb 1.txt
2015-01-13 18:05 - 2015-01-13 18:05 - 00000000 ____D () C:\Users\Kelly\Documents\Malwarebytes scan log results
2015-01-11 20:02 - 2015-01-16 15:41 - 00000000 ____D () C:\Users\Kelly\Downloads\Autoruns best
2015-01-11 20:01 - 2015-01-11 20:01 - 00511633 _____ () C:\Users\Kelly\Downloads\Autoruns best.zip
2015-01-11 19:59 - 2015-01-11 19:59 - 00027648 _____ () C:\Users\Kelly\Documents\autoruns symbols.wps
2015-01-11 19:39 - 2015-01-11 19:39 - 00001087 _____ () C:\Users\Kelly\Documents\Documents - Shortcut.lnk
2015-01-11 10:41 - 2015-01-19 13:01 - 00013824 _____ () C:\Users\Kelly\Documents\uptown funk lyrics.wps
2015-01-11 10:28 - 2015-01-11 10:28 - 02931184 _____ () C:\Users\Kelly\Documents\football mc logo transparent100 red background plus transparency 300dpi.xcf
2015-01-10 23:48 - 2015-01-10 23:49 - 00654928 _____ () C:\Users\Kelly\Documents\kaspersky report2.txt
2015-01-10 23:48 - 2015-01-10 23:48 - 00654928 _____ () C:\Users\Kelly\Documents\kaspersky report1.txt
2015-01-10 18:50 - 2015-01-10 18:50 - 00000886 _____ () C:\Users\Kelly\Downloads\exe_fix_w7.zip
2015-01-10 13:33 - 2015-01-10 13:33 - 00012800 _____ () C:\Users\Kelly\Documents\JEWELRY CLEANER2.wps
2015-01-05 11:18 - 2015-01-05 11:18 - 00110870 _____ () C:\Users\Kelly\Documents\high five hand with alpha.xcf
2015-01-05 09:58 - 2015-01-05 10:09 - 00116755 _____ () C:\Users\Kelly\Documents\high five for not killing you.xcf
2015-01-04 20:16 - 2015-01-04 20:16 - 00117597 _____ () C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY maybe.xcf
2015-01-03 20:12 - 2015-01-03 20:19 - 00008704 _____ () C:\Users\Kelly\Documents\Dish Info.wps
2015-01-03 18:42 - 2015-01-04 20:27 - 00120557 _____ () C:\Users\Kelly\Documents\HIGH FIVE WITH HAND AND TRANSPARENCY.xcf
2014-12-31 23:06 - 2015-01-01 10:10 - 00237206 _____ () C:\Users\Kelly\Documents\Health Insurance - Jenny Morse Mandel.zip
2014-12-29 12:56 - 2014-12-29 13:00 - 04147416 _____ () C:\Users\Kelly\Documents\football mc logo transparent.xcf
2014-12-27 23:20 - 2014-12-27 23:20 - 00012800 _____ () C:\Users\Kelly\Documents\iexplore removal from ehow.wps
2014-12-26 22:32 - 2014-12-26 22:32 - 00069632 _____ () C:\Users\Kelly\Documents\log power shell.evtx
2014-12-26 22:31 - 2014-12-26 22:31 - 01052672 _____ () C:\Users\Kelly\Documents\event logs.evtx
2014-12-26 16:57 - 2015-01-21 08:10 - 00001456 _____ () C:\Windows\setupact.log
2014-12-26 16:57 - 2014-12-26 16:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-26 16:52 - 2014-12-26 16:52 - 00011776 _____ () C:\Users\Kelly\Documents\let it go lyrics.wps
2014-12-24 11:47 - 2014-12-24 11:47 - 00047104 _____ () C:\Users\Kelly\Documents\collage.wps
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-23 08:03 - 2014-05-26 00:08 - 01321941 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 18:47 - 2014-06-06 18:32 - 00000000 ____D () C:\ProgramData\Kodak
2015-01-22 15:25 - 2014-05-27 17:46 - 00012470 _____ () C:\Users\Kelly\AppData\Roaming\wklnhst.dat
2015-01-21 21:46 - 2014-07-12 11:10 - 00000000 ____D () C:\Users\Kelly\.gimp-2.8
2015-01-21 21:11 - 2014-07-12 11:28 - 00000000 ____D () C:\Users\Kelly\AppData\Local\gtk-2.0
2015-01-21 08:15 - 2014-12-20 18:54 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 08:15 - 2014-12-20 18:54 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 08:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 12:29 - 2014-10-26 20:22 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-20 12:28 - 2014-12-14 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-01-20 12:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-20 12:26 - 2014-12-14 19:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-01-19 14:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2015-01-16 15:49 - 2009-08-28 05:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-16 15:49 - 2009-08-28 05:41 - 00000000 ____D () C:\Windows\OOBEOffer
2015-01-16 15:49 - 2009-08-28 05:40 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-16 15:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-16 15:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\addins
2015-01-16 15:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-01-16 15:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-01-16 15:49 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ras
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\th-TH
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sppui
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ras
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\icsxml
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ias
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\he-IL
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\et-EE
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\com
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-16 15:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2015-01-16 15:48 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-16 15:48 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-16 15:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-16 15:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-16 15:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-16 15:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2015-01-16 15:44 - 2014-05-26 00:07 - 00000000 ____D () C:\Windows\SysWOW64\x64
2015-01-16 15:44 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-01-16 15:44 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-01-16 15:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2015-01-16 15:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2015-01-16 15:43 - 2014-12-14 19:54 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-01-16 15:43 - 2014-07-29 11:17 - 00000000 ____D () C:\Windows\SysWOW64\20-20 Technologies
2015-01-16 15:43 - 2014-06-09 15:02 - 00000000 ____D () C:\Windows\system32\kodak
2015-01-16 15:43 - 2014-06-06 18:36 - 00000000 ____D () C:\Windows\SysWOW64\kodak
2015-01-16 15:43 - 2014-05-30 11:13 - 00000000 ____D () C:\Windows\system32\SPReview
2015-01-16 15:43 - 2014-05-29 06:16 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-01-16 15:43 - 2014-05-26 00:07 - 00000000 ____D () C:\Windows\SysWOW64\Lang
2015-01-16 15:43 - 2009-08-28 06:03 - 00000000 ____D () C:\Windows\System32\Tasks\Recovery Management
2015-01-16 15:43 - 2009-08-28 05:59 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\nti
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\winrm
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\WCN
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\slmgr
2015-01-16 15:43 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-01-16 15:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2015-01-16 15:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-16 15:43 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spp
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spool
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Speech
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\SMI
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NetworkList
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-16 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\IME
2015-01-16 15:42 - 2014-12-20 20:19 - 00000000 ____D () C:\Windows\pss
2015-01-16 15:42 - 2014-12-14 19:54 - 00000000 ____D () C:\Windows\system32\1033
2015-01-16 15:42 - 2009-07-14 02:45 - 00000000 ____D () C:\Windows\ShellNew
2015-01-16 15:41 - 2014-12-20 19:15 - 00000000 ____D () C:\Users\Kelly\Desktop\mbar
2015-01-16 15:41 - 2014-12-06 20:36 - 00000000 ____D () C:\Users\Kelly\Downloads\ProcessExplorer
2015-01-16 15:41 - 2014-11-02 11:04 - 00000000 ____D () C:\Users\Kelly\Downloads\Autoruns
2015-01-16 15:41 - 2014-07-17 21:47 - 00000000 ____D () C:\Users\Kelly\AppData\Local\OurrarUdl
2015-01-16 15:41 - 2014-06-26 22:43 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Skype
2015-01-16 15:41 - 2014-06-13 12:56 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Audacity
2015-01-16 15:41 - 2014-06-08 16:27 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\AnvSoft
2015-01-16 15:41 - 2014-06-03 12:54 - 00000000 ____D () C:\Windows\en
2015-01-16 15:41 - 2014-05-25 21:19 - 00000000 ___RD () C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-16 15:41 - 2014-05-25 21:19 - 00000000 ___RD () C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 15:41 - 2009-08-28 06:28 - 00000000 ____D () C:\Windows\DeployWinRE
2015-01-16 15:38 - 2014-10-31 13:55 - 00000000 ____D () C:\Program Files\iTunes
2015-01-16 15:38 - 2014-09-22 10:32 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-16 15:38 - 2014-09-21 10:39 - 00000000 ____D () C:\Program Files\iPod
2015-01-16 15:38 - 2014-09-21 10:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-16 15:38 - 2014-07-24 10:50 - 00000000 ____D () C:\Program Files\GIMP 2
2015-01-16 15:38 - 2014-06-09 14:29 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Eastman_Kodak_Company
2015-01-16 15:38 - 2014-06-05 18:57 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Microsoft Help
2015-01-16 15:38 - 2014-06-03 12:50 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-16 15:38 - 2014-05-27 05:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-16 15:38 - 2014-05-25 21:27 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-16 15:38 - 2014-05-25 21:25 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-16 15:38 - 2009-08-28 06:04 - 00000000 ____D () C:\Program Files\Google
2015-01-16 15:38 - 2009-08-28 06:01 - 00000000 ____D () C:\Program Files\Gateway
2015-01-16 15:38 - 2009-08-28 05:40 - 00000000 ____D () C:\Program Files\Realtek
2015-01-16 15:38 - 2009-08-28 05:36 - 00000000 ____D () C:\Program Files\CONEXANT
2015-01-16 15:38 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-16 15:38 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-16 15:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-16 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-16 15:20 - 2009-08-28 06:06 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-16 15:15 - 2014-05-26 08:41 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-16 15:10 - 2014-06-09 02:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-16 15:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2015-01-16 14:55 - 2014-06-26 22:43 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Skype
2015-01-16 14:55 - 2014-06-24 09:33 - 00000000 ____D () C:\Users\Kelly\Documents\tweaking.com_windows_repair_aio
2015-01-16 14:55 - 2014-05-25 22:11 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Adobe
2015-01-16 14:55 - 2014-05-25 21:23 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Macromedia
2015-01-16 14:44 - 2009-08-28 05:46 - 00000000 ____D () C:\Program Files\Preload
2015-01-16 14:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-16 14:43 - 2014-12-14 19:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-01-16 14:43 - 2009-08-28 05:47 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-16 14:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2015-01-16 13:03 - 2014-05-25 21:19 - 00000000 ____D () C:\Users\Kelly
2015-01-15 17:40 - 2014-11-25 09:47 - 00010752 _____ () C:\Users\Kelly\Documents\SSI username and password.wps
2015-01-14 19:23 - 2009-08-28 06:09 - 00991424 _____ () C:\Windows\PFRO.log
2015-01-14 19:18 - 2014-06-11 16:44 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Adobe
2015-01-14 17:38 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default
2015-01-14 17:00 - 2014-09-04 10:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Eastman_Kodak_Company
2015-01-14 17:00 - 2014-09-04 10:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Eastman_Kodak_Company
2015-01-14 12:57 - 2009-08-28 05:41 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-14 12:57 - 2009-08-28 05:41 - 00000000 ____D () C:\Program Files (x86)\Gateway Games
2015-01-14 12:57 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-14 12:55 - 2009-08-28 05:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2015-01-14 12:55 - 2009-08-28 05:41 - 00000000 ____D () C:\Program Files (x86)\Gateway
2015-01-14 12:54 - 2014-06-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-14 11:46 - 2009-07-14 00:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 18:43 - 2014-05-25 22:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 18:43 - 2014-05-25 22:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 17:52 - 2014-12-12 12:04 - 00000000 ____D () C:\Users\Kelly\AppData\Local\FileTypeAssistant
2015-01-13 16:31 - 2014-05-25 22:57 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-13 16:31 - 2014-05-25 22:56 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-11 18:05 - 2009-08-28 05:39 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2015-01-11 18:05 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-01-11 18:05 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-11 18:05 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 18:05 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-11 18:05 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 18:03 - 2014-12-12 16:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-11 18:03 - 2009-08-28 05:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2015-01-11 18:03 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-11 17:54 - 2014-12-07 16:12 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2015-01-11 17:54 - 2014-11-30 12:33 - 00000000 ____D () C:\Windows\erdnt
2015-01-11 17:54 - 2014-11-28 17:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 17:54 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Performance
2015-01-11 17:54 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2015-01-11 17:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2015-01-11 17:53 - 2014-06-04 14:58 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-11 17:53 - 2014-06-03 12:43 - 00000000 ___RD () C:\Users\Kelly\OneDrive
2015-01-11 17:50 - 2014-11-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-11 17:50 - 2014-07-17 21:40 - 00000000 ____D () C:\Program Files (x86)\YoutubeMusicDownloader
2015-01-11 17:50 - 2014-06-26 22:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-11 17:50 - 2014-05-25 21:25 - 00000000 ____D () C:\Program Files (x86)\Video Web Camera
2015-01-11 17:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-01-11 17:49 - 2014-09-22 10:32 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-11 17:49 - 2014-09-22 10:32 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-11 17:49 - 2014-09-21 10:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-11 17:49 - 2014-06-13 12:56 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-01-11 17:49 - 2014-06-09 14:19 - 00000000 ____D () C:\Program Files (x86)\Kodak
2015-01-11 17:49 - 2014-06-06 16:44 - 00000000 ____D () C:\Audio_Realtek_6.0.1.5904_Win7x86x64_NV74
2015-01-11 17:49 - 2014-06-03 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-11 17:49 - 2014-05-27 05:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-11 17:49 - 2009-08-28 06:26 - 00000000 ____D () C:\OEM
2015-01-11 17:49 - 2009-08-28 06:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-11 17:49 - 2009-08-28 05:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-11 16:20 - 2014-10-25 19:18 - 00000000 ____D () C:\Users\Administrator
2015-01-11 16:20 - 2014-06-24 18:27 - 00000000 ____D () C:\RegBackup
2015-01-11 16:16 - 2014-12-14 20:08 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-01-11 16:14 - 2009-08-28 05:36 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-11 16:14 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-11 16:13 - 2009-08-28 05:59 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2015-01-11 16:13 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-11 16:11 - 2014-12-14 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-01-11 16:10 - 2014-12-14 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2015-01-11 16:09 - 2014-08-05 09:25 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-11 16:06 - 2014-06-08 16:26 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2015-01-11 16:06 - 2009-08-28 06:05 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-11 16:04 - 2009-08-28 05:46 - 00000000 __RHD () C:\MSOCache
2015-01-11 00:47 - 2014-06-19 12:15 - 00009216 _____ () C:\Users\Kelly\Documents\facebook happy birthday.wps
2015-01-10 13:40 - 2014-06-19 12:55 - 00009728 _____ () C:\Users\Kelly\Documents\jewelry cleaner.wps
2015-01-08 09:55 - 2014-05-25 21:31 - 00298120 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 12:51 - 2014-08-02 16:03 - 00010240 _____ () C:\Users\Kelly\Documents\capital one.wps
2015-01-05 13:47 - 2014-11-03 14:20 - 00008704 _____ () C:\Users\Kelly\Documents\stannie's address.wps
2015-01-04 11:31 - 2014-10-10 21:35 - 00007605 _____ () C:\Users\Kelly\AppData\Local\Resmon.ResmonCfg
2014-12-31 22:21 - 2014-11-30 12:33 - 00000000 ___RD () C:\Qoobox
2014-12-31 22:13 - 2014-06-08 16:28 - 00000000 ____D () C:\Users\Kelly\.cache
2014-12-27 22:44 - 2014-06-11 16:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
==================== Files in the root of some directories =======
2014-06-13 13:06 - 2014-06-13 13:06 - 0001102 _____ () C:\Program Files (x86)\AnvSoft - Shortcut.lnk
2014-12-14 17:59 - 2014-12-12 13:33 - 53303296 _____ () C:\Program Files (x86)\Silverlight.msp
2014-05-27 17:46 - 2015-01-22 15:25 - 0012470 _____ () C:\Users\Kelly\AppData\Roaming\wklnhst.dat
2014-06-06 16:38 - 2014-06-06 16:39 - 0005104 _____ () C:\Users\Kelly\AppData\Local\HWVendorDetection.log
2014-06-09 14:30 - 2014-06-09 14:30 - 0000236 _____ () C:\Users\Kelly\AppData\Local\LaunchHomeCenter.log
2015-01-21 21:11 - 2015-01-21 21:11 - 0093818 _____ () C:\Users\Kelly\AppData\Local\recently-used.xbel
2014-10-10 21:35 - 2015-01-04 11:31 - 0007605 _____ () C:\Users\Kelly\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 09:30
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Kelly at 2015-01-23 08:12:37
Running from C:\Users\Kelly\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3002 - Acer Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3004 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.7.0730 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Gateway Incorporated)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.56 - Conexant Systems)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Gateway)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1519497777-177528772-3543348537-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1519497777-177528772-3543348537-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.46.715 - Chicony Electronics Co.,Ltd.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1519497777-177528772-3543348537-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519497777-177528772-3543348537-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519497777-177528772-3543348537-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519497777-177528772-3543348537-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1519497777-177528772-3543348537-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kelly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-12-2014 08:30:55 Windows Update
06-12-2014 07:52:39 Windows Update
07-12-2014 10:24:17 Windows Update
07-12-2014 14:29:15 Restore Operation
12-12-2014 12:05:05 avast! antivirus system restore point
12-12-2014 12:25:44 Windows Update
12-12-2014 13:13:55 Windows Update
13-12-2014 10:21:33 Windows Update
14-12-2014 09:57:55 Windows Update
14-12-2014 10:44:26 avast! antivirus system restore point
14-12-2014 19:20:27 Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4
14-12-2014 22:31:44 Removed Prerequisites for SSDT
15-12-2014 09:32:13 Windows Update
16-12-2014 08:35:29 Windows Update
16-12-2014 09:49:42 AA11
17-12-2014 08:32:14 Windows Update
17-12-2014 12:19:18 AA11
18-12-2014 07:51:39 Windows Update
19-12-2014 07:41:16 Windows Update
19-12-2014 07:51:49 AA11
20-12-2014 07:58:42 Windows Update
21-12-2014 09:56:17 Windows Update
22-12-2014 03:00:12 Windows Update
23-12-2014 03:00:11 Windows Update
23-12-2014 18:06:22 Restore Operation
24-12-2014 09:14:51 Windows Update
25-12-2014 09:12:34 Windows Update
27-12-2014 09:56:21 Windows Update
28-12-2014 09:29:46 Windows Update
28-12-2014 20:35:43 Windows Update
28-12-2014 20:44:54 Windows Update
05-01-2015 10:56:08 Scheduled Checkpoint
11-01-2015 11:02:17 Restore Operation
14-01-2015 11:49:05 AA11
14-01-2015 12:50:04 Removed Microsoft SQL Server Data Tools - enu (12.0.41012.0)
14-01-2015 12:51:44 Removed Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
14-01-2015 12:52:40 Removed Microsoft SQL Server 2014 Transact-SQL ScriptDom
14-01-2015 12:53:44 Removed Microsoft SQL Server Compact 4.0 SP1 x64 ENU
15-01-2015 12:38:55 AA11
16-01-2015 08:47:14 Restore Operation
20-01-2015 12:15:58 Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4
20-01-2015 12:22:37 Visual Studio 2013 Update 4 (KB2829760)
21-01-2015 08:35:12 Windows Backup
21-01-2015 09:34:37 Windows Backup
21-01-2015 09:36:24 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-06-24 19:24 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E5FADD6-5ACE-4E38-BDC8-5CF9B10BAEE5} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
Task: {2A4A440E-1036-4878-A0F6-12A027F3995D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-22] (Adobe Systems Incorporated)
Task: {378949AC-89B1-4D4D-B05D-434D7A869A42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {6E2B8484-9A71-47C9-BB8E-A21FC4A3CEFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {8CBC52E6-A71C-44E4-BC04-11A69CB3D793} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {9E3ECC7B-242E-47F1-ACED-F53943DEBE87} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {A5CCFA8A-9225-4A5E-884D-60CA6256BFC2} - System32\Tasks\{D4A4982A-88D2-470E-8CF6-7CB6E19C996A} => pcalua.exe -a "C:\Program Files (x86)\Gateway\Identity Card\Uninstall.exe"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-02 19:33 - 2009-02-02 19:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 19:55 - 2008-09-28 19:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files (x86)\Video Web Camera\traybar.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1519497777-177528772-3543348537-500 - Administrator - Disabled)
Guest (S-1-5-21-1519497777-177528772-3543348537-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1519497777-177528772-3543348537-1002 - Limited - Enabled)
Kelly (S-1-5-21-1519497777-177528772-3543348537-1001 - Administrator - Enabled) => C:\Users\Kelly
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/22/2015 00:48:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"1".
Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/22/2015 00:48:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0"1".
Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/21/2015 08:40:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program gimp-2.8.exe version 2.8.10.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 519c
Start Time: 01d035e4405ea08c
Termination Time: 10
Application Path: C:\Program Files\GIMP 2\bin\gimp-2.8.exe
Report Id: 95c7c72e-a1d7-11e4-95fa-00262265ba35
Error: (01/20/2015 01:51:52 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
Error: (01/20/2015 01:51:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
Error: (01/20/2015 01:28:22 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
Error: (01/20/2015 01:28:20 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.VisualStudio.TeamFoundation, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
Error: (01/15/2015 06:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: msi.dll, version: 5.0.7601.18637, time stamp: 0x543c864f
Exception code: 0xc0000005
Fault offset: 0x00000000001f1046
Faulting process id: 0x478
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (01/15/2015 00:33:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: bfc
Start Time: 01d030e9235fb940
Termination Time: 0
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 8a74b007-9cdc-11e4-b209-00262265ba35
Error: (01/13/2015 01:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 68.1.168.192.in-addr.arpa. PTR Kelly-PC.local.
System errors:
=============
Error: (01/23/2015 08:02:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%1079
Error: (01/23/2015 08:02:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error:
%%1079
Error: (01/23/2015 08:02:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%1079
Error: (01/23/2015 08:02:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error:
%%1079
Error: (01/23/2015 08:02:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%1079
Error: (01/23/2015 08:02:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error:
%%1079
Error: (01/22/2015 10:28:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%1079
Error: (01/22/2015 10:28:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error:
%%1079
Error: (01/22/2015 10:28:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%1079
Error: (01/22/2015 10:28:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error:
%%1079
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-11-30 13:01:33.554
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-30 13:01:33.508
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-29 18:10:33.943
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-29 18:10:33.943
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-29 18:10:33.943
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-29 18:10:33.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-29 18:10:33.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-29 18:10:33.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-28 16:16:24.640
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-28 16:16:24.640
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 60%
Total physical RAM: 4025.98 MB
Available physical RAM: 1586.44 MB
Total Pagefile: 8050.14 MB
Available Pagefile: 5475 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:453.66 GB) (Free:246.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C170412A)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe 1,148 K 3,852 K 1204 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
ehmsas.exe 1,744 K 5,568 K 3852 Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
EKPrinterSDK.exe 1,732 K 5,124 K 1808 Status Monitor SDK for KODAK AiO Printer (32-Bit Intel® Pentium 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
ePowerSvc.exe 1,896 K 4,968 K 1608 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
FlashUtil64_16_0_0_257_ActiveX.exe 4,028 K 9,968 K 20828 Adobe® Flash® Player Installer/Uninstaller 16.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
lsm.exe 2,568 K 4,244 K 584
mbamscheduler.exe 4,640 K 9,704 K 1840 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamservice.exe 345,800 K 73,760 K 2004 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
MsSpellCheckingFacility.exe 3,464 K 8,704 K 17500 Microsoft Spell Checking Facility Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 1,744 K 6,476 K 4092
notepad.exe 9,352 K 24,872 K 7516
procexp.exe 2,212 K 7,144 K 10652 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
services.exe 6,480 K 12,664 K 504
smss.exe 448 K 1,092 K 256
svchost.exe 1,076 K 2,932 K 1580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,324 K 3,488 K 1764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,068 K 8,692 K 1628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,352 K 4,112 K 1256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,304 K 5,696 K 2540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,104 K 10,504 K 676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
UpdaterService.exe 1,216 K 4,004 K 1656 Acer Update Service Acer (Verified) Acer Incorporated
wininit.exe 1,480 K 4,404 K 456
winlogon.exe 2,804 K 7,136 K 544
WLIDSVCM.EXE 1,208 K 3,212 K 2284
svchost.exe < 0.01 44,648 K 29,264 K 2056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 14,884 K 18,500 K 1120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
OTL.exe < 0.01 14,848 K 28,216 K 5632
csrss.exe < 0.01 3,240 K 5,316 K 392
svchost.exe < 0.01 5,484 K 9,408 K 756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,680 K 13,288 K 1680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 155,304 K 162,608 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IScheduleSvc.exe 0.01 4,900 K 9,652 K 2040 Backup Manager Module NewTech Infosystems, Inc. (Verified) NewTech Infosystems
EKIJ5000MUI.exe 0.01 4,248 K 10,712 K 3836 Status Monitor for KODAK AiO Printer (64-Bit AMD Athlon/Opteron Build) Eastman Kodak Company (No signature was present in the subject) Eastman Kodak Company
svchost.exe 0.01 24,324 K 27,636 K 740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 24,240 K 38,656 K 988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 0.01 6,896 K 15,748 K 2120
svchost.exe 0.01 25,308 K 25,952 K 844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.02 58,796 K 63,944 K 2148 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.02 30,172 K 62,924 K 10968 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 0.02 4,496 K 11,740 K 1236 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 0.04 14,692 K 23,284 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.05 9,556 K 16,868 K 576 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
GregHSRW.exe 0.07 1,492 K 4,816 K 1704 Global Registration Service Acer Incorporated (Verified) Acer Incorporated
iexplore.exe 0.15 75,760 K 92,616 K 8340 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
EKAiOHostService.exe 0.24 26,564 K 32,788 K 1784 EKAiOHostService Module for Kodak AiO Printers Eastman Kodak Company (Verified) Eastman Kodak Company
spoolsv.exe 0.30 13,196 K 23,164 K 1088 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.37 100,536 K 127,504 K 704 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ALU.exe 0.40 46,380 K 70,076 K 13700 Updater Client Acer (Verified) Acer Incorporated
taskhost.exe 0.69 17,100 K 21,264 K 2612 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
System 0.84 2,284 K 107,480 K 4
csrss.exe 1.45 2,796 K 51,692 K 472
mbam.exe 2.29 40,040 K 60,264 K 2180
Interrupts 2.90 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 3.67 66,796 K 46,356 K 2512 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 13.42 23,512 K 45,036 K 20904 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
iexplore.exe 22.95 215,988 K 258,148 K 7824 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 50.02 0 K 24 K 0
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-01-23 08:36:25
-----------------------------
08:36:25.051 OS Version: Windows x64 6.1.7601 Service Pack 1
08:36:25.051 Number of processors: 2 586 0x170A
08:36:25.051 ComputerName: KELLY-PC UserName: Kelly
08:36:26.455 Initialize success
08:36:26.533 VM: initialized successfully
08:36:26.533 VM: Intel CPU virtualization not supported
08:44:14.351 AVAST engine defs: 15012300
08:44:52.415 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:44:52.415 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60F Size: 476940MB BusType: 11
08:44:52.555 Disk 0 MBR read successfully
08:44:52.571 Disk 0 MBR scan
08:44:52.571 Disk 0 Windows 7 default MBR code
08:44:52.586 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
08:44:52.602 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
08:44:52.602 Disk 0 default boot code
08:44:52.633 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464545 MB offset 25382700
08:44:52.758 Disk 0 scanning C:\Windows\system32\drivers
08:45:01.603 Service scanning
08:45:37.329 Modules scanning
08:45:38.749 AVAST engine scan C:\Windows
08:45:41.697 AVAST engine scan C:\Windows\system32
08:49:32.177 AVAST engine scan C:\Windows\system32\drivers
08:49:43.721 AVAST engine scan C:\Users\Kelly
09:06:42.969 AVAST engine scan C:\ProgramData
09:07:48.817 Disk 0 statistics 4671664/0/0 @ 2.10 MB/s
09:07:48.817 Scan finished successfully
09:09:00.889 Disk 0 MBR has been saved successfully to "C:\Users\Kelly\Desktop\MBR.dat"
09:09:00.889 The log file has been saved successfully to "C:\Users\Kelly\Desktop\aswMBR.txt"
Edited by tink03, 23 January 2015 - 08:11 AM.