smartresult.org hijack

Status
Not open for further replies.
Hi josie869,

Go ahead and uninstall ERUNT, right now there is no need reinstall it.

- - - - - Next - - - - -

Using Windows Explorer (Windows Key + E), locate the following folder, and DELETE it (if still present):
  • C:\windows\ERDNT <-- delete the folder
Exit Explorer

- - - - - Next - - - - -

Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
O4 - Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled ()
[2013/03/28 18:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/03/28 18:25:29 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/03/28 18:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/03/28 18:25:06 | 000,001,106 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled
[2013/03/28 18:24:56 | 000,000,907 | ---- | M] () -- C:\Users\Kathy\Desktop\ERUNT.lnk 

:Commands
[purity]
[createrestorepoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
In your next post please provide the following:
  • OTL.txt
  • Any remaining issues?
 
OTL logfile created on: 4/4/2013 7:41:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.26 Gb Available Physical Memory | 72.14% Memory free
11.81 Gb Paging File | 9.95 Gb Available in Paging File | 84.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 395.78 Gb Free Space | 87.75% Space Free | Partition Type: NTFS

Computer Name: KATHY-PC-LAPTOP | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/29 21:49:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Downloads\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/21 14:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
PRC - [2012/07/27 16:51:36 | 000,038,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012/07/27 13:51:26 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/02/01 12:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 14:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 14:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/05/19 03:16:34 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/04/13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/06 01:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/13 20:39:59 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/10 22:38:49 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/10 22:38:01 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013/01/10 07:57:29 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 07:56:58 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 07:56:48 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 07:56:29 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 07:56:26 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 07:56:17 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 07:56:09 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 07:56:05 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 07:56:04 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 07:55:32 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/08/21 14:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
MOD - [2012/02/01 12:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 12:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 12:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/25 00:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/08/08 09:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 23:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 22:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 22:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 14:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/03/12 22:41:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 23:53:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/09 10:22:48 | 000,187,912 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012/07/27 13:51:26 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/20 23:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/28 18:41:44 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 19:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/20 18:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/07/20 18:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/07/19 20:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/07/19 17:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/06/21 17:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/21 17:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/05/19 03:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/10 15:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/26 15:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/12/09 02:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/09 02:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/09 02:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/26 10:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
[2013/03/07 23:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 23:53:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 17:56:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/17 08:35:59 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/03/28 18:41:59 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/26 22:08:35 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/31 20:57:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8820CB3A-CF59-4158-8AD8-276E5365268C}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/02 20:36:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\jo's tools
[2013/04/02 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\Old Firefox Data
[2013/04/01 19:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/01 19:21:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/31 21:03:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/31 21:00:04 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/30 20:01:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/30 20:01:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/30 20:01:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/30 19:58:34 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Documents\ProcAlyzer Dumps
[2013/03/30 19:38:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/30 19:36:56 | 005,045,447 | R--- | C] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/30 19:29:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/30 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\rkill
[2013/03/29 22:24:25 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\RK_Quarantine
[2013/03/28 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\WinZip
[2013/03/28 18:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/03/28 18:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/03/28 18:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/03/28 18:41:53 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/26 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Malwarebytes
[2013/03/26 19:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/26 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/26 19:22:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/03/26 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/25 20:30:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/25 19:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/25 19:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/25 19:23:58 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Programs
[2013/03/24 11:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames
[2013/03/16 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Sonic
[2013/03/15 20:30:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/15 20:30:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/15 20:30:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/15 20:30:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/15 20:30:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/15 20:30:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/15 20:30:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/15 20:30:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/15 20:30:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/15 20:30:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/15 20:30:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/15 20:30:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/15 20:30:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/15 20:30:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/15 20:30:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/15 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2013/03/13 10:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 10:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/13 06:43:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/03/13 06:42:54 | 000,000,000 | ---D | C] -- C:\23486ff927f0f78691e0d6a5
[2013/03/07 23:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/04 19:41:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/04/04 19:39:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/04 19:39:37 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 19:32:23 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/04 19:32:23 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/04 19:32:23 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/04 19:31:16 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 19:31:16 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/03 17:30:26 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | M] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | M] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/02 20:21:49 | 000,017,430 | ---- | M] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | M] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:08:20 | 000,026,098 | ---- | M] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 20:57:56 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/03/31 20:45:57 | 005,045,447 | R--- | M] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/31 14:13:21 | 000,054,450 | ---- | M] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 19:26:52 | 002,218,636 | ---- | M] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:29 | 000,000,121 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:42:13 | 000,000,062 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:54:28 | 671,966,193 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/03/28 18:46:58 | 000,003,534 | ---- | M] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/28 18:41:44 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/26 19:22:46 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/25 22:23:30 | 000,468,776 | ---- | M] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | M] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2013/03/12 22:41:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 22:41:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/12 19:42:07 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SyncUP.lnk
[2013/03/12 19:40:49 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/03 17:30:26 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | C] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | C] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/01 22:21:46 | 000,017,430 | ---- | C] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | C] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:07:50 | 000,026,098 | ---- | C] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 14:13:17 | 000,054,450 | ---- | C] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 20:01:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/30 20:01:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/30 20:01:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/30 20:01:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/30 20:01:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/30 19:26:50 | 002,218,636 | ---- | C] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:22 | 000,000,121 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:42:13 | 000,000,062 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:46:58 | 000,003,534 | ---- | C] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/26 19:22:46 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/25 22:23:30 | 000,468,776 | ---- | C] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | C] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/05/05 16:19:46 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/05/05 16:19:46 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/05/05 16:19:46 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/05/05 16:19:46 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/05/05 16:19:46 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/05/05 16:19:46 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/05/05 16:19:46 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/05/05 16:19:46 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/05/05 16:19:46 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/05/05 16:19:46 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/05/05 16:19:46 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/05/05 16:19:46 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2011/12/09 03:24:37 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/12/09 03:24:37 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/12/09 03:24:37 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/12/09 03:24:36 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/12/09 03:24:36 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/12/09 03:24:03 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/12/09 03:23:56 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/12/09 03:23:56 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/12/09 03:23:56 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/12/09 03:23:56 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/12/09 03:23:56 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/12/09 02:08:03 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/12/09 02:03:18 | 000,774,004 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/09 02:00:05 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/07/29 07:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/29 07:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012/02/13 11:41:59 | 000,000,040 | ---- | M] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®
[2012/02/13 11:41:59 | 000,000,040 | ---- | C] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:60A4BB64
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:31106FCB
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:A039EDF9
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:96F8F8AB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E2C51D18
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:78696BCD
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:EE9B2879
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:C6104C4F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3D6B89CE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:DE6EED8B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:A73595DE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:8FC1A8C4
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:24C89EFC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:BE6B5FC3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CBAB74CB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:25F31665
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:254AD2ED
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A6345BDA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93B68122
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:DF0DB8AB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:5ACE199E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:5C5F2761
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:217A2324
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:583FE1DA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:60E0AB2A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4E243396
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E3B5F2D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4A01545C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3BC173E4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0410A323
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:91FFEC32
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5C42F64A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4AA3DAA3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:0F3F6B1E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CD9109D4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C434694E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E895790F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:934CA750
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:53DF4438
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A8DFD30C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7FD60FAD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:43982D5E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4244811A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DE9AC04F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:937C8022
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7BB20DE8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5EFEB6A1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3B454A5C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:CB16385F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7D04F8E2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6E65510A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2F474C84
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2A874675
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E945C214
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E8CB831A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9725F1BC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:134FBDE2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BEADDC0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2636DE16
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F1C8B957
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ED51D3ED
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D115F6E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:0CEE6109
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:084612C9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:85EA4795
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F2327E82
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E6CDFB4A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:93D985FC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:769BB147
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:302ECBD6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D7D0B4AF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A05F750A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:C9CDDE5E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DE9F4320
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:070D9534
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F7401CCF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F0A06891
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B0EB578B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:95079543
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7C412B92
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F41E22A9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:03A039A3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:517EFA90
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3D922890
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C5EC3CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:33B04540
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:B3433EF1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:C0A9D0E7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A4F63AED
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:6407DD2D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2E0B7D8A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:620EC79A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:7CEDF9F3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C36B1175
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:3C282BEA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DBEF355E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:90D89144

< End of report >
 
still getting the mcafee error
I'm not going to reinstall mcafee so we can just delete whatever is causing that error
I will install norton once we get this issue resolved
 
Hi josie869,

Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)
  • Vista-W7 Users: You must right-click on "RevoUninProSetup.exe", and select "Run As Administrator" to install. If UAC prompts, allow it.
  • From the list of programs click on
    • McAfee (any & all listed)
  • Chose "Uninstall". When prompted click Yes.
  • Make sure the advanced option is checked... then click Next.
  • The program will run, when prompted... click Yes... then Next.
  • Once the program has searched for leftovers click Next.
  • Check ONLY the bolded items on the list then... click Next... then Yes.
  • When done click Finish.
- - - - - Next - - - - -

If no McAfee items are found with Revo-Uninstaller continue on with the next step.

- - - - - Next - - - - -

Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
[2013/03/17 08:35:59 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

:Files
C:\Program Files\McAfee

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
In your next post please provide the following:
  • OTL.txt
  • Any remaining issues?
 
mcaffe wasn't found in the first program but the issue still comes up on reboot

here is the log
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com deleted successfully.
File C:\Program Files\McAfee\MSK not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.
========== FILES ==========
File\Folder C:\Program Files\McAfee not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathy
->Temp folder emptied: 2384072 bytes
->Temporary Internet Files folder emptied: 16548205 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16108690 bytes
->Flash cache emptied: 1149 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 532322 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84927 bytes
RecycleBin emptied: 550765928 bytes

Total Files Cleaned = 559.00 mb

Error: Unable to interpret <Then click the Run Fix button at the top> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 04052013_214325

Files\Folders moved on Reboot...
C:\Users\Kathy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\windows\temp\TMP0000003113ABF03E71621432 moved successfully.
C:\windows\temp\TMP00000032C771127351D26A48 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Hi josie869,

McAfee Consumer Products Removal Tool
  • Download the utility MCPR.exe (MCPR (C) McAfee, Inc).
  • Right click and select "Run as Administrator"
  • Once the process of deleting McAfee products is over (the removal process may take a minute), the McAfee Cleanup window appears.
  • Click Yes to reboot your computer and to finish the removal process of McAfee products.
- - - - - Next - - - - -

Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
      Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
In your next post please provide the following:
  • Results of the MCPR tool
  • OTL.txt
  • How is the computer running?
 
still got the mcaffee error after running the removal tool
I haven't been using the computer except to do what you're telling me.
One thing though - all through this process, I don't think I have checked lop & purity on the otl.exe - they come up unchecked on opening. Not sure if that makes a difference.




OTL logfile created on: 4/6/2013 7:30:11 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 69.13% Memory free
11.81 Gb Paging File | 9.65 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 396.00 Gb Free Space | 87.80% Space Free | Partition Type: NTFS

Computer Name: KATHY-PC-LAPTOP | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kathy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (RoxWatch12) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/12/09 02:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/09 02:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/09 02:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/26 10:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
[2013/03/07 23:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 23:53:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 17:56:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/28 18:41:59 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/26 22:08:35 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/31 20:57:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8820CB3A-CF59-4158-8AD8-276E5365268C}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/05 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\VS Revo Group
[2013/04/05 21:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/04/05 21:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/04/05 21:39:08 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2013/04/05 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/04/05 21:38:03 | 009,918,712 | ---- | C] (VS Revo Group ) -- C:\Users\Kathy\Desktop\RevoUninProSetup.exe
[2013/04/02 20:36:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\jo's tools
[2013/04/02 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\Old Firefox Data
[2013/04/01 19:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/01 19:21:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/31 21:03:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/31 21:00:04 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/30 20:01:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/30 20:01:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/30 20:01:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/30 19:58:34 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Documents\ProcAlyzer Dumps
[2013/03/30 19:38:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/30 19:36:56 | 005,045,447 | R--- | C] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/30 19:29:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/30 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\rkill
[2013/03/29 22:24:25 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\RK_Quarantine
[2013/03/29 21:49:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
[2013/03/28 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\WinZip
[2013/03/28 18:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/03/28 18:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/03/28 18:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/03/28 18:41:53 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/26 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Malwarebytes
[2013/03/26 19:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/26 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/26 19:22:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/03/26 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/25 20:30:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/25 19:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/25 19:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/25 19:23:58 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Programs
[2013/03/24 11:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames
[2013/03/16 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Sonic
[2013/03/15 20:30:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/15 20:30:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/15 20:30:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/15 20:30:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/15 20:30:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/15 20:30:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/15 20:30:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/15 20:30:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/15 20:30:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/15 20:30:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/15 20:30:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/15 20:30:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/15 20:30:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/15 20:30:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/15 20:30:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/15 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2013/03/13 10:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 10:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/13 06:43:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/03/13 06:42:54 | 000,000,000 | ---D | C] -- C:\23486ff927f0f78691e0d6a5
[2013/03/07 23:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/04/06 07:27:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/06 07:27:35 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/06 07:27:07 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 07:27:07 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 07:25:12 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/06 07:25:12 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/06 07:25:12 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/06 07:23:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/04/05 21:39:09 | 000,001,103 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/04/05 21:39:09 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/04/05 21:38:04 | 009,918,712 | ---- | M] (VS Revo Group ) -- C:\Users\Kathy\Desktop\RevoUninProSetup.exe
[2013/04/03 17:30:26 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | M] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | M] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/02 20:21:49 | 000,017,430 | ---- | M] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | M] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:08:20 | 000,026,098 | ---- | M] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 20:57:56 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/03/31 20:45:57 | 005,045,447 | R--- | M] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/31 14:13:21 | 000,054,450 | ---- | M] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 19:26:52 | 002,218,636 | ---- | M] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:29 | 000,000,121 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:49:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
[2013/03/29 21:42:13 | 000,000,062 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:54:28 | 671,966,193 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/03/28 18:46:58 | 000,003,534 | ---- | M] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/28 18:41:44 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/26 19:22:46 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/25 22:23:30 | 000,468,776 | ---- | M] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | M] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2013/03/12 22:41:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 22:41:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/12 19:42:07 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SyncUP.lnk
[2013/03/12 19:40:49 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk

========== Files Created - No Company Name ==========

[2013/04/05 21:39:09 | 000,001,103 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/04/05 21:39:09 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/04/03 17:30:26 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | C] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | C] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/01 22:21:46 | 000,017,430 | ---- | C] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | C] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:07:50 | 000,026,098 | ---- | C] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 14:13:17 | 000,054,450 | ---- | C] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 20:01:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/30 20:01:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/30 20:01:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/30 20:01:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/30 20:01:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/30 19:26:50 | 002,218,636 | ---- | C] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:22 | 000,000,121 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:42:13 | 000,000,062 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:46:58 | 000,003,534 | ---- | C] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/26 19:22:46 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/25 22:23:30 | 000,468,776 | ---- | C] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | C] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/05/05 16:19:46 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/05/05 16:19:46 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/05/05 16:19:46 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/05/05 16:19:46 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/05/05 16:19:46 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/05/05 16:19:46 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/05/05 16:19:46 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/05/05 16:19:46 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/05/05 16:19:46 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/05/05 16:19:46 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/05/05 16:19:46 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/05/05 16:19:46 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2011/12/09 03:24:37 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/12/09 03:24:37 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/12/09 03:24:37 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/12/09 03:24:36 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/12/09 03:24:36 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/12/09 03:24:03 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/12/09 03:23:56 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/12/09 03:23:56 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/12/09 03:23:56 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/12/09 03:23:56 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/12/09 03:23:56 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/12/09 02:08:03 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/12/09 02:03:18 | 000,774,004 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/09 02:00:05 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/07/29 07:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/29 07:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012/02/13 11:41:59 | 000,000,040 | ---- | M] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®
[2012/02/13 11:41:59 | 000,000,040 | ---- | C] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:60A4BB64
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:31106FCB
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:A039EDF9
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:96F8F8AB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E2C51D18
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:78696BCD
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:EE9B2879
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:C6104C4F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3D6B89CE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:DE6EED8B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:A73595DE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:8FC1A8C4
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:24C89EFC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:BE6B5FC3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CBAB74CB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:25F31665
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:254AD2ED
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A6345BDA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93B68122
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:DF0DB8AB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:5ACE199E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:5C5F2761
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:217A2324
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:583FE1DA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:60E0AB2A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4E243396
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E3B5F2D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4A01545C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3BC173E4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0410A323
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:91FFEC32
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5C42F64A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4AA3DAA3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:0F3F6B1E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CD9109D4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C434694E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E895790F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:934CA750
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:53DF4438
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A8DFD30C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7FD60FAD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:43982D5E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4244811A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DE9AC04F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:937C8022
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7BB20DE8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5EFEB6A1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3B454A5C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:CB16385F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7D04F8E2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6E65510A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2F474C84
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2A874675
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E945C214
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E8CB831A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9725F1BC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:134FBDE2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BEADDC0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2636DE16
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F1C8B957
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ED51D3ED
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D115F6E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:0CEE6109
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:084612C9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:85EA4795
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F2327E82
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E6CDFB4A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:93D985FC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:769BB147
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:302ECBD6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D7D0B4AF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A05F750A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:C9CDDE5E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DE9F4320
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:070D9534
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F7401CCF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F0A06891
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B0EB578B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:95079543
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7C412B92
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F41E22A9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:03A039A3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:517EFA90
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3D922890
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C5EC3CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:33B04540
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:B3433EF1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:C0A9D0E7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A4F63AED
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:6407DD2D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2E0B7D8A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:620EC79A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:7CEDF9F3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C36B1175
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:3C282BEA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DBEF355E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:90D89144

< End of report >
 
Hi josie869,

The selection of LOP & Purity would not have an impact on this issue.

= = = = = = = = = = = = = = = = = = = =

Unfortunately it appears we will need to re-install McAfee so we can do a complete removal in order to get all the components.

With that in mind, re-install McAfee at this time. Then REBOOT.
(note if the error message is still present, if so take a screen shot)

- - - - - Next - - - - -

Re-run the MCPR tool again.

- - - - - Next - - - - -

Locate the Java Control Panel
  • Click on the Start button and then click on the Control Panel option.
  • In the Control Panel Search enter "Java Control Panel".
  • Click on the Java icon
    javacupicon.jpg
    to open the Java Control Panel.
Delete Temporary Files through the Java Control Panel
java4-1.jpg

  • In the Java Control Panel, under the General tab, click Settings under the Temporary Internet Files section.
    The Temporary Files Settings dialog box appears.
java5.jpg

  • Click Delete Files on the Temporary Files Settings dialog.
    The Delete Temporary Files dialog box appears.
java6.jpg

  • Click OK on the Delete Temporary Files dialog.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on the Temporary Files Settings dialog.
    Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.
- - - - - Next - - - - -

REBOOT

In your next post please provide the following:
  • Report if there is any change.
  • McAfee screenshot if available.
  • Any other issues?
 
Hi josie869,

Please navigate to the following folder and check to make sure Mcafee is not listed.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup

- - - - - Next - - - - -

Then go here : http://promos.mcafee.com/LegacyLp/en-us/affiliates/adobe/landingpages/np681.asp

and follow the steps at the bottom of the page to remove McAfee Security Scan Plus

Uninstall through the McAfee Security Scan Plus folder:

  • Under Start menu, go to all Programs
  • Open McAfee Security Scan Plus folder
  • Select “Uninstall
 
Hi josie869,

Then follow through with the 2nd step outlined in my previous post.

Reboot

Then recheck c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup and see if it is listed, if so delete it from the Startup folder. (do not delete the Startup folder, just the McAfee entries)

Reboot again, and see if the error is gone.
 
josie869 said:
it's not listed and there isn't a folder for it there
Click to expand...
Do you mean it's not listed to complete step 2?

Then just navigate to the Startup folder and delete the McAfee entry

Reboot, and check for the error.
 
Yes go ahead and install Norton.

Then re-run OTL for review

I will review the log after work this evening.
 
OTL logfile created on: 4/7/2013 12:40:03 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 68.07% Memory free
11.81 Gb Paging File | 9.58 Gb Available in Paging File | 81.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 395.18 Gb Free Space | 87.62% Space Free | Partition Type: NTFS

Computer Name: KATHY-PC-LAPTOP | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kathy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (RoxWatch12) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130406.008\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130406.008\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130107.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130113.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/12/09 02:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/09 02:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/09 02:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/04/07 12:38:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013/04/07 12:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/26 10:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
[2013/03/07 23:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 23:53:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 17:56:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/28 18:41:59 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/26 22:08:35 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/31 20:57:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8820CB3A-CF59-4158-8AD8-276E5365268C}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/07 12:39:31 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Documents\Symantec
[2013/04/07 12:38:10 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/04/07 12:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/04/07 12:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/04/07 12:37:45 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys
[2013/04/07 12:37:45 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys
[2013/04/07 12:37:45 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys
[2013/04/07 12:37:45 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\symnets.sys
[2013/04/07 12:37:45 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys
[2013/04/07 12:37:45 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys
[2013/04/07 12:37:45 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys
[2013/04/07 12:37:45 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymELAM.sys
[2013/04/07 12:37:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2013/04/07 12:37:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1403000.024
[2013/04/07 12:37:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/04/07 12:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013/04/07 12:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/04/07 12:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/04/07 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/04/07 12:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/04/05 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\VS Revo Group
[2013/04/05 21:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/04/05 21:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/04/05 21:39:08 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2013/04/05 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/04/05 21:38:03 | 009,918,712 | ---- | C] (VS Revo Group ) -- C:\Users\Kathy\Desktop\RevoUninProSetup.exe
[2013/04/02 20:36:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\jo's tools
[2013/04/02 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\Old Firefox Data
[2013/04/01 19:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/01 19:21:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/31 21:03:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/31 21:00:04 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/30 20:01:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/30 20:01:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/30 20:01:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/30 19:58:34 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Documents\ProcAlyzer Dumps
[2013/03/30 19:38:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/30 19:36:56 | 005,045,447 | R--- | C] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/30 19:29:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/30 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\rkill
[2013/03/29 22:24:25 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\RK_Quarantine
[2013/03/29 21:49:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
[2013/03/28 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\WinZip
[2013/03/28 18:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/03/28 18:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/03/28 18:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/03/28 18:41:53 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/26 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Malwarebytes
[2013/03/26 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/25 20:30:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/25 19:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/25 19:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/25 19:23:58 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Programs
[2013/03/24 11:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames
[2013/03/16 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Sonic
[2013/03/15 20:30:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/15 20:30:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/15 20:30:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/15 20:30:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/15 20:30:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/15 20:30:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/15 20:30:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/15 20:30:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/15 20:30:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/15 20:30:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/15 20:30:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/15 20:30:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/15 20:30:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/15 20:30:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/15 20:30:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/15 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2013/03/13 10:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 10:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/13 06:43:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/03/13 06:42:54 | 000,000,000 | ---D | C] -- C:\23486ff927f0f78691e0d6a5

========== Files - Modified Within 30 Days ==========

[2013/04/07 12:41:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/04/07 12:38:40 | 001,859,760 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/04/07 12:38:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/04/07 12:38:10 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/04/07 12:38:10 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/04/07 12:38:06 | 000,002,575 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/04/07 12:35:44 | 000,001,300 | ---- | M] () -- C:\Users\Kathy\Desktop\Norton Installation Files.lnk
[2013/04/07 12:35:18 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/07 12:35:18 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/07 12:32:37 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/07 12:32:37 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/07 12:32:37 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/07 12:27:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/07 12:27:38 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 21:39:09 | 000,001,103 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/04/05 21:39:09 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/04/05 21:38:04 | 009,918,712 | ---- | M] (VS Revo Group ) -- C:\Users\Kathy\Desktop\RevoUninProSetup.exe
[2013/04/03 17:30:26 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | M] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | M] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/02 20:21:49 | 000,017,430 | ---- | M] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | M] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:08:20 | 000,026,098 | ---- | M] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 20:57:56 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/03/31 20:45:57 | 005,045,447 | R--- | M] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/31 14:13:21 | 000,054,450 | ---- | M] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 19:26:52 | 002,218,636 | ---- | M] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:29 | 000,000,121 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:49:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
[2013/03/29 21:42:13 | 000,000,062 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:54:28 | 671,966,193 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/03/28 18:46:58 | 000,003,534 | ---- | M] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/28 18:41:44 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/25 22:23:30 | 000,468,776 | ---- | M] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | M] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2013/03/12 22:41:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 22:41:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/12 19:42:07 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SyncUP.lnk
[2013/03/12 19:40:49 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk

========== Files Created - No Company Name ==========

[2013/04/07 12:38:11 | 001,859,760 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/04/07 12:38:10 | 000,007,466 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/04/07 12:38:10 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/04/07 12:38:06 | 000,002,575 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/04/07 12:37:40 | 000,014,818 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymVTcer.dat
[2013/04/07 12:37:40 | 000,003,434 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymEFA.inf
[2013/04/07 12:37:40 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymDS.inf
[2013/04/07 12:37:40 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymNet.inf
[2013/04/07 12:37:40 | 000,001,438 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtsp64.inf
[2013/04/07 12:37:40 | 000,001,420 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtspx64.inf
[2013/04/07 12:37:40 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\symELAM.inf
[2013/04/07 12:37:40 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.inf
[2013/04/07 12:37:40 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\Iron.inf
[2013/04/07 12:37:39 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymELAM64.cat
[2013/04/07 12:37:39 | 000,007,611 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.cat
[2013/04/07 12:37:39 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\symnet64.cat
[2013/04/07 12:37:39 | 000,007,593 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\iron.cat
[2013/04/07 12:37:39 | 000,007,589 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtspx64.cat
[2013/04/07 12:37:39 | 000,007,587 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.cat
[2013/04/07 12:37:39 | 000,007,585 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtsp64.cat
[2013/04/07 12:37:39 | 000,007,581 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymDS64.cat
[2013/04/07 12:37:39 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\isolate.ini
[2013/04/07 12:35:44 | 000,001,300 | ---- | C] () -- C:\Users\Kathy\Desktop\Norton Installation Files.lnk
[2013/04/05 21:39:09 | 000,001,103 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/04/05 21:39:09 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/04/03 17:30:26 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | C] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | C] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/01 22:21:46 | 000,017,430 | ---- | C] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | C] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:07:50 | 000,026,098 | ---- | C] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 14:13:17 | 000,054,450 | ---- | C] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 20:01:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/30 20:01:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/30 20:01:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/30 20:01:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/30 20:01:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/30 19:26:50 | 002,218,636 | ---- | C] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:22 | 000,000,121 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:42:13 | 000,000,062 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:46:58 | 000,003,534 | ---- | C] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/25 22:23:30 | 000,468,776 | ---- | C] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | C] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/05/05 16:19:46 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/05/05 16:19:46 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/05/05 16:19:46 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/05/05 16:19:46 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/05/05 16:19:46 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/05/05 16:19:46 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/05/05 16:19:46 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/05/05 16:19:46 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/05/05 16:19:46 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/05/05 16:19:46 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/05/05 16:19:46 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/05/05 16:19:46 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2011/12/09 03:24:37 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/12/09 03:24:37 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/12/09 03:24:37 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/12/09 03:24:36 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/12/09 03:24:36 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/12/09 03:24:03 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/12/09 03:23:56 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/12/09 03:23:56 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/12/09 03:23:56 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/12/09 03:23:56 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/12/09 03:23:56 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/12/09 02:08:03 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/12/09 02:03:18 | 000,774,004 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/09 02:00:05 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/07/29 07:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/29 07:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012/02/13 11:41:59 | 000,000,040 | ---- | M] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®
[2012/02/13 11:41:59 | 000,000,040 | ---- | C] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:60A4BB64
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:31106FCB
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:A039EDF9
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:96F8F8AB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E2C51D18
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:78696BCD
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:EE9B2879
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:C6104C4F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3D6B89CE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:DE6EED8B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:A73595DE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:8FC1A8C4
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:24C89EFC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:BE6B5FC3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CBAB74CB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:25F31665
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:254AD2ED
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A6345BDA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93B68122
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:DF0DB8AB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:5ACE199E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:5C5F2761
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:217A2324
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:583FE1DA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:60E0AB2A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4E243396
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E3B5F2D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4A01545C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3BC173E4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0410A323
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:91FFEC32
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5C42F64A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4AA3DAA3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:0F3F6B1E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CD9109D4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C434694E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E895790F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:934CA750
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:53DF4438
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A8DFD30C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7FD60FAD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:43982D5E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4244811A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DE9AC04F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:937C8022
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7BB20DE8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5EFEB6A1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3B454A5C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:CB16385F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7D04F8E2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6E65510A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2F474C84
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2A874675
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E945C214
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E8CB831A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9725F1BC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:134FBDE2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BEADDC0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2636DE16
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F1C8B957
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ED51D3ED
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D115F6E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:0CEE6109
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:084612C9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:85EA4795
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F2327E82
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E6CDFB4A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:93D985FC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:769BB147
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:302ECBD6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D7D0B4AF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A05F750A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:C9CDDE5E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DE9F4320
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:070D9534
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F7401CCF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F0A06891
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B0EB578B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:95079543
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7C412B92
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F41E22A9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:03A039A3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:517EFA90
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3D922890
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C5EC3CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:33B04540
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:B3433EF1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:C0A9D0E7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A4F63AED
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:6407DD2D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2E0B7D8A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:620EC79A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:7CEDF9F3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C36B1175
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:3C282BEA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DBEF355E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:90D89144

< End of report >
 
Hi josie869,

Your log appears to be clean. We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = =

The following will implement important cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
(Note the space between the ..X and the /U, it needs to be there.)

Combofix_uninstall_image.jpg


- - - - - Next - - - - -

Clean up with OTL:
  • Right-click OTL.exe select "Run as Administrator" to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
- - - - - Next - - - - -

You can now delete any tools and/or logs remaining on your desktop.

- - - - - Next - - - - -

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Java™ 6 Update 27 (64-bit)
  • Java™ 6 Update 31
- - - - - Next - - - - -
  • Get the current version of Java (Version 7 Update 17) by going to http://java.com/en/download/installed.jsp
  • Select the Verify Java Version button and follow the onscreen instructions to update if necessary.
- - - - - Next - - - - -


Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsupportforum.com/forums/f50/disable-java-in-browsers-683721.html

Disable Java in Web Browsers

  • Click on the Start button and then click on the Control Panel option.
  • In the Control Panel Search enter Java Control Panel.
  • Click on the Java icon to open the Java Control Panel.
javadisable1_zps19e32961.jpg


Disable Java through the Java Control Panel

  • In the Java Control Panel, click on the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
  • Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
  • Click OK in the Java Plug-in confirmation window.
  • Restart the browser for changes to take effect.
javadisable2_zps5a2f5c6d.jpg



= = = = = = = = = =

With the above items taken care of let's move on to the All Clean part of the process.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.
Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
 
seems to be ok. The norton antivirus I have has a firewall
I'll pass the reading along to my mom since it was her computer. Thanks so much for all of your help!

I installed the add ons for firefox that you suggested. I've told her not to you IE

Thank you again for all of your help!
 
ok after installing those add on's to firefox, all she gets is a blank page on facebook
you can see the title bar but that's it
 
Status
Not open for further replies.
Back
Top