Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2013 01 Ran by MaryLou (administrator) on HOME on 17-12-2013 11:52:22 Running from C:\Users\MaryLou\Downloads Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Two Pilots) C:\Windows\VPDAgent_x64.exe (AMD) C:\Windows\System32\atiesrxx.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE (AMD) C:\Windows\System32\atieclxx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msdt.exe (Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard) HKCU\...\Run: [Facebook Update] - C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-13] (Facebook Inc.) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION) HKCU\...\Runonce: [uninstall C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKCU\...\Policies\Explorer: [NofolderOptions] 0 HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2786104 2013-05-23] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/hpnot13/1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation) BHO: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation) Toolbar: HKLM - Deal Slider - {E13BF069-886E-416B-B532-6B14242CC508} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 Chrome: ======= CHR DefaultSearchKeyword: babylon.com CHR DefaultSearchProvider: Search the web (Babylon) CHR DefaultSearchURL: http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ssbtis1&mntrId=0CB716FD52106739&affID=119557&tt=180813_206&tsp=4980 CHR DefaultNewTabURL: CHR Extension: (Deal Slider ) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0 CHR Extension: (Norton Identity Protection) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0 CHR Extension: (Google Wallet) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1 CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx ==================== Services (Whitelisted) ================= R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-06-25] (Two Pilots) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-12] (Advanced Micro Devices, Inc.) R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-06-26] (The Neat Company) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation) S2 Util BrowseFox; "C:\Program Files (x86)\BrowseFox\bin\utilBrowseFox.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20131216.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131216.038\ENG64.SYS [126040 2013-12-10] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131216.038\EX64.SYS [2099288 2013-12-10] (Symantec Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-07-31] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-03] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-17 11:52 - 2013-12-17 11:56 - 00016908 _____ C:\Users\MaryLou\Downloads\FRST.txt 2013-12-17 11:51 - 2013-12-17 11:51 - 00000000 ____D C:\FRST 2013-12-17 11:47 - 2013-12-17 11:47 - 01928078 _____ (Farbar) C:\Users\MaryLou\Downloads\FRST64.exe 2013-12-17 07:34 - 2013-12-17 07:34 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1 (1).txt 2013-12-17 07:33 - 2013-12-17 07:33 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1.txt 2013-12-17 07:28 - 2013-12-17 07:28 - 00000104 ____H C:\Users\MaryLou\Documents\.~lock.screenshot 1.txt# 2013-12-17 07:28 - 2013-12-17 07:28 - 00000006 _____ C:\Users\MaryLou\Documents\screenshot 1.txt 2013-12-17 07:25 - 2013-12-17 07:25 - 00730669 _____ C:\Users\MaryLou\Documents\screenshot 1.odt 2013-12-16 11:05 - 2013-12-16 11:06 - 00382384 _____ C:\Windows\Minidump\121613-46644-01.dmp 2013-12-16 11:05 - 2013-12-16 11:05 - 716293887 _____ C:\Windows\MEMORY.DMP 2013-12-16 11:05 - 2013-12-16 11:05 - 00000000 ____D C:\Windows\Minidump 2013-12-15 18:27 - 2013-12-15 18:27 - 00018037 _____ C:\Users\MaryLou\Documents\AdWareCleaner Log.odt 2013-12-15 09:53 - 2013-12-15 09:53 - 00001264 _____ C:\Users\MaryLou\Desktop\Revo Uninstaller.lnk 2013-12-15 09:53 - 2013-12-15 09:53 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2013-12-15 09:52 - 2013-12-15 09:52 - 10031224 _____ (VS Revo Group ) C:\Users\MaryLou\Downloads\RevoUninProSetup.exe 2013-12-15 09:51 - 2013-12-15 09:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MaryLou\Downloads\revosetup.exe 2013-12-14 14:12 - 2013-12-14 14:23 - 00006395 _____ C:\Users\MaryLou\Desktop\attach.txt 2013-12-14 14:12 - 2013-12-14 14:11 - 00023966 _____ C:\Users\MaryLou\Desktop\dds.txt 2013-12-14 14:11 - 2013-12-14 14:20 - 00000000 ____D C:\Users\MaryLou\Downloads\Misc Photos 2013-12-14 14:09 - 2013-12-14 14:09 - 00688992 ____R (Swearware) C:\Users\MaryLou\Downloads\dds.com 2013-12-14 14:01 - 2013-12-14 14:01 - 00000000 ____D C:\Users\MaryLou\Documents\Screen Shots 2013-12-14 11:41 - 2013-12-14 11:42 - 00000000 ____D C:\Users\MaryLou\Documents\Receipts 2013-12-14 09:33 - 2013-12-14 09:33 - 00001236 _____ C:\Users\MaryLou\Documents\ESET Report.txt 2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 ____D C:\_OTM 2013-12-13 14:08 - 2013-12-13 14:08 - 00522240 _____ (OldTimer Tools) C:\Users\MaryLou\Downloads\OTM.exe 2013-12-13 13:55 - 2013-12-15 18:21 - 00014798 _____ C:\Users\MaryLou\Downloads\SystemLook.txt 2013-12-13 13:54 - 2013-12-13 13:54 - 00165376 _____ C:\Users\MaryLou\Downloads\SystemLook_x64.exe 2013-12-13 10:15 - 2013-12-13 10:15 - 00323200 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-13 10:02 - 2013-12-13 10:02 - 01226802 _____ C:\Users\MaryLou\Downloads\AdwCleaner (1).exe 2013-12-12 01:14 - 2013-10-24 23:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-12 01:14 - 2013-10-24 23:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-12 01:14 - 2013-10-24 23:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-12 01:14 - 2013-10-24 23:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-12 01:14 - 2013-10-24 23:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 01:14 - 2013-10-24 23:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-12 01:14 - 2013-10-24 21:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-12 01:14 - 2013-10-24 21:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-12 01:14 - 2013-10-24 21:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-12 01:14 - 2013-10-24 21:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-12-12 01:14 - 2013-10-10 02:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 01:14 - 2013-10-10 02:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll 2013-12-12 01:14 - 2013-10-10 02:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 01:14 - 2013-10-10 02:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 01:14 - 2013-10-10 02:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 01:14 - 2013-10-10 02:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll 2013-12-12 01:14 - 2013-10-10 02:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 01:13 - 2013-10-24 23:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-12 01:12 - 2013-10-24 23:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2013-12-12 01:12 - 2013-10-24 23:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-12 01:12 - 2013-10-24 23:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-12 01:12 - 2013-10-24 21:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-12 01:12 - 2013-10-24 21:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-12 01:12 - 2013-10-24 21:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-12 01:12 - 2013-10-24 21:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-12-12 01:11 - 2013-10-18 22:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 01:11 - 2013-10-18 21:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-12 01:10 - 2013-10-08 18:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-12-12 01:10 - 2013-10-08 15:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-12-12 01:10 - 2013-10-08 15:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-12-12 01:10 - 2013-10-08 15:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-12-12 01:10 - 2013-10-08 15:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-12-12 01:10 - 2013-10-08 15:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-12-12 01:10 - 2013-10-08 15:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-12-12 01:10 - 2013-10-08 15:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-12-12 01:10 - 2013-10-04 23:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2013-12-12 01:10 - 2013-10-03 15:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml 2013-12-12 01:10 - 2013-10-01 19:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2013-12-12 01:10 - 2013-09-27 22:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2013-12-12 01:10 - 2013-09-27 20:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2013-12-12 01:10 - 2013-09-19 00:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-12-12 01:10 - 2013-08-29 22:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll 2013-12-12 01:10 - 2013-08-29 22:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll 2013-12-12 01:10 - 2013-08-29 16:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll 2013-12-12 01:10 - 2013-08-29 16:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll 2013-12-12 01:09 - 2013-11-22 23:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 01:09 - 2013-11-22 22:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 01:09 - 2013-11-06 16:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 01:08 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 01:08 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 01:08 - 2013-09-27 20:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-11 20:24 - 2013-12-11 20:24 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\Malwarebytes 2013-12-11 20:23 - 2013-12-11 20:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-11 20:23 - 2013-12-11 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-11 20:22 - 2013-12-11 20:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-11 20:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-11 20:21 - 2013-12-11 20:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\MaryLou\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-10 09:35 - 2013-12-10 09:35 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-07 20:32 - 2013-12-07 20:32 - 00000000 ____D C:\Users\MaryLou\Desktop\Thu 2013-12-05 22:53 - 2013-12-05 22:53 - 00002323 _____ C:\Users\Public\Desktop\Add a Device - Officejet J4500 Series.lnk 2013-12-05 17:48 - 2013-12-13 09:00 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\HpUpdate 2013-12-05 17:47 - 2013-12-05 17:47 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2013-12-05 17:47 - 2013-12-05 17:47 - 00000000 ____D C:\ProgramData\HP Product Assistant 2013-12-05 17:46 - 2013-12-05 17:46 - 00000000 ____D C:\Windows\SysWOW64\spool 2013-12-05 17:41 - 2013-12-13 08:46 - 00000000 ____D C:\Program Files (x86)\HP 2013-12-05 17:34 - 2013-12-05 22:53 - 00182532 _____ C:\Windows\hpwins19.dat 2013-12-05 17:34 - 2013-12-05 22:53 - 00000359 _____ C:\ProgramData\hpzinstall.log 2013-12-05 17:34 - 2012-09-27 13:32 - 00000633 ____N C:\Windows\hpwmdl19.dat 2013-12-05 17:33 - 2013-12-05 17:47 - 00000000 ____D C:\ProgramData\HP 2013-12-05 16:02 - 2013-12-05 16:16 - 291513352 _____ C:\Users\MaryLou\Downloads\OJ_AIO_J4500_Full_Win_WW_140_404.exe 2013-12-04 09:49 - 2013-12-04 09:49 - 05485920 _____ (Symantec Corporation) C:\Users\MaryLou\Downloads\SymHelp.exe 2013-12-03 10:25 - 2013-12-03 10:25 - 00003106 _____ C:\Windows\System32\Tasks\{CCE351FB-B417-4C20-85E1-42A3E5F14BE1} 2013-11-29 14:02 - 2013-12-15 18:11 - 00000000 ____D C:\AdwCleaner 2013-11-29 14:01 - 2013-11-29 14:01 - 01091882 _____ C:\Users\MaryLou\Downloads\AdwCleaner.exe 2013-11-26 16:49 - 2013-11-26 16:49 - 00000000 ____D C:\Program Files\SAMSUNG 2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\ProgramData\Samsung 2013-11-26 16:46 - 2013-11-26 16:47 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\MaryLou\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe 2013-11-26 12:31 - 2013-11-26 16:34 - 00000000 ____D C:\Users\MaryLou\AppData\Local\NPE 2013-11-25 13:03 - 2013-11-25 13:03 - 00000000 ____D C:\Users\MaryLou\Downloads\2013-11-25 2013-11-25 12:51 - 2013-11-25 12:59 - 48401212 _____ C:\Users\MaryLou\Downloads\2013-11-25.zip 2013-11-24 00:51 - 2013-11-25 13:41 - 01828352 ___SH C:\Users\MaryLou\Downloads\Thumbs.db 2013-11-23 17:22 - 2013-11-23 17:22 - 00001494 _____ C:\Users\MaryLou\Downloads\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015 - Shortcut.lnk 2013-11-23 17:13 - 2013-11-23 17:13 - 00923784 _____ (CNET Download.com) C:\Users\MaryLou\Desktop\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015.exe 2013-11-23 16:21 - 2013-11-23 16:21 - 00000000 ____D C:\Windows\en 2013-11-23 16:17 - 2010-06-02 07:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2013-11-23 16:17 - 2010-06-02 07:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2013-11-23 16:17 - 2010-06-02 07:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2013-11-23 16:17 - 2010-06-02 07:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2013-11-23 16:17 - 2010-05-26 14:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2013-11-23 16:17 - 2010-05-26 14:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2013-11-23 16:17 - 2010-05-26 14:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2013-11-23 16:17 - 2010-05-26 14:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2013-11-23 16:17 - 2009-09-04 20:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2013-11-23 16:17 - 2009-09-04 20:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2013-11-23 16:16 - 2006-11-29 16:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2013-11-23 16:16 - 2006-11-29 16:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2013-11-20 14:07 - 2013-11-20 14:09 - 00004608 _____ C:\Users\MaryLou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== One Month Modified Files and Folders ======= 2013-12-17 11:56 - 2013-12-17 11:52 - 00016908 _____ C:\Users\MaryLou\Downloads\FRST.txt 2013-12-17 11:51 - 2013-12-17 11:51 - 00000000 ____D C:\FRST 2013-12-17 11:47 - 2013-12-17 11:47 - 01928078 _____ (Farbar) C:\Users\MaryLou\Downloads\FRST64.exe 2013-12-17 11:34 - 2013-08-15 18:19 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-17 11:00 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru 2013-12-17 10:45 - 2013-09-13 19:40 - 00000946 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA.job 2013-12-17 07:34 - 2013-12-17 07:34 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1 (1).txt 2013-12-17 07:33 - 2013-12-17 07:33 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1.txt 2013-12-17 07:28 - 2013-12-17 07:28 - 00000104 ____H C:\Users\MaryLou\Documents\.~lock.screenshot 1.txt# 2013-12-17 07:28 - 2013-12-17 07:28 - 00000006 _____ C:\Users\MaryLou\Documents\screenshot 1.txt 2013-12-17 07:25 - 2013-12-17 07:25 - 00730669 _____ C:\Users\MaryLou\Documents\screenshot 1.odt 2013-12-17 07:07 - 2013-08-15 18:19 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-16 19:45 - 2013-08-08 17:05 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EFAFB1E-C4BA-4F62-AF85-A060F251D5D6} 2013-12-16 16:45 - 2013-09-13 19:40 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core.job 2013-12-16 13:17 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-16 13:16 - 2012-07-25 22:26 - 00524288 ___SH C:\Windows\system32\config\BBI 2013-12-16 11:12 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-12-16 11:06 - 2013-12-16 11:05 - 00382384 _____ C:\Windows\Minidump\121613-46644-01.dmp 2013-12-16 11:05 - 2013-12-16 11:05 - 716293887 _____ C:\Windows\MEMORY.DMP 2013-12-16 11:05 - 2013-12-16 11:05 - 00000000 ____D C:\Windows\Minidump 2013-12-15 18:27 - 2013-12-15 18:27 - 00018037 _____ C:\Users\MaryLou\Documents\AdWareCleaner Log.odt 2013-12-15 18:21 - 2013-12-13 13:55 - 00014798 _____ C:\Users\MaryLou\Downloads\SystemLook.txt 2013-12-15 18:21 - 2013-08-08 17:00 - 01092364 _____ C:\Windows\WindowsUpdate.log 2013-12-15 18:11 - 2013-11-29 14:02 - 00000000 ____D C:\AdwCleaner 2013-12-15 18:06 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2013-12-15 12:08 - 2013-08-13 22:24 - 00000000 ____D C:\Windows\system32\MRT 2013-12-15 12:00 - 2013-08-12 17:46 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-15 09:53 - 2013-12-15 09:53 - 00001264 _____ C:\Users\MaryLou\Desktop\Revo Uninstaller.lnk 2013-12-15 09:53 - 2013-12-15 09:53 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2013-12-15 09:52 - 2013-12-15 09:52 - 10031224 _____ (VS Revo Group ) C:\Users\MaryLou\Downloads\RevoUninProSetup.exe 2013-12-15 09:51 - 2013-12-15 09:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MaryLou\Downloads\revosetup.exe 2013-12-14 14:23 - 2013-12-14 14:12 - 00006395 _____ C:\Users\MaryLou\Desktop\attach.txt 2013-12-14 14:20 - 2013-12-14 14:11 - 00000000 ____D C:\Users\MaryLou\Downloads\Misc Photos 2013-12-14 14:11 - 2013-12-14 14:12 - 00023966 _____ C:\Users\MaryLou\Desktop\dds.txt 2013-12-14 14:09 - 2013-12-14 14:09 - 00688992 ____R (Swearware) C:\Users\MaryLou\Downloads\dds.com 2013-12-14 14:01 - 2013-12-14 14:01 - 00000000 ____D C:\Users\MaryLou\Documents\Screen Shots 2013-12-14 11:42 - 2013-12-14 11:41 - 00000000 ____D C:\Users\MaryLou\Documents\Receipts 2013-12-14 09:33 - 2013-12-14 09:33 - 00001236 _____ C:\Users\MaryLou\Documents\ESET Report.txt 2013-12-13 21:54 - 2013-08-09 22:29 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-12-13 21:52 - 2013-08-09 22:29 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 ____D C:\_OTM 2013-12-13 14:08 - 2013-12-13 14:08 - 00522240 _____ (OldTimer Tools) C:\Users\MaryLou\Downloads\OTM.exe 2013-12-13 13:54 - 2013-12-13 13:54 - 00165376 _____ C:\Users\MaryLou\Downloads\SystemLook_x64.exe 2013-12-13 10:15 - 2013-12-13 10:15 - 00323200 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-13 10:02 - 2013-12-13 10:02 - 01226802 _____ C:\Users\MaryLou\Downloads\AdwCleaner (1).exe 2013-12-13 09:00 - 2013-12-05 17:48 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\HpUpdate 2013-12-13 08:47 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-12-13 08:46 - 2013-12-05 17:41 - 00000000 ____D C:\Program Files (x86)\HP 2013-12-13 08:45 - 2013-04-29 01:20 - 00000000 ____D C:\Windows\Hewlett-Packard 2013-12-12 08:43 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache 2013-12-12 08:20 - 2012-07-26 00:28 - 00941178 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-12 08:14 - 2012-08-03 15:23 - 00272662 _____ C:\Windows\PFRO.log 2013-12-12 08:10 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates 2013-12-12 01:11 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\oobe 2013-12-12 01:09 - 2013-08-08 17:13 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3734144309-4116549082-540705525-1002 2013-12-11 20:24 - 2013-12-11 20:24 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\Malwarebytes 2013-12-11 20:23 - 2013-12-11 20:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-11 20:23 - 2013-12-11 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-11 20:23 - 2013-12-11 20:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-11 20:21 - 2013-12-11 20:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\MaryLou\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-10 12:21 - 2013-09-29 01:17 - 00000000 ____D C:\Users\MaryLou\AppData\Local\CrashDumps 2013-12-10 09:35 - 2013-12-10 09:35 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-10 09:35 - 2013-08-15 18:19 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-07 20:32 - 2013-12-07 20:32 - 00000000 ____D C:\Users\MaryLou\Desktop\Thu 2013-12-07 14:20 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\NDF 2013-12-05 22:53 - 2013-12-05 22:53 - 00002323 _____ C:\Users\Public\Desktop\Add a Device - Officejet J4500 Series.lnk 2013-12-05 22:53 - 2013-12-05 17:34 - 00182532 _____ C:\Windows\hpwins19.dat 2013-12-05 22:53 - 2013-12-05 17:34 - 00000359 _____ C:\ProgramData\hpzinstall.log 2013-12-05 22:29 - 2013-08-15 18:19 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-05 22:29 - 2013-08-15 18:19 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-05 17:47 - 2013-12-05 17:47 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk 2013-12-05 17:47 - 2013-12-05 17:47 - 00000000 ____D C:\ProgramData\HP Product Assistant 2013-12-05 17:47 - 2013-12-05 17:33 - 00000000 ____D C:\ProgramData\HP 2013-12-05 17:46 - 2013-12-05 17:46 - 00000000 ____D C:\Windows\SysWOW64\spool 2013-12-05 16:16 - 2013-12-05 16:02 - 291513352 _____ C:\Users\MaryLou\Downloads\OJ_AIO_J4500_Full_Win_WW_140_404.exe 2013-12-05 15:38 - 2013-08-15 18:21 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-04 09:49 - 2013-12-04 09:49 - 05485920 _____ (Symantec Corporation) C:\Users\MaryLou\Downloads\SymHelp.exe 2013-12-03 19:43 - 2012-07-26 00:21 - 00036257 _____ C:\Windows\setupact.log 2013-12-03 17:53 - 2013-11-13 22:08 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-03 17:53 - 2013-11-13 22:08 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-03 10:25 - 2013-12-03 10:25 - 00003106 _____ C:\Windows\System32\Tasks\{CCE351FB-B417-4C20-85E1-42A3E5F14BE1} 2013-11-29 14:01 - 2013-11-29 14:01 - 01091882 _____ C:\Users\MaryLou\Downloads\AdwCleaner.exe 2013-11-26 16:49 - 2013-11-26 16:49 - 00000000 ____D C:\Program Files\SAMSUNG 2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\ProgramData\Samsung 2013-11-26 16:47 - 2013-11-26 16:46 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\MaryLou\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe 2013-11-26 16:34 - 2013-11-26 12:31 - 00000000 ____D C:\Users\MaryLou\AppData\Local\NPE 2013-11-26 12:31 - 2013-04-29 01:54 - 00000000 ____D C:\ProgramData\Norton 2013-11-26 09:55 - 2013-08-08 17:05 - 00000000 ___RD C:\Users\MaryLou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-25 13:41 - 2013-11-24 00:51 - 01828352 ___SH C:\Users\MaryLou\Downloads\Thumbs.db 2013-11-25 13:03 - 2013-11-25 13:03 - 00000000 ____D C:\Users\MaryLou\Downloads\2013-11-25 2013-11-25 12:59 - 2013-11-25 12:51 - 48401212 _____ C:\Users\MaryLou\Downloads\2013-11-25.zip 2013-11-24 12:53 - 2013-09-03 22:41 - 00224768 ___SH C:\Users\MaryLou\Desktop\Thumbs.db 2013-11-23 22:45 - 2013-08-08 17:05 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\Adobe 2013-11-23 17:22 - 2013-11-23 17:22 - 00001494 _____ C:\Users\MaryLou\Downloads\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015 - Shortcut.lnk 2013-11-23 17:13 - 2013-11-23 17:13 - 00923784 _____ (CNET Download.com) C:\Users\MaryLou\Desktop\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015.exe 2013-11-23 16:21 - 2013-11-23 16:21 - 00000000 ____D C:\Windows\en 2013-11-23 16:18 - 2012-10-19 19:32 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-11-23 16:17 - 2012-10-19 19:32 - 00000547 _____ C:\Windows\DirectX.log 2013-11-23 16:11 - 2013-11-03 22:46 - 1042329780 _____ C:\Users\MaryLou\Downloads\Photos (7).zip 2013-11-23 16:02 - 2013-11-11 21:52 - 00000000 ____D C:\Users\MaryLou\AppData\Local\Windows Live 2013-11-22 23:43 - 2013-12-12 01:09 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-11-22 22:05 - 2013-12-12 01:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-11-21 01:27 - 2013-08-08 16:58 - 00000000 ____D C:\Users\MaryLou 2013-11-20 14:09 - 2013-11-20 14:07 - 00004608 _____ C:\Users\MaryLou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-17 11:17 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2013 01 Ran by MaryLou at 2013-12-17 11:57:34 Running from C:\Users\MaryLou\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== 4 Elements II (x32 Version: 2.2.0.98) 4500_Help (x32 Version: 1.00.0000) 64 Bit HP CIO Components Installer (Version: 7.2.8) Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636) AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.881.0) AMD Fuel (Version: 2012.0912.1709.28839) AMD Quick Stream (Version: 3.3.26.0) AMD VISION Engine Control Center (x32 Version: 2012.0912.1709.28839) Bejeweled 3 (x32 Version: 2.2.0.98) Bing Bar (x32 Version: 7.2.241.0) Bonjour (Version: 3.0.0.10) bpd_scan (x32 Version: 3.00.0000) BPDSoftware (x32 Version: 140.0.001.000) BPDSoftware_Ini (x32 Version: 1.00.0000) BufferChm (x32 Version: 140.0.298.000) Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98) Canon MX870 series MP Drivers Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0912.1709.28839) Catalyst Control Center InstallProxy (x32 Version: 2012.0912.1709.28839) Catalyst Control Center Localization All (x32 Version: 2012.0912.1709.28839) CCC Help Chinese Standard (x32 Version: 2012.0912.1708.28839) CCC Help Chinese Traditional (x32 Version: 2012.0912.1708.28839) CCC Help Czech (x32 Version: 2012.0912.1708.28839) CCC Help Danish (x32 Version: 2012.0912.1708.28839) CCC Help Dutch (x32 Version: 2012.0912.1708.28839) CCC Help English (x32 Version: 2012.0912.1708.28839) CCC Help Finnish (x32 Version: 2012.0912.1708.28839) CCC Help French (x32 Version: 2012.0912.1708.28839) CCC Help German (x32 Version: 2012.0912.1708.28839) CCC Help Greek (x32 Version: 2012.0912.1708.28839) CCC Help Hungarian (x32 Version: 2012.0912.1708.28839) CCC Help Italian (x32 Version: 2012.0912.1708.28839) CCC Help Japanese (x32 Version: 2012.0912.1708.28839) CCC Help Korean (x32 Version: 2012.0912.1708.28839) CCC Help Norwegian (x32 Version: 2012.0912.1708.28839) CCC Help Polish (x32 Version: 2012.0912.1708.28839) CCC Help Portuguese (x32 Version: 2012.0912.1708.28839) CCC Help Russian (x32 Version: 2012.0912.1708.28839) CCC Help Spanish (x32 Version: 2012.0912.1708.28839) CCC Help Swedish (x32 Version: 2012.0912.1708.28839) CCC Help Thai (x32 Version: 2012.0912.1708.28839) CCC Help Turkish (x32 Version: 2012.0912.1708.28839) ccc-utility64 (Version: 2012.0912.1709.28839) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98) Cradle of Rome 2 (x32 Version: 2.2.0.98) CyberLink Media Suite 10 (x32 Version: 10.0.2.2114) CyberLink Power2Go 8 (x32 Version: 8.0.2.2110) CyberLink PowerDVD (x32 Version: 10.0.7.4528) CyberLink YouCam (x32 Version: 3.5.5.5811) D3DX10 (x32 Version: 15.4.2368.0902) Destinations (x32 Version: 140.0.253.000) DeviceDiscovery (x32 Version: 140.0.298.000) DocProc (x32 Version: 140.0.185.000) Energy Star (x32 Version: 1.0.9) Epson Connect (x32) Epson Customer Participation (Version: 1.0.0.0) Epson Download Navigator (x32 Version: 1.0.1) Epson Event Manager (x32 Version: 2.50.0001) Epson FAX Utility (x32 Version: 1.20.00) Epson PC-FAX Driver (x32) EPSON Scan (x32) EPSON WorkForce 545 Series Printer Uninstall EpsonNet Print (x32 Version: 2.4j) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) Farm Frenzy (x32 Version: 2.2.0.98) FATE: The Cursed King (x32 Version: 2.2.0.97) Fax (x32 Version: 140.0.307.000) Final Drive Fury (x32 Version: 2.2.0.95) Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32) Google Chrome (x32 Version: 31.0.1650.63) Google Earth (x32 Version: 7.1.2.2041) Google Update Helper (x32 Version: 1.3.22.3) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95) GPBaseService2 (x32 Version: 140.0.297.000) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98) Hoyle Card Games (x32 Version: 2.2.0.95) HP Connected Remote (x32 Version: 1.0.1218) HP Customer Experience Enhancements (x32 Version: 6.0.1.7) HP Customer Participation Program 14.0 (Version: 14.0) HP Documentation (x32 Version: 1.2.0.0) HP Games (x32 Version: 1.0.3.0) HP Imaging Device Functions 14.0 (Version: 14.0) HP MyRoom (x32 Version: 9.0.0.0) HP Officejet J4500 Series 14.0 Rel. 6 (Version: 14.0) HP Postscript Converter (Version: 3.1.3591) HP Quick Launch (x32 Version: 3.0.6) HP Recovery Manager (x32 Version: 8.00) HP Registration Service (Version: 1.1.6232.4245) HP Solution Center 14.0 (Version: 14.0) HP Support Assistant (x32 Version: 7.0.39.15) HP Update (x32 Version: 5.005.000.002) HP Utility Center (x32 Version: 1.0.8) HP Wireless Button Driver (x32 Version: 1.0.6.1) HPProductAssistant (x32 Version: 140.0.298.000) HPSSupply (x32 Version: 140.0.297.000) J4500 (x32 Version: 140.0.001.000) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Jewel Match 3 (x32 Version: 2.2.0.98) John Deere Drive Green (x32 Version: 2.2.0.95) Luxor Evolved (x32 Version: 2.2.0.98) Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 140.0.212.000) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Mouse and Keyboard Center (Version: 2.2.173.0) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Silverlight (x32 Version: 5.1.20913.0) Microsoft SkyDrive (HKCU Version: 17.0.2015.0811) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98) Movie Maker (x32 Version: 16.4.3505.0912) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98) Neat (x32 Version: 5.2.2.3) Neat ADF Scanner 2008 Driver (Version: 2.0.1.5) Neat ADF Scanner Driver (Version: 2.0.2.1) Neat Core Files (x32 Version: 5.2.2.3) Neat Mobile Scanner (Silver) Driver (Version: 2.0.1.5) Neat Mobile Scanner 2008 Driver (Version: 2.0.1.4) Neat Mobile Scanner Driver (Version: 2.0.1.2) Norton Internet Security (x32 Version: 21.1.0.18) OCR Software by I.R.I.S. 14.0 (Version: 14.0) OpenOffice 4.0.1 (x32 Version: 4.01.9714) Peggle Nights (x32 Version: 2.2.0.98) Penguins! (x32 Version: 2.2.0.98) Photo Gallery (x32 Version: 16.4.3505.0912) Picasa 3 (x32 Version: 3.9) PicasaAlbumDownloader (x32 Version: 1.0.0) Polar Bowler (x32 Version: 2.2.0.97) Polar Golfer (x32 Version: 2.2.0.98) ProductContext (x32 Version: 140.0.001.000) Qualcomm Atheros Driver Installation Program (x32 Version: 10.0) QuickBooks (x32 Version: 23.0.4008.2305) QuickBooks Pro 2013 (x32 Version: 23.0.4006.2305) Quicken 2012 (x32 Version: 21.1.7.18) Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662) Realtek PCIE Card Reader (x32 Version: 6.2.8400.29034) Revo Uninstaller 1.95 (x32 Version: 1.95) Roads of Rome 3 (x32 Version: 2.2.0.98) Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0) Scan (x32 Version: 140.0.253.000) Send To Neat (Version: 1.1.0.0) Shop for HP Supplies (Version: 14.0) SolutionCenter (x32 Version: 140.0.299.000) Status (x32 Version: 140.0.342.000) swMSM (x32 Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 16.6.1.3) Tales of Lagoona (x32 Version: 2.2.0.110) Toolbox (x32 Version: 140.0.596.000) TrayApp (x32 Version: 140.0.297.000) Update Installer for WildTangent Games App (x32) WebReg (x32 Version: 140.0.297.017) WildTangent Games (x32 Version: 1.0.3.0) WildTangent Games App (x32 Version: 4.0.9.7) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Youda Jewel Shop (x32 Version: 3.0.2.32) Zuma's Revenge (x32 Version: 2.2.0.98) ==================== Restore Points ========================= 03-12-2013 17:00:16 Removed ScorpionSaver Services 12-12-2013 02:54:00 Removed ScorpionSaver 15-12-2013 16:55:57 Revo Uninstaller's restore point - ScorpionSaver ==================== Hosts content: ========================== 2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {115A30F5-9629-4E2E-993E-F2EF77734558} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange Task: {19A08E02-785C-4BB0-82A8-96E26E65BFB5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {1AD73C55-6B72-473D-A75F-008416D8979C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft) Task: {1CE5E7C2-112F-4B3F-AC7A-4A17594C5109} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {24A33188-FE98-45B3-8971-1F1803EA3456} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {272BE9F1-710E-4053-A994-CD0750DC7C9B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink) Task: {307D8C75-FDA3-49D3-AA9F-DB79F405FB59} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations Task: {38579B1B-B002-4BAA-B506-970485B471EE} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-15] (Microsoft Corporation) Task: {3FA523AC-271E-4DB5-AAAF-653AA97A52BD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated) Task: {543CFAC7-896B-4582-9AB6-74AA62511742} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {563C3C5A-73D7-4864-89D6-ABD97175BAD3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {5DE87850-2C97-42C3-B459-92CD70BCE6C7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-13] (Facebook Inc.) Task: {6405F8F1-9876-4FD0-B722-45B9A83B913B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.) Task: {67229DF8-B971-4F31-933D-0FD466D45DE1} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate Task: {7D310CF1-0382-4A17-9849-D04BD2020D47} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation) Task: {9140BC77-8D6A-4769-BC3F-706FBF3B6483} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3734144309-4116549082-540705525-1002 => Rundll32.exe portabledeviceapi.dll,#1 Task: {95910494-74FE-42BF-B162-E6E38E9D1E84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {A92ED75F-D21C-4AB4-B972-007FE6731950} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink) Task: {B6A5EAD2-461D-4E3E-8902-EDB39E00343C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {BEF2E280-C7B4-4519-A226-B62D912DD30B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {D08952E6-D64C-4569-9628-EAA6BCD69825} - \EPUpdater No Task File Task: {D8BA9F4E-1BA1-4C45-9B53-94E1E74C6BEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.) Task: {DCE4C1F2-B6D5-42FD-9966-443C9C4D8979} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation) Task: {E7B1763E-F5A7-4225-8261-F7CD1A60AFF9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard) Task: {E9ED0144-07A9-436F-ABAD-CCA07A0078D5} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART Task: {EA1C51EE-128F-44A6-9302-D7FC9AD085CA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-13] (Facebook Inc.) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F78C3C0C-6D6C-4C86-9AFE-E64816DD2778} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core.job => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA.job => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-12 16:24 - 2013-08-12 16:27 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-12 17:22 - 2012-10-12 17:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll 2013-08-08 17:01 - 2013-08-08 17:01 - 00120224 _____ () C:\Users\MaryLou\AppData\Local\assembly\dl3\D691AXL8.A61\B2JXPM9P.K64\d4e7ec06\008b7bc6_d8a8cd01\HPItunesModule.DLL 2012-10-12 17:22 - 2012-10-12 17:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll 2012-10-12 17:22 - 2012-10-12 17:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll 2012-09-12 17:20 - 2012-09-12 17:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-09-12 17:07 - 2012-09-12 17:07 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-04-29 01:44 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-12-05 15:38 - 2013-12-03 19:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2013-12-05 15:38 - 2013-12-03 19:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll 2013-12-05 15:38 - 2013-12-03 19:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll 2013-12-05 15:38 - 2013-12-03 19:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2013-12-05 15:38 - 2013-12-03 19:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll 2013-12-05 15:38 - 2013-12-03 19:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll 2013-09-20 16:50 - 2013-09-20 16:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll 2013-09-17 07:54 - 2013-09-17 07:54 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 284374 Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 284374 Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 282830 Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 282830 Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 281285 Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 281285 Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:36 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 279694 System errors: ============= Error: (12/16/2013 01:17:44 PM) (Source: Service Control Manager) (User: ) Description: The Util BrowseFox service failed to start due to the following error: %%2 Error: (12/16/2013 01:14:35 PM) (Source: Service Control Manager) (User: ) Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). Error: (12/16/2013 11:06:38 AM) (Source: Service Control Manager) (User: ) Description: The Util BrowseFox service failed to start due to the following error: %%2 Error: (12/16/2013 11:06:23 AM) (Source: BugCheck) (User: ) Description: 0x0000009f (0x0000000000000003, 0xfffffa8003f55060, 0xfffff802c3f27930, 0xfffffa8007b9e5a0)C:\Windows\MEMORY.DMP121613-46644-01 Error: (12/16/2013 11:05:53 AM) (Source: EventLog) (User: ) Description: The previous system shutdown at 10:32:32 AM on 12/16/2013 was unexpected. Error: (12/16/2013 08:02:47 AM) (Source: Service Control Manager) (User: ) Description: The Util BrowseFox service failed to start due to the following error: %%2 Error: (12/16/2013 08:01:00 AM) (Source: Service Control Manager) (User: ) Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). Error: (12/16/2013 07:36:53 AM) (Source: Service Control Manager) (User: ) Description: The Util BrowseFox service failed to start due to the following error: %%2 Error: (12/16/2013 07:35:21 AM) (Source: Service Control Manager) (User: ) Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (12/16/2013 07:35:02 AM) (Source: Service Control Manager) (User: ) Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 284374 Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 284374 Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 282830 Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 282830 Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 281285 Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 281285 Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2013 10:34:36 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 279694 ==================== Memory info =========================== Percentage of memory in use: 63% Total physical RAM: 3682.26 MB Available physical RAM: 1328.56 MB Total Pagefile: 7394.26 MB Available Pagefile: 4788.45 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:442.88 GB) (Free:386.66 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:22.11 GB) (Free:2.72 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1E1F4777) Partition: GPT Partition Type ==================== End Of Log ============================