Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow boot / No boot [Closed]


  • This topic is locked This topic is locked

#1
GalFriday

GalFriday

    Member

  • Member
  • PipPip
  • 21 posts

Someone referred me here for help, so here I am.  This may not be the best forum since I'm able to boot, but I thought this was pretty close.  Here are the basics:  Win 7, Dell Inspiron laptop, 2 years old.

 

I typically leave my laptop on until it starts running slow (some software I use will drag it down) and then I reboot.  Everything was working fine last week.  Sunday morning I sit down to do some work and I find that windows aren't opening. (I'm a Chrome user.)  So, I decide to reboot.  I can't do a nice reboot from the start button, so I have to power it down with the power button.

 

When I start it up again, everything becomes completely sluggish.  My profile doesn't boot all the way, it hangs, I can't open any windows, I can't open anything.  I reboot, go into Safe Mode with Networking, and proceed to back up all my files, just to be safe. :)

 

I then try to do a restore from a date a few days ago.  It completely fails - or so I think.  I get a hard drive error/failure.  After rebooting a few more times, I see that the restore does work based upon some info I had that was missing.  The restore didn't help at all.

 

During safe mode I removed a bunch of unnecessary programs.  I have followed everything I can think of, trying Autoruns, removing things from Start Up, running every piece of security search.  (Malwarebytes is the only thing that found some registry items - no other software found anything.)

 

I'm stumped.  In safe mode, I have no issues.  In standard mode, it drags or doesn't function for hours.  It can take five minutes or more to go from "Power On" button to seeing my login, and then another five minutes after I type in my password.  After that, it might be an hour before the computer is functional - or not at all.

 

I can't figure out what's doing this, but I need to.  Any suggestions would be greatly appreciated.

 

Thanks!


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello GalFriday,

Welcome to Geekstogo.

You can run this one from Safe Mode. :)

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.


  • 0

#3
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here you go.
 
Scan reScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by Andrea (administrator) on YGF2012 on 30-04-2014 05:34:33
Running from C:\Users\Andrea\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10365952 2011-05-19] (Intel Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85672 2011-05-10] (Absolute Software)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SMessaging] => C:\Users\Andrea\AppData\Local\Strongvault Online Backup\SMessaging.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [Google Update] => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-22] (Google Inc.)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [DellSystemDetect] => C:\Users\Andrea\AppData\Local\Apps\2.0\65J8EJRG.8KT\0ENBOXNG.74J\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-28] (Dell)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\MountPoints2: {ec946c0b-35ab-11e3-9033-4c80938a6b8b} - E:\WIN\setup.exe
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.claro-sea...0004c80938a6b88
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://my-remote.jo....com/dwa85W.cab
DPF: HKLM-x32 {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://my-remote.jo...i.com/dwa8W.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @playon.tv/PlayOnToolbar - C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Andrea\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Andrea\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Andrea\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Andrea\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrea\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrea\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF [2013-10-09]
 
Chrome: 
=======
CHR HomePage: hxxp://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=HP_clro&mntrId=7c4e86d40000000000004c80938a6b88
CHR RestoreOnStartup: "hxxp://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=HP_clro&mntrId=7c4e86d40000000000004c80938a6b88"
CHR DefaultSearchKeyword: claro-search.com
CHR DefaultSearchProvider: Claro Search
CHR Plugin: (Shockwave Flash) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-22]
CHR Extension: (Google Search) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-22]
CHR Extension: (Motive Extension) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-02-12]
CHR Extension: (Skyrama) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap [2012-02-22]
CHR Extension: (Grepolis) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2012-02-22]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2012-12-28]
CHR Extension: (Gmail) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-22]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Andrea\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-16]
CHR HKLM-x32\...\Chrome\Extension: [ienaefcpghbmccojmklhdffdobkbencj] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.6.1125.80\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.crx [2014-04-07]
CHR StartMenuInternet: Google Chrome - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5454640 2014-03-28] (MediaMall Technologies, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1114384 2011-12-19] (Rovi Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 spiceworks; "C:\Users\Andrea\Dropbox\Sell Sell Sell\Spiceworks\bin\spiceworks.exe" service [X]
 
==================== Drivers (Whitelisted) ====================
 
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140428.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-11-02] (MediaMall Technologies, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140428.016\ENG64.SYS [126040 2014-04-27] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140428.016\EX64.SYS [2099288 2014-04-27] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-22] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 TotRec8; C:\windows\system32\drivers\TotRec8.sys [122640 2012-08-13] (High Criteria inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64A.sys [736280 2011-12-28] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64A.sys [1171992 2011-12-28] (eMPIA Technology, Inc.)
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-30 05:34 - 2014-04-30 05:35 - 00024643 _____ () C:\Users\Andrea\Downloads\FRST.txt
2014-04-30 05:34 - 2014-04-30 05:34 - 00000000 ____D () C:\FRST
2014-04-30 05:33 - 2014-04-30 05:33 - 02061824 _____ (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2014-04-30 05:33 - 2014-04-30 05:33 - 01049600 _____ (Farbar) C:\Users\Andrea\Downloads\FRST.exe
2014-04-29 14:56 - 2014-04-29 15:34 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 14:54 - 2014-04-29 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 14:54 - 2014-04-29 14:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-29 14:54 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-29 14:54 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-29 14:54 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-29 14:51 - 2014-04-29 14:52 - 00000000 ____D () C:\Users\Andrea\AppData\Local\AvgSetupLog
2014-04-29 14:51 - 2014-04-29 14:52 - 00000000 ____D () C:\ProgramData\Avg
2014-04-29 14:51 - 2014-04-29 14:52 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-29 14:51 - 2014-04-29 14:51 - 16045040 _____ (AVG Technologies) C:\Users\Andrea\Downloads\avg_zist_stb_all_208_23.exe
2014-04-29 14:51 - 2014-04-29 14:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Avg
2014-04-29 08:50 - 2014-04-29 08:50 - 00003048 _____ () C:\{156FD4A2-3392-4808-A15F-9B5D3276AABA}
2014-04-29 08:42 - 2014-04-29 14:22 - 00016410 _____ () C:\windows\WindowsUpdate.log
2014-04-29 08:32 - 2014-04-29 15:29 - 00000168 _____ () C:\windows\setupact.log
2014-04-29 08:32 - 2014-04-29 08:32 - 00000000 _____ () C:\windows\setuperr.log
2014-04-29 08:31 - 2014-04-29 15:28 - 00003924 _____ () C:\windows\PFRO.log
2014-04-29 08:28 - 2014-04-29 08:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-29 08:27 - 2014-04-29 08:27 - 04745984 _____ (Piriform Ltd) C:\Users\Andrea\Downloads\ccsetup413.exe
2014-04-29 08:26 - 2014-04-29 08:26 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583 (1).exe
2014-04-29 08:24 - 2014-04-29 08:24 - 01514048 _____ (Soluto Inc) C:\Users\Andrea\Downloads\solutoinstaller-k56pw02ao39y.exe
2014-04-29 08:24 - 2014-04-29 08:24 - 00000000 ____D () C:\ProgramData\Soluto
2014-04-29 08:22 - 2014-04-29 08:22 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583.exe
2014-04-29 07:32 - 2014-04-29 08:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-29 07:32 - 2014-04-29 07:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-29 07:32 - 2014-04-29 07:32 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-29 07:32 - 2014-04-29 07:32 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-29 07:32 - 2014-04-29 07:32 - 00000656 _____ () C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000628 _____ () C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000458 _____ () C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-29 07:32 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-04-29 07:30 - 2014-04-29 07:30 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Andrea\Downloads\spybot-2.3.exe
2014-04-29 07:09 - 2014-04-29 12:13 - 17338544 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 16:33 - 2014-04-28 16:33 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-28 16:31 - 2014-04-28 16:31 - 00417872 _____ () C:\Users\Andrea\Downloads\DellSystemDetect.exe
2014-04-28 09:10 - 2014-04-28 09:10 - 00000000 ____D () C:\Users\Andrea\WORK FILES.tsk.lock
2014-04-28 08:59 - 2014-04-28 08:59 - 00000000 _____ () C:\extensions.sqlite
2014-04-28 01:52 - 2014-04-28 01:52 - 00003120 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-04-27 23:23 - 2014-04-27 23:23 - 03774570 _____ () C:\Users\Andrea\Documents\AutoRuns.arn
2014-04-26 08:35 - 2014-04-26 08:35 - 00478193 _____ () C:\Users\Andrea\Downloads\MayTiger Tales 2013.ppp
2014-04-25 07:30 - 2014-04-25 07:30 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (2).eml
2014-04-25 07:26 - 2014-04-25 07:26 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (1).eml
2014-04-21 21:35 - 2014-04-21 21:38 - 30841344 _____ () C:\Users\Andrea\Downloads\Fall_Slideshow_2010_0.ppt
2014-04-21 15:19 - 2014-04-21 15:30 - 00001121 _____ () C:\Users\Andrea\Downloads\HistoryDownload.csv
2014-04-21 14:05 - 2014-04-21 14:05 - 00016897 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 4-21-2014.xlsx
2014-04-18 09:07 - 2014-04-18 09:07 - 00034816 _____ () C:\Users\Andrea\Downloads\How to Get Free Traffic From Google - Registration Report.xls
2014-04-16 13:22 - 2014-04-16 13:22 - 00045559 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 16APR2014_revised action.xlsx
2014-04-15 08:49 - 2014-04-15 08:49 - 00000231 _____ () C:\Users\Andrea\Downloads\Introduction-To-Google-Analytics-Webinar-12.6.13-PART-1.mp4
2014-04-03 07:33 - 2014-04-03 07:33 - 00027136 _____ () C:\Users\Andrea\Downloads\Google AdWords Live Training - Attendee Report (1).xls
2014-04-02 09:12 - 2014-04-02 09:12 - 00003035 _____ () C:\Users\Andrea\Downloads\[AdWords Webinar] 5 Simple Steps To Profit With Google AdWords.ics
2014-04-02 08:51 - 2014-04-22 14:27 - 00000000 ____D () C:\Users\Andrea\Documents\53_JOHN POLIS
2014-04-01 15:12 - 2014-04-01 15:12 - 00533178 _____ () C:\Users\Andrea\Downloads\20140401150449_3135235191.wav
 
==================== One Month Modified Files and Folders =======
 
2014-04-30 05:35 - 2014-04-30 05:34 - 00024643 _____ () C:\Users\Andrea\Downloads\FRST.txt
2014-04-30 05:34 - 2014-04-30 05:34 - 00000000 ____D () C:\FRST
2014-04-30 05:33 - 2014-04-30 05:33 - 02061824 _____ (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2014-04-30 05:33 - 2014-04-30 05:33 - 01049600 _____ (Farbar) C:\Users\Andrea\Downloads\FRST.exe
2014-04-30 05:32 - 2012-02-22 21:39 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Skype
2014-04-29 15:44 - 2012-08-05 08:37 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 15:34 - 2014-04-29 14:56 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 15:32 - 2014-01-16 12:02 - 00000000 ___RD () C:\Users\Andrea\Google Drive
2014-04-29 15:32 - 2012-02-22 21:29 - 00000000 ___RD () C:\Users\Andrea\Dropbox
2014-04-29 15:32 - 2012-02-22 21:27 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Dropbox
2014-04-29 15:32 - 2012-01-14 13:41 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-04-29 15:32 - 2012-01-14 13:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-04-29 15:32 - 2012-01-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-04-29 15:30 - 2014-01-16 12:00 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-29 15:29 - 2014-04-29 08:32 - 00000168 _____ () C:\windows\setupact.log
2014-04-29 15:29 - 2013-02-11 11:01 - 00000416 _____ () C:\windows\Tasks\PC Optimizer Pro64 startups.job
2014-04-29 15:29 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-29 15:28 - 2014-04-29 08:31 - 00003924 _____ () C:\windows\PFRO.log
2014-04-29 15:27 - 2012-01-14 14:45 - 00000000 ____D () C:\windows\ShellNew
2014-04-29 14:54 - 2014-04-29 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 14:54 - 2014-04-29 14:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-29 14:52 - 2014-04-29 14:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\AvgSetupLog
2014-04-29 14:52 - 2014-04-29 14:51 - 00000000 ____D () C:\ProgramData\Avg
2014-04-29 14:52 - 2014-04-29 14:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-29 14:51 - 2014-04-29 14:51 - 16045040 _____ (AVG Technologies) C:\Users\Andrea\Downloads\avg_zist_stb_all_208_23.exe
2014-04-29 14:51 - 2014-04-29 14:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Avg
2014-04-29 14:41 - 2012-12-08 06:49 - 00000000 ____D () C:\ProgramData\MediaMall
2014-04-29 14:22 - 2014-04-29 08:42 - 00016410 _____ () C:\windows\WindowsUpdate.log
2014-04-29 14:15 - 2012-08-05 08:37 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 14:14 - 2012-04-30 20:01 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job
2014-04-29 14:10 - 2012-04-01 08:52 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 14:09 - 2012-01-14 12:58 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 14:09 - 2009-07-14 01:13 - 00006488 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-29 14:08 - 2014-01-24 08:54 - 00000568 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-967247175-893293011-2753274408-1000.job
2014-04-29 14:08 - 2014-01-16 12:00 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-29 14:08 - 2012-02-22 16:11 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job
2014-04-29 14:08 - 2012-02-22 16:11 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job
2014-04-29 12:13 - 2014-04-29 07:09 - 17338544 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-29 12:03 - 2013-10-28 14:43 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-29 08:50 - 2014-04-29 08:50 - 00003048 _____ () C:\{156FD4A2-3392-4808-A15F-9B5D3276AABA}
2014-04-29 08:34 - 2014-04-29 07:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-29 08:32 - 2014-04-29 08:32 - 00000000 _____ () C:\windows\setuperr.log
2014-04-29 08:30 - 2012-08-31 05:48 - 00000000 ____D () C:\Users\Andrea\AppData\Local\CrashDumps
2014-04-29 08:30 - 2012-08-25 12:56 - 00000000 ____D () C:\windows\Minidump
2014-04-29 08:30 - 2011-02-23 09:08 - 00000000 ____D () C:\windows\Panther
2014-04-29 08:28 - 2014-04-29 08:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-29 08:27 - 2014-04-29 08:27 - 04745984 _____ (Piriform Ltd) C:\Users\Andrea\Downloads\ccsetup413.exe
2014-04-29 08:26 - 2014-04-29 08:26 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583 (1).exe
2014-04-29 08:24 - 2014-04-29 08:24 - 01514048 _____ (Soluto Inc) C:\Users\Andrea\Downloads\solutoinstaller-k56pw02ao39y.exe
2014-04-29 08:24 - 2014-04-29 08:24 - 00000000 ____D () C:\ProgramData\Soluto
2014-04-29 08:22 - 2014-04-29 08:22 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583.exe
2014-04-29 07:41 - 2014-04-29 07:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-29 07:32 - 2014-04-29 07:32 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-29 07:32 - 2014-04-29 07:32 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-29 07:32 - 2014-04-29 07:32 - 00000656 _____ () C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000628 _____ () C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000458 _____ () C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-29 07:30 - 2014-04-29 07:30 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Andrea\Downloads\spybot-2.3.exe
2014-04-28 20:12 - 2012-02-22 14:05 - 00000000 ___RD () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-28 18:52 - 2013-05-21 16:35 - 00000000 ____D () C:\Program Files\My Dell
2014-04-28 18:52 - 2012-02-25 13:04 - 00000000 ____D () C:\ProgramData\PCDr
2014-04-28 17:12 - 2012-04-30 20:01 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job
2014-04-28 16:33 - 2014-04-28 16:33 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-28 16:33 - 2012-02-22 16:11 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Deployment
2014-04-28 16:31 - 2014-04-28 16:31 - 00417872 _____ () C:\Users\Andrea\Downloads\DellSystemDetect.exe
2014-04-28 16:19 - 2013-05-21 16:36 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-04-28 16:16 - 2012-02-22 16:11 - 00002372 _____ () C:\Users\Andrea\Desktop\Google Chrome.lnk
2014-04-28 15:06 - 2013-09-25 16:41 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Screencast-O-Matic
2014-04-28 09:37 - 2013-09-02 20:19 - 00143880 _____ () C:\Users\Andrea\WORK FILES.tsk
2014-04-28 09:37 - 2012-02-22 15:02 - 00000000 ____D () C:\Users\Andrea
2014-04-28 09:14 - 2012-02-22 16:05 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Nero
2014-04-28 09:10 - 2014-04-28 09:10 - 00000000 ____D () C:\Users\Andrea\WORK FILES.tsk.lock
2014-04-28 08:59 - 2014-04-28 08:59 - 00000000 _____ () C:\extensions.sqlite
2014-04-28 08:58 - 2013-08-19 09:15 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Task Coach
2014-04-28 08:51 - 2014-01-06 09:51 - 00206772 _____ () C:\Users\Andrea\Documents\2014 Time Tracking.xlsx
2014-04-28 08:43 - 2012-01-14 13:10 - 00000000 ____D () C:\ProgramData\Nero
2014-04-28 08:43 - 2012-01-14 13:10 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-04-28 08:42 - 2012-01-14 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL
2014-04-28 08:22 - 2012-04-11 16:16 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\PamFax Office Integrations
2014-04-28 08:18 - 2012-10-18 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-28 08:18 - 2012-02-22 16:10 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Mozilla
2014-04-28 08:17 - 2014-01-16 20:45 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Opera Software
2014-04-28 08:17 - 2014-01-16 20:45 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Opera Software
2014-04-28 08:17 - 2014-01-16 20:45 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-28 01:52 - 2014-04-28 01:52 - 00003120 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-04-28 01:33 - 2012-08-25 13:03 - 00000000 ____D () C:\ProgramData\Norton
2014-04-28 01:33 - 2012-06-22 15:17 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Arcsoft
2014-04-28 01:33 - 2012-02-25 17:06 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-04-28 01:33 - 2012-02-22 16:11 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-28 01:33 - 2012-01-14 14:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-28 01:32 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-04-28 00:51 - 2009-07-14 00:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 00:51 - 2009-07-14 00:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 23:23 - 2014-04-27 23:23 - 03774570 _____ () C:\Users\Andrea\Documents\AutoRuns.arn
2014-04-26 23:02 - 2012-02-25 13:20 - 00000000 ____D () C:\Users\Andrea\Documents\Outlook Files
2014-04-26 08:35 - 2014-04-26 08:35 - 00478193 _____ () C:\Users\Andrea\Downloads\MayTiger Tales 2013.ppp
2014-04-25 07:30 - 2014-04-25 07:30 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (2).eml
2014-04-25 07:26 - 2014-04-25 07:26 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (1).eml
2014-04-24 15:45 - 2014-03-16 14:15 - 00000000 ____D () C:\Users\Andrea\Documents\Baby Shower
2014-04-24 15:27 - 2013-01-24 11:48 - 00000000 ____D () C:\Users\Andrea\Documents\9999_POTENTIAL CLIENTS
2014-04-23 11:01 - 2013-02-11 13:18 - 00000000 ____D () C:\Users\Andrea\Documents\39_TOMASES & COMPANY
2014-04-22 14:27 - 2014-04-02 08:51 - 00000000 ____D () C:\Users\Andrea\Documents\53_JOHN POLIS
2014-04-21 21:38 - 2014-04-21 21:35 - 30841344 _____ () C:\Users\Andrea\Downloads\Fall_Slideshow_2010_0.ppt
2014-04-21 15:32 - 2013-04-17 18:55 - 00000000 ____D () C:\Users\Andrea\Documents\42_SELL SELL SELL
2014-04-21 15:30 - 2014-04-21 15:19 - 00001121 _____ () C:\Users\Andrea\Downloads\HistoryDownload.csv
2014-04-21 14:05 - 2014-04-21 14:05 - 00016897 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 4-21-2014.xlsx
2014-04-21 11:51 - 2012-02-22 22:40 - 00000000 ____D () C:\Users\Andrea\Documents\Personal Items 2011
2014-04-18 09:07 - 2014-04-18 09:07 - 00034816 _____ () C:\Users\Andrea\Downloads\How to Get Free Traffic From Google - Registration Report.xls
2014-04-16 16:12 - 2012-12-28 20:31 - 00002475 _____ () C:\Users\Andrea\AppData\Roaming\SAS7_000.DAT
2014-04-16 13:22 - 2014-04-16 13:22 - 00045559 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 16APR2014_revised action.xlsx
2014-04-16 07:38 - 2012-02-22 22:06 - 00000000 ____D () C:\Users\Andrea\Documents\99_PRIOR CLIENTS
2014-04-15 08:49 - 2014-04-15 08:49 - 00000231 _____ () C:\Users\Andrea\Downloads\Introduction-To-Google-Analytics-Webinar-12.6.13-PART-1.mp4
2014-04-15 08:49 - 2013-01-22 21:03 - 00000000 ____D () C:\Users\Andrea\Documents\36_MAIN STREET ROI
2014-04-11 15:08 - 2012-06-22 15:09 - 00000402 _____ () C:\windows\Tasks\EasyShare Registration Task.job
2014-04-09 21:41 - 2014-03-30 07:10 - 00012810 _____ () C:\Users\Andrea\Documents\GOW power.xlsx
2014-04-07 09:05 - 2012-12-08 06:50 - 00000000 ____D () C:\Program Files (x86)\MediaMall
2014-04-07 09:02 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-04-06 15:34 - 2012-02-22 20:28 - 00000000 ____D () C:\Users\Andrea\Documents\PTA
2014-04-05 19:05 - 2014-02-20 19:28 - 00016207 _____ () C:\Users\Andrea\Documents\Clash.xlsx
2014-04-03 09:51 - 2014-04-29 14:54 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-29 14:54 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-29 14:54 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-03 07:33 - 2014-04-03 07:33 - 00027136 _____ () C:\Users\Andrea\Downloads\Google AdWords Live Training - Attendee Report (1).xls
2014-04-02 09:12 - 2014-04-02 09:12 - 00003035 _____ () C:\Users\Andrea\Downloads\[AdWords Webinar] 5 Simple Steps To Profit With Google AdWords.ics
2014-04-01 20:07 - 2012-10-10 18:58 - 00000000 ____D () C:\Users\Andrea\Documents\32_LAURA MCREA
2014-04-01 18:49 - 2014-01-16 12:00 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-01 18:49 - 2014-01-16 12:00 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-01 15:12 - 2014-04-01 15:12 - 00533178 _____ () C:\Users\Andrea\Downloads\20140401150449_3135235191.wav
2014-03-31 12:55 - 2012-02-22 16:11 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA
2014-03-31 12:55 - 2012-02-22 16:11 - 00003488 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core
 
Files to move or delete:
====================
C:\Users\Andrea\AppData\Roaming\CamLayout.ini
C:\Users\Andrea\AppData\Roaming\CamShapes.ini
C:\Users\Andrea\autorun.exe
C:\Users\Andrea\Maint.exe
C:\Users\Andrea\msvbvm60.dll
C:\Users\Andrea\secrun.exe
C:\Users\Andrea\SETUP.EXE
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-19 10:23
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by Andrea at 2014-04-30 05:36:31
Running from C:\Users\Andrea\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
AV: Spybot - Search and Destroy (Disabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.10 - Absolute Software)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
AVI To MP4 Converter 1.0 (HKLM-x32\...\AVI To MP4 Converter_is1) (Version:  - A Software Plus)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BCL easyConverter Desktop 3 (Word Version) (HKLM-x32\...\{8C5845B5-729F-40E3-A945-4454E67F65F4}) (Version: 3.0.18 - BCL Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
bProtector for Windows (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - )
Brainville (x32 Version: 2.2.0.110 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.8.1.10 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.67 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.67 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Email Extractor (HKLM-x32\...\Email Extractor) (Version: 5.0 - WebPro Software)
Email Extractor (x32 Version: 5.0 - WebPro Solutions) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Express Dictate (HKLM-x32\...\Express) (Version: 5.72 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.63 - NCH Software)
Express Zip File Compression Software (HKLM-x32\...\ExpressZip) (Version:  - NCH Software)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreeScreenSharing (HKCU\...\FreeScreenSharing) (Version: 0.56.21.0 - Free Conferencing Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{6080787C-8D8A-3334-B79E-FFDC020FA0A1}) (Version: 5.3.0.18358 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Product Detection (HKLM-x32\...\{A34CC51D-C2FF-4E0E-9F27-28B0249A15DD}) (Version: 11.15.0007 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KODAK Share Button App (HKLM-x32\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)
liteCam HD Evaluation (HKLM-x32\...\{18F68A39-B013-447B-B28B-9F678A2241EF}) (Version: 4.53.0000 - RSUPPORT)
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 20.4.0.40 - Symantec Corporation)
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
PamFax (HKLM-x32\...\{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1) (Version: 3.4.6.11 - Scendix Software GmbH)
PamFax Office Integration (x32 Version: 1.0.2 - Scendix Software GmbH) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Peachtree Accounting 2012 (x32 Version: 19.00.01 - Sage Software, Inc.) Hidden
Peachtree Signature Ready Forms (x32 Version: 12.1.10 - Sage Software SB, Inc.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.net)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version:  - NCH Software)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayOn (HKLM-x32\...\{69144213-E603-459D-B6B6-C27A87E61D6F}) (Version: 3.8.12 - MediaMall Technologies, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 4.32 - NCH Software)
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Easy VHS to DVD 3 (HKLM-x32\...\{01EA1B5D-04A2-45BD-83BD-488D6EB7B942}) (Version: 3.0 - Roxio)
Roxio Easy VHS to DVD 3 (x32 Version: 3.0.137 - Roxio) Hidden
Roxio Express Labeler (x32 Version: 3.2.1 - Roxio) Hidden
ROXIOVHS3X64 (x32 Version: 1.02.0000 - ROXIO) Hidden
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.00.0000 - RSUPPORT)
Runaway with the Circus (x32 Version: 2.2.0.110 - WildTangent) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.1.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.1.0 - Shutterfly, Inc.) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.8.4.124.ga3559d86 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
Task Coach 1.3.31 (HKLM-x32\...\Task Coach_is1) (Version:  - Frank Niessink, Jerome Laheurte, and Aaron Wolf)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
Total Recorder 8.3 Professional Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wondershare PDF Editor(Build 3.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.0.0.18 - Wondershare Software Co.,Ltd.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
24-04-2014 20:38:32 Scheduled Checkpoint
28-04-2014 12:19:57 Removed Soda PDF OCR
28-04-2014 12:23:23 Removed Snagit 11
28-04-2014 12:33:35 Removed GimpShop 2.8
28-04-2014 12:39:52 Removed Xirrus Wi-Fi Inspector
28-04-2014 12:40:58 Removed SyncUP.
28-04-2014 12:58:41 Removed Jing
28-04-2014 13:01:06 Removed Screencast.com Desktop Uploader
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {258C8873-9E65-498A-9FF7-4992972E8F6F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {27B92FCB-4C16-4280-99D0-E85B897272CD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {295DFBA4-7DB5-41A5-87A6-DF74175DC6DF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {2EE1D1DE-CE72-466E-8B4C-FE108CFFB159} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {49FE33C1-5B57-4119-A46E-67E02B95699D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {55CCC968-67FA-463D-8D8D-E5B8F90E1A3B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {568C2B6A-37AB-4D14-9E2A-35EE2DA7C880} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {6FB14312-A922-4BAF-9309-EA3E2435AA70} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {73ED6864-532C-493C-8C5A-29C2985FAA67} - System32\Tasks\G2MUpdateTask-S-1-5-21-967247175-893293011-2753274408-1000 => C:\Users\Andrea\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {92DB3608-7DD9-4EA3-96F9-4006498CB002} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {9445A2D5-D160-452A-A0BE-7F6FF6F7C986} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22] (Google Inc.)
Task: {ADCE37CB-21F1-4D33-9350-5698FDAACBAF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {B1405C1A-9BFC-49A4-BC8B-D98162CEDEC1} - System32\Tasks\NCH Software\ExpressZipReminder => C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe [2012-06-02] (NCH Software)
Task: {B1B3CF12-F6FC-488B-80F8-4A16AA09C759} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {B1FAAC0B-F02C-42A1-AB36-5B6210200905} - System32\Tasks\NCH Software\WavePadDowngrade => C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe [2012-09-28] (NCH Software)
Task: {B2206F79-3F7B-4A50-ACE9-E79A62C962B1} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {C4036015-9FBA-4297-983D-3A6A1BDD0A92} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {CC222725-CCB0-47C3-8AD2-FE94146FC633} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {D678C295-BD16-4B99-873A-B1EF9D4A5985} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22] (Google Inc.)
Task: {E2E0A62B-823E-4589-A71B-28E6C1C8DD9A} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {EE49C3A6-9512-4513-8778-3C5947944FB6} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt [email protected]
Task: {F472AE03-FC93-47F1-A656-48354C90DCF3} - System32\Tasks\Browser Manager => Sc.exe start Browser Manager
Task: {F8057668-DA9E-4D70-B5F9-5493945B2C0B} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {FE97909C-6D89-4599-81A6-9C2D1BEE41FE} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\windows\Tasks\EasyShare Registration Task.job => %ÅË¡™jXO²õ>c¬ÇåáFa<
 sÀ €!Þ!C:\windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt [email protected]Ü
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-967247175-893293011-2753274408-1000.job => C:\Users\Andrea\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-28 15:40 - 2014-04-23 20:33 - 00065352 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-28 15:43 - 2014-04-23 20:33 - 04081480 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-28 15:44 - 2014-04-23 20:33 - 00390472 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-28 15:41 - 2014-04-23 20:33 - 01647432 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-29 07:30 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-29 07:30 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-04-28 15:44 - 2014-04-23 20:33 - 13692232 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:264B2CC4
AlternateDataStreams: C:\ProgramData\Temp:6BEB9EAA
AlternateDataStreams: C:\ProgramData\Temp:F5BECBD8
AlternateDataStreams: C:\Users\Andrea\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Andrea\Downloads\noname (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Andrea\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DragonSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: AmoltoRecorder => "C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe" /minimized
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: googletalk => C:\Users\Andrea\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KGShareApp => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: PeachtreePrefetcher.exe => C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config
MSCONFIG\startupreg: Sage Exchange => "C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms"
MSCONFIG\startupreg: Spotify => "C:\Users\Andrea\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Andrea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/29/2014 03:46:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/29/2014 03:32:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/29/2014 02:49:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/29/2014 02:40:22 PM) (Source: Application Hang) (User: )
Description: The program DellSystemDetect.exe version 5.7.0.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ce0
 
Start Time: 01cf63da08de4401
 
Termination Time: 0
 
Application Path: C:\Users\Andrea\AppData\Local\Apps\2.0\65J8EJRG.8KT\0ENBOXNG.74J\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
 
Report Id: 8bbb49cc-cfcd-11e3-b96b-4c80938a6b8b
 
Error: (04/29/2014 02:39:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/29/2014 02:09:50 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (04/29/2014 02:09:50 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (04/29/2014 11:52:34 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (04/29/2014 11:52:34 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (04/29/2014 08:42:26 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
 
System errors:
=============
Error: (04/30/2014 05:35:20 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/30/2014 05:35:20 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/30/2014 05:35:20 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/30/2014 05:35:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/30/2014 05:35:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/30/2014 05:35:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/30/2014 05:30:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/30/2014 05:30:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/30/2014 05:30:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/30/2014 05:29:56 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (04/29/2014 03:46:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/29/2014 03:32:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/29/2014 02:49:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/29/2014 02:40:22 PM) (Source: Application Hang)(User: )
Description: DellSystemDetect.exe5.7.0.6ce001cf63da08de44010C:\Users\Andrea\AppData\Local\Apps\2.0\65J8EJRG.8KT\0ENBOXNG.74J\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe8bbb49cc-cfcd-11e3-b96b-4c80938a6b8b
 
Error: (04/29/2014 02:39:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/29/2014 02:09:50 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (04/29/2014 02:09:50 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (04/29/2014 11:52:34 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (04/29/2014 11:52:34 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (04/29/2014 08:42:26 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 6050.05 MB
Available physical RAM: 4474.89 MB
Total Pagefile: 12098.29 MB
Available Pagefile: 10482.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:339.24 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2FAC01C7)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello GalFriday,

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  •     Double click zoek.zip
  •     Double click on zoek.exe to run.
  •     Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  •     Copy the text below and paste it into the large window in the zoek tool:


FFDefaults;
CHRDefaults;
emptyclsid;
EmptyAllTemp;
AutoClean;

  •     Click on Run script button
  •     Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  •     Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"
  • 0

#5
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

zoek.zip is malicious/identified as malware.  I don't need more problems on my computer.  


  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello GalFriday,

 

I guess your anti-virus identified it as such and I can understand how you might think it is malicious. I can confirm to you it is not, that is a false positive from your AV.

 

Actually your anti-virus hasn't found the ones that zoek will hopefully deal to. Your browser is infected and likely the reason your machine is so slow. See here for the main one we want to get rid of.
 

You need to follow the instruction I gave you though to temporarily disable your anti-virus program before running zoek. :)


  • 0

#7
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Here's the log:

 

 
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Andrea on Thu 05/01/2014 at 18:23:14.94.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Andrea\Desktop\zoek.exe    [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-967247175-893293011-2753274408-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-967247175-893293011-2753274408-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-967247175-893293011-2753274408-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_USERS\S-1-5-21-967247175-893293011-2753274408-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_USERS\S-1-5-21-967247175-893293011-2753274408-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully
HKEY_USERS\S-1-5-21-967247175-893293011-2753274408-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED488794-12F1-49A7-9C7B-60B55DB6F038} deleted successfully
HKEY_USERS\S-1-5-21-967247175-893293011-2753274408-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ED488794-12F1-49A7-9C7B-60B55DB6F038} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Andrea\AppData\Roaming\Scendix Software\Fax\Profiles\3c43rg3h.default\prefs.js:
 
Added to C:\Users\Andrea\AppData\Roaming\Scendix Software\Fax\Profiles\3c43rg3h.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.co...le Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.co...le Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\extensions.sqlite deleted
C:\Users\Andrea\AppData\Roaming\Wondershare deleted
C:\Users\Andrea\AppData\Roaming\SpeedyPC Software deleted
C:\Users\Andrea\AppData\Roaming\Strongvault deleted
C:\Users\Andrea\AppData\Roaming\DriverCure deleted
C:\Users\Andrea\AppData\Roaming\Babylon deleted
C:\Users\Andrea\msvbvm60.dll deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\AbsoluteNotifier.txt deleted
C:\PROGRA~3\SpeedyPC Software deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Babylon deleted
C:\Users\Andrea\AppData\Local\Wondershare deleted
C:\Users\Andrea\AppData\Local\PackageAware deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\windows\SysNative\Tasks\Browser Manager deleted
C:\Users\Andrea\Downloads\SpeedyPC Pro Installer_6383a6c0_.exe deleted
C:\windows\tasks\PC Optimizer Pro64 startups.job deleted
C:\windows\SysNative\tasks\PC Optimizer Pro64 startups deleted
C:\windows\Syswow64\SearchProtect deleted
C:\windows\SysWow64\AI_RecycleBin deleted
C:\windows\SysWow64\searchplugins deleted
C:\windows\SysWow64\Extensions deleted
C:\Users\Andrea\autorun.exe deleted
C:\Users\Andrea\Maint.exe deleted
C:\Users\Andrea\secrun.exe deleted
C:\Users\Andrea\SETUP.EXE deleted
"C:\Users\Andrea\AppData\Roaming\webex" deleted
"C:\Users\Andrea\AppData\Roaming\Skinux" deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF" [04/28/2014 01:33 AM]
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
 
==== Firefox Plugins ======================
 
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ienaefcpghbmccojmklhdffdobkbencj - C:\Program Files (x86)\MediaMall\toolbar\ce.crx[01/03/2014 09:53 AM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/09/2013 11:59 AM]
mikhcaiakabeeokmenglcdebplfdjicn - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx[10/15/2013 10:58 AM]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx[03/26/2014 05:37 AM]
pgafcinpmmpklohkojmllohdhomoefph - C:\ProgramData\Browser Manager\2.6.1125.80\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.crx[]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Andrea\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[01/16/2014 12:01 PM]
 
Motive Extension - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
Dragon NaturallySpeaking Rich Internet Application Support - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn
HP Product Detection Plugin - Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp
Smartr Inbox for Gmail - Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gakklmehjhhdfjjgnmpkjoemjmeomnli
Windows Media Player Extension for HTML5 - Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hokdglbhghcebcopdbanieangmcamaak
PlayOn - Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ienaefcpghbmccojmklhdffdobkbencj
a Google a Day - Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfffneapblebcpnkjdocjgopbajigool
Wave Accounting - Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa
Skype Click to Call - Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Dragon NaturallySpeaking Rich Internet Application Support - Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mikhcaiakabeeokmenglcdebplfdjicn
Norton Identity Protection - Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...ge={startPage}"
 
==== Reset Google Chrome ======================
 
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmoltoRecorder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeachtreePrefetcher.exe deleted successfully
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=431 folders=93 71800094 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Andrea\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Andrea\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello GalFriday,

 

Looks like some good progress there.

 

Now

 

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

 

After that

 

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

 

So when you return please post

 

  • AdwCleaner log
  • FRST.txt
  • Addition.txt

 

PS I have to go out now for an hour or two so won't be able to get back to you immediately. I will check in when I get back though. :)


  • 0

#9
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

FYI, I rebooted by computer after the zoek scan.  It took 25 minutes just to get to this pageand I'm not able to type properly.  I am typing, but the text comes a minute or two after I've finished.


  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Thanks for the update. :)

 

Yes, we are only part way through the malware cleaning process.

 

There are some system errors reported in the FRST log too.

 

I don't think they are serious but we will have a look at that later if they still persist after we have cleaned the malware.

 

There may be hardware problems as well which we can check out. For example if laptops overheat you can get symptoms similar to what you describe.

 

You say this in your preamble:

 

 

I typically leave my laptop on until it starts running slow (some software I use will drag it down) and then I reboot.

 

Could be it is heating up, running slower is typical of that problem. You may like to check to see how hot your machine is getting and listen for any unusual noises.

 

Meantime I look forward to seeing the results of the scans from my last post. :)


  • 0

Advertisements


#11
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Sorry it is taking so long to reply.  Every time one of the scans forces a reboot, it reboots into normal mode which means almost a complete lockup of the laptop.

 

No overheating.  The laptop runs fairly quietly.  I haven't noticed any unusual sounds.

 

Here's the recent FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Andrea (administrator) on YGF2012 on 02-05-2014 07:07:33
Running from C:\Users\Andrea\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10365952 2011-05-19] (Intel Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85672 2011-05-10] (Absolute Software)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SMessaging] => C:\Users\Andrea\AppData\Local\Strongvault Online Backup\SMessaging.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [Google Update] => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-22] (Google Inc.)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [DellSystemDetect] => C:\Users\Andrea\AppData\Local\Apps\2.0\65J8EJRG.8KT\0ENBOXNG.74J\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-28] (Dell)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\MountPoints2: {ec946c0b-35ab-11e3-9033-4c80938a6b8b} - E:\WIN\setup.exe
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...age={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://my-remote.jo....com/dwa85W.cab
DPF: HKLM-x32 {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://my-remote.jo...i.com/dwa8W.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @playon.tv/PlayOnToolbar - C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Andrea\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Andrea\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Andrea\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Andrea\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrea\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrea\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF [2013-10-09]
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-22]
CHR Extension: (Google Search) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-22]
CHR Extension: (Motive Extension) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-02-12]
CHR Extension: (Skyrama) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap [2012-02-22]
CHR Extension: (Grepolis) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2012-02-22]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2012-12-28]
CHR Extension: (Gmail) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-22]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Andrea\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-16]
CHR HKLM-x32\...\Chrome\Extension: [ienaefcpghbmccojmklhdffdobkbencj] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2014-04-07]
CHR StartMenuInternet: Google Chrome - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5454640 2014-03-28] (MediaMall Technologies, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1114384 2011-12-19] (Rovi Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 spiceworks; "C:\Users\Andrea\Dropbox\Sell Sell Sell\Spiceworks\bin\spiceworks.exe" service [X]
 
==================== Drivers (Whitelisted) ====================
 
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-04-27] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140430.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-11-02] (MediaMall Technologies, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140430.037\ENG64.SYS [126040 2014-04-27] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140430.037\EX64.SYS [2099288 2014-04-27] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-22] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 TotRec8; C:\windows\system32\drivers\TotRec8.sys [122640 2012-08-13] (High Criteria inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64A.sys [736280 2011-12-28] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64A.sys [1171992 2011-12-28] (eMPIA Technology, Inc.)
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-02 07:07 - 2014-05-02 07:07 - 00000000 ____D () C:\Users\Andrea\Downloads\FRST-OlderVersion
2014-05-01 22:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-01 22:16 - 2014-05-01 22:24 - 00000000 ____D () C:\AdwCleaner
2014-05-01 21:45 - 2014-05-01 21:47 - 01310621 _____ () C:\Users\Andrea\Downloads\AdwCleaner.exe
2014-05-01 19:07 - 2014-05-01 23:00 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-01 18:34 - 2014-05-01 18:23 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-05-01 18:32 - 2014-05-01 18:34 - 00000000 ____D () C:\zoek
2014-05-01 18:27 - 2014-05-01 19:15 - 00011745 _____ () C:\zoek-results.log
2014-05-01 18:23 - 2014-05-01 18:33 - 00000000 ____D () C:\zoek_backup
2014-05-01 10:51 - 2014-05-01 10:51 - 01285120 _____ () C:\Users\Andrea\Desktop\zoek.exe
2014-04-30 14:29 - 2014-04-30 14:29 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Mozilla
2014-04-30 05:36 - 2014-04-30 05:36 - 00055170 _____ () C:\Users\Andrea\Downloads\Addition.txt
2014-04-30 05:34 - 2014-05-02 07:07 - 00000000 ____D () C:\FRST
2014-04-30 05:34 - 2014-05-02 07:07 - 00000000 _____ () C:\Users\Andrea\Downloads\FRST.txt
2014-04-30 05:33 - 2014-05-02 07:07 - 02062336 _____ (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2014-04-29 14:56 - 2014-05-01 07:26 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 14:54 - 2014-04-29 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 14:54 - 2014-04-29 14:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-29 14:54 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-29 14:54 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-29 14:54 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-29 14:51 - 2014-04-29 14:52 - 00000000 ____D () C:\Users\Andrea\AppData\Local\AvgSetupLog
2014-04-29 14:51 - 2014-04-29 14:52 - 00000000 ____D () C:\ProgramData\Avg
2014-04-29 14:51 - 2014-04-29 14:52 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-29 14:51 - 2014-04-29 14:51 - 16045040 _____ (AVG Technologies) C:\Users\Andrea\Downloads\avg_zist_stb_all_208_23.exe
2014-04-29 14:51 - 2014-04-29 14:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Avg
2014-04-29 08:50 - 2014-04-29 08:50 - 00003048 _____ () C:\{156FD4A2-3392-4808-A15F-9B5D3276AABA}
2014-04-29 08:42 - 2014-05-01 22:29 - 00157601 _____ () C:\windows\WindowsUpdate.log
2014-04-29 08:32 - 2014-05-01 22:41 - 00000504 _____ () C:\windows\setupact.log
2014-04-29 08:32 - 2014-04-29 08:32 - 00000000 _____ () C:\windows\setuperr.log
2014-04-29 08:31 - 2014-05-01 22:40 - 00004564 _____ () C:\windows\PFRO.log
2014-04-29 08:28 - 2014-04-29 08:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-29 08:27 - 2014-04-29 08:27 - 04745984 _____ (Piriform Ltd) C:\Users\Andrea\Downloads\ccsetup413.exe
2014-04-29 08:26 - 2014-04-29 08:26 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583 (1).exe
2014-04-29 08:24 - 2014-04-29 08:24 - 01514048 _____ (Soluto Inc) C:\Users\Andrea\Downloads\solutoinstaller-k56pw02ao39y.exe
2014-04-29 08:24 - 2014-04-29 08:24 - 00000000 ____D () C:\ProgramData\Soluto
2014-04-29 08:22 - 2014-04-29 08:22 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583.exe
2014-04-29 07:32 - 2014-04-29 08:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-29 07:32 - 2014-04-29 07:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-29 07:32 - 2014-04-29 07:32 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-29 07:32 - 2014-04-29 07:32 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-29 07:32 - 2014-04-29 07:32 - 00000656 _____ () C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000628 _____ () C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000458 _____ () C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-29 07:32 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-04-29 07:30 - 2014-04-29 07:30 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Andrea\Downloads\spybot-2.3.exe
2014-04-29 07:09 - 2014-04-30 15:44 - 17931952 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 16:33 - 2014-04-28 16:33 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-28 16:31 - 2014-04-28 16:31 - 00417872 _____ () C:\Users\Andrea\Downloads\DellSystemDetect.exe
2014-04-28 09:10 - 2014-04-28 09:10 - 00000000 ____D () C:\Users\Andrea\WORK FILES.tsk.lock
2014-04-28 01:52 - 2014-04-28 01:52 - 00003120 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-04-27 23:23 - 2014-04-27 23:23 - 03774570 _____ () C:\Users\Andrea\Documents\AutoRuns.arn
2014-04-26 08:35 - 2014-04-26 08:35 - 00478193 _____ () C:\Users\Andrea\Downloads\MayTiger Tales 2013.ppp
2014-04-25 07:30 - 2014-04-25 07:30 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (2).eml
2014-04-25 07:26 - 2014-04-25 07:26 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (1).eml
2014-04-21 21:35 - 2014-04-21 21:38 - 30841344 _____ () C:\Users\Andrea\Downloads\Fall_Slideshow_2010_0.ppt
2014-04-21 15:19 - 2014-04-21 15:30 - 00001121 _____ () C:\Users\Andrea\Downloads\HistoryDownload.csv
2014-04-21 14:05 - 2014-04-21 14:05 - 00016897 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 4-21-2014.xlsx
2014-04-18 09:07 - 2014-04-18 09:07 - 00034816 _____ () C:\Users\Andrea\Downloads\How to Get Free Traffic From Google - Registration Report.xls
2014-04-16 13:22 - 2014-04-16 13:22 - 00045559 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 16APR2014_revised action.xlsx
2014-04-15 08:49 - 2014-04-15 08:49 - 00000231 _____ () C:\Users\Andrea\Downloads\Introduction-To-Google-Analytics-Webinar-12.6.13-PART-1.mp4
2014-04-03 07:33 - 2014-04-03 07:33 - 00027136 _____ () C:\Users\Andrea\Downloads\Google AdWords Live Training - Attendee Report (1).xls
2014-04-02 09:12 - 2014-04-02 09:12 - 00003035 _____ () C:\Users\Andrea\Downloads\[AdWords Webinar] 5 Simple Steps To Profit With Google AdWords.ics
2014-04-02 08:51 - 2014-04-22 14:27 - 00000000 ____D () C:\Users\Andrea\Documents\53_JOHN POLIS
 
==================== One Month Modified Files and Folders =======
 
2014-05-02 07:07 - 2014-05-02 07:07 - 00000000 ____D () C:\Users\Andrea\Downloads\FRST-OlderVersion
2014-05-02 07:07 - 2014-04-30 05:34 - 00000000 ____D () C:\FRST
2014-05-02 07:07 - 2014-04-30 05:34 - 00000000 _____ () C:\Users\Andrea\Downloads\FRST.txt
2014-05-02 07:07 - 2014-04-30 05:33 - 02062336 _____ (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2014-05-02 07:01 - 2012-02-22 21:39 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Skype
2014-05-02 07:00 - 2012-02-22 16:11 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job
2014-05-02 06:59 - 2012-08-05 08:37 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-02 06:58 - 2014-01-24 08:54 - 00000568 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-967247175-893293011-2753274408-1000.job
2014-05-02 06:58 - 2014-01-16 12:00 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-02 06:56 - 2014-04-29 08:42 - 00157601 _____ () C:\windows\WindowsUpdate.log
2014-05-01 23:23 - 2012-02-22 21:27 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Dropbox
2014-05-01 23:22 - 2012-02-22 21:29 - 00000000 ___RD () C:\Users\Andrea\Dropbox
2014-05-01 23:13 - 2012-04-30 20:01 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job
2014-05-01 23:00 - 2014-05-01 19:07 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-01 22:45 - 2012-12-08 06:49 - 00000000 ____D () C:\ProgramData\MediaMall
2014-05-01 22:44 - 2014-01-16 12:00 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-01 22:43 - 2012-01-14 13:41 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-05-01 22:43 - 2012-01-14 13:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-05-01 22:43 - 2012-01-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-01 22:41 - 2014-04-29 08:32 - 00000504 _____ () C:\windows\setupact.log
2014-05-01 22:41 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-01 22:40 - 2014-04-29 08:31 - 00004564 _____ () C:\windows\PFRO.log
2014-05-01 22:24 - 2014-05-01 22:16 - 00000000 ____D () C:\AdwCleaner
2014-05-01 21:47 - 2014-05-01 21:45 - 01310621 _____ () C:\Users\Andrea\Downloads\AdwCleaner.exe
2014-05-01 20:59 - 2014-01-16 12:02 - 00000000 ___RD () C:\Users\Andrea\Google Drive
2014-05-01 19:15 - 2014-05-01 18:27 - 00011745 _____ () C:\zoek-results.log
2014-05-01 18:34 - 2014-05-01 18:32 - 00000000 ____D () C:\zoek
2014-05-01 18:33 - 2014-05-01 18:23 - 00000000 ____D () C:\zoek_backup
2014-05-01 18:33 - 2012-02-22 15:02 - 00000000 ____D () C:\Users\Andrea
2014-05-01 18:23 - 2014-05-01 18:34 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-05-01 14:45 - 2009-07-14 01:13 - 00006740 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-01 14:42 - 2012-02-22 16:11 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job
2014-05-01 10:54 - 2013-07-13 14:45 - 00000000 ____D () C:\Users\Andrea\Desktop\GRAM
2014-05-01 10:51 - 2014-05-01 10:51 - 01285120 _____ () C:\Users\Andrea\Desktop\zoek.exe
2014-05-01 08:26 - 2012-02-25 13:20 - 00000000 ____D () C:\Users\Andrea\Documents\Outlook Files
2014-05-01 07:26 - 2014-04-29 14:56 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 07:15 - 2012-02-22 20:28 - 00000000 ____D () C:\Users\Andrea\Documents\PTA
2014-05-01 06:52 - 2012-04-11 16:16 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\PamFax Office Integrations
2014-04-30 17:12 - 2012-04-30 20:01 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job
2014-04-30 16:54 - 2013-05-21 16:35 - 00000000 ____D () C:\Program Files\My Dell
2014-04-30 16:54 - 2012-02-25 13:04 - 00000000 ____D () C:\ProgramData\PCDr
2014-04-30 16:46 - 2013-05-21 16:36 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-04-30 15:44 - 2014-04-29 07:09 - 17931952 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-30 15:44 - 2012-08-05 08:37 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 15:44 - 2012-04-01 08:52 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 15:44 - 2012-01-14 12:58 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 15:20 - 2009-07-14 00:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 15:20 - 2009-07-14 00:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 14:29 - 2014-04-30 14:29 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Mozilla
2014-04-30 13:03 - 2011-11-16 15:25 - 00006678 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-04-30 05:36 - 2014-04-30 05:36 - 00055170 _____ () C:\Users\Andrea\Downloads\Addition.txt
2014-04-29 15:27 - 2012-01-14 14:45 - 00000000 ____D () C:\windows\ShellNew
2014-04-29 14:54 - 2014-04-29 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 14:54 - 2014-04-29 14:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-29 14:52 - 2014-04-29 14:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\AvgSetupLog
2014-04-29 14:52 - 2014-04-29 14:51 - 00000000 ____D () C:\ProgramData\Avg
2014-04-29 14:52 - 2014-04-29 14:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-29 14:51 - 2014-04-29 14:51 - 16045040 _____ (AVG Technologies) C:\Users\Andrea\Downloads\avg_zist_stb_all_208_23.exe
2014-04-29 14:51 - 2014-04-29 14:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Avg
2014-04-29 08:50 - 2014-04-29 08:50 - 00003048 _____ () C:\{156FD4A2-3392-4808-A15F-9B5D3276AABA}
2014-04-29 08:34 - 2014-04-29 07:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-29 08:32 - 2014-04-29 08:32 - 00000000 _____ () C:\windows\setuperr.log
2014-04-29 08:30 - 2012-08-31 05:48 - 00000000 ____D () C:\Users\Andrea\AppData\Local\CrashDumps
2014-04-29 08:30 - 2012-08-25 12:56 - 00000000 ____D () C:\windows\Minidump
2014-04-29 08:30 - 2011-02-23 09:08 - 00000000 ____D () C:\windows\Panther
2014-04-29 08:28 - 2014-04-29 08:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-29 08:27 - 2014-04-29 08:27 - 04745984 _____ (Piriform Ltd) C:\Users\Andrea\Downloads\ccsetup413.exe
2014-04-29 08:26 - 2014-04-29 08:26 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583 (1).exe
2014-04-29 08:24 - 2014-04-29 08:24 - 01514048 _____ (Soluto Inc) C:\Users\Andrea\Downloads\solutoinstaller-k56pw02ao39y.exe
2014-04-29 08:24 - 2014-04-29 08:24 - 00000000 ____D () C:\ProgramData\Soluto
2014-04-29 08:22 - 2014-04-29 08:22 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583.exe
2014-04-29 07:41 - 2014-04-29 07:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-29 07:32 - 2014-04-29 07:32 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-29 07:32 - 2014-04-29 07:32 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-29 07:32 - 2014-04-29 07:32 - 00000656 _____ () C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000628 _____ () C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000458 _____ () C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-29 07:32 - 2014-04-29 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-29 07:30 - 2014-04-29 07:30 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Andrea\Downloads\spybot-2.3.exe
2014-04-28 20:12 - 2012-02-22 14:05 - 00000000 ___RD () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-28 16:33 - 2014-04-28 16:33 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-28 16:33 - 2012-02-22 16:11 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Deployment
2014-04-28 16:31 - 2014-04-28 16:31 - 00417872 _____ () C:\Users\Andrea\Downloads\DellSystemDetect.exe
2014-04-28 16:16 - 2012-02-22 16:11 - 00002372 _____ () C:\Users\Andrea\Desktop\Google Chrome.lnk
2014-04-28 15:06 - 2013-09-25 16:41 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Screencast-O-Matic
2014-04-28 09:37 - 2013-09-02 20:19 - 00143880 _____ () C:\Users\Andrea\WORK FILES.tsk
2014-04-28 09:14 - 2012-02-22 16:05 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Nero
2014-04-28 09:10 - 2014-04-28 09:10 - 00000000 ____D () C:\Users\Andrea\WORK FILES.tsk.lock
2014-04-28 08:58 - 2013-08-19 09:15 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Task Coach
2014-04-28 08:51 - 2014-01-06 09:51 - 00206772 _____ () C:\Users\Andrea\Documents\2014 Time Tracking.xlsx
2014-04-28 08:43 - 2012-01-14 13:10 - 00000000 ____D () C:\ProgramData\Nero
2014-04-28 08:43 - 2012-01-14 13:10 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-04-28 08:42 - 2012-01-14 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL
2014-04-28 08:18 - 2012-10-18 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-28 08:17 - 2014-01-16 20:45 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Opera Software
2014-04-28 08:17 - 2014-01-16 20:45 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Opera Software
2014-04-28 08:17 - 2014-01-16 20:45 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-28 01:52 - 2014-04-28 01:52 - 00003120 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-04-28 01:33 - 2012-08-25 13:03 - 00000000 ____D () C:\ProgramData\Norton
2014-04-28 01:33 - 2012-06-22 15:17 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Arcsoft
2014-04-28 01:33 - 2012-02-25 17:06 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-04-28 01:33 - 2012-02-22 16:11 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-28 01:33 - 2012-01-14 14:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-28 01:32 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-04-27 23:23 - 2014-04-27 23:23 - 03774570 _____ () C:\Users\Andrea\Documents\AutoRuns.arn
2014-04-26 08:35 - 2014-04-26 08:35 - 00478193 _____ () C:\Users\Andrea\Downloads\MayTiger Tales 2013.ppp
2014-04-25 07:30 - 2014-04-25 07:30 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (2).eml
2014-04-25 07:26 - 2014-04-25 07:26 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (1).eml
2014-04-24 15:45 - 2014-03-16 14:15 - 00000000 ____D () C:\Users\Andrea\Documents\Baby Shower
2014-04-24 15:27 - 2013-01-24 11:48 - 00000000 ____D () C:\Users\Andrea\Documents\9999_POTENTIAL CLIENTS
2014-04-23 11:01 - 2013-02-11 13:18 - 00000000 ____D () C:\Users\Andrea\Documents\39_TOMASES & COMPANY
2014-04-22 14:27 - 2014-04-02 08:51 - 00000000 ____D () C:\Users\Andrea\Documents\53_JOHN POLIS
2014-04-21 21:38 - 2014-04-21 21:35 - 30841344 _____ () C:\Users\Andrea\Downloads\Fall_Slideshow_2010_0.ppt
2014-04-21 15:32 - 2013-04-17 18:55 - 00000000 ____D () C:\Users\Andrea\Documents\42_SELL SELL SELL
2014-04-21 15:30 - 2014-04-21 15:19 - 00001121 _____ () C:\Users\Andrea\Downloads\HistoryDownload.csv
2014-04-21 14:05 - 2014-04-21 14:05 - 00016897 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 4-21-2014.xlsx
2014-04-21 11:51 - 2012-02-22 22:40 - 00000000 ____D () C:\Users\Andrea\Documents\Personal Items 2011
2014-04-18 09:07 - 2014-04-18 09:07 - 00034816 _____ () C:\Users\Andrea\Downloads\How to Get Free Traffic From Google - Registration Report.xls
2014-04-16 16:12 - 2012-12-28 20:31 - 00002475 _____ () C:\Users\Andrea\AppData\Roaming\SAS7_000.DAT
2014-04-16 13:22 - 2014-04-16 13:22 - 00045559 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 16APR2014_revised action.xlsx
2014-04-16 07:38 - 2012-02-22 22:06 - 00000000 ____D () C:\Users\Andrea\Documents\99_PRIOR CLIENTS
2014-04-15 08:49 - 2014-04-15 08:49 - 00000231 _____ () C:\Users\Andrea\Downloads\Introduction-To-Google-Analytics-Webinar-12.6.13-PART-1.mp4
2014-04-15 08:49 - 2013-01-22 21:03 - 00000000 ____D () C:\Users\Andrea\Documents\36_MAIN STREET ROI
2014-04-11 15:08 - 2012-06-22 15:09 - 00000402 _____ () C:\windows\Tasks\EasyShare Registration Task.job
2014-04-09 21:41 - 2014-03-30 07:10 - 00012810 _____ () C:\Users\Andrea\Documents\GOW power.xlsx
2014-04-07 09:05 - 2012-12-08 06:50 - 00000000 ____D () C:\Program Files (x86)\MediaMall
2014-04-07 09:02 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-04-05 19:05 - 2014-02-20 19:28 - 00016207 _____ () C:\Users\Andrea\Documents\Clash.xlsx
2014-04-03 09:51 - 2014-04-29 14:54 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-29 14:54 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-29 14:54 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-03 07:33 - 2014-04-03 07:33 - 00027136 _____ () C:\Users\Andrea\Downloads\Google AdWords Live Training - Attendee Report (1).xls
2014-04-02 09:12 - 2014-04-02 09:12 - 00003035 _____ () C:\Users\Andrea\Downloads\[AdWords Webinar] 5 Simple Steps To Profit With Google AdWords.ics
 
Files to move or delete:
====================
C:\Users\Andrea\AppData\Roaming\CamLayout.ini
C:\Users\Andrea\AppData\Roaming\CamShapes.ini
 
 
Some content of TEMP:
====================
C:\Users\Andrea\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-30 17:51
 
==================== End Of Log ============================

  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello GalFriday,

Did you run AdwareCleaner?

Also, did you follow the instruction for FRST to tick the Addition box? If so would you please copy and past the Addition.txt log back here.

There seems to be an obsolete link for Johnson Controls showing in the FRST.txt log. Do you know what that is and should it be removed?

There is some corruption in your Chrome browser.

Please go to the link below and follow the instructions on how to reset Google Chrome browser settings:

https://support.goog...r/3296214?hl=en
 


  • 0

#13
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I'm sorry - it was running so slowly that I forgot to post.

 

Here are the Addition and Adware logs:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Andrea at 2014-05-02 18:11:04
Running from C:\Users\Andrea\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
AV: Spybot - Search and Destroy (Disabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.10 - Absolute Software)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
AVI To MP4 Converter 1.0 (HKLM-x32\...\AVI To MP4 Converter_is1) (Version:  - A Software Plus)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BCL easyConverter Desktop 3 (Word Version) (HKLM-x32\...\{8C5845B5-729F-40E3-A945-4454E67F65F4}) (Version: 3.0.18 - BCL Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brainville (x32 Version: 2.2.0.110 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.8.1.10 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.67 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.67 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Email Extractor (HKLM-x32\...\Email Extractor) (Version: 5.0 - WebPro Software)
Email Extractor (x32 Version: 5.0 - WebPro Solutions) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Express Dictate (HKLM-x32\...\Express) (Version: 5.72 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.63 - NCH Software)
Express Zip File Compression Software (HKLM-x32\...\ExpressZip) (Version:  - NCH Software)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreeScreenSharing (HKCU\...\FreeScreenSharing) (Version: 0.56.21.0 - Free Conferencing Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Product Detection (HKLM-x32\...\{A34CC51D-C2FF-4E0E-9F27-28B0249A15DD}) (Version: 11.15.0007 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KODAK Share Button App (HKLM-x32\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)
liteCam HD Evaluation (HKLM-x32\...\{18F68A39-B013-447B-B28B-9F678A2241EF}) (Version: 4.53.0000 - RSUPPORT)
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 20.4.0.40 - Symantec Corporation)
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
PamFax (HKLM-x32\...\{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1) (Version: 3.4.6.11 - Scendix Software GmbH)
PamFax Office Integration (x32 Version: 1.0.2 - Scendix Software GmbH) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Peachtree Accounting 2012 (x32 Version: 19.00.01 - Sage Software, Inc.) Hidden
Peachtree Signature Ready Forms (x32 Version: 12.1.10 - Sage Software SB, Inc.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.net)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version:  - NCH Software)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayOn (HKLM-x32\...\{69144213-E603-459D-B6B6-C27A87E61D6F}) (Version: 3.8.12 - MediaMall Technologies, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 4.32 - NCH Software)
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Easy VHS to DVD 3 (HKLM-x32\...\{01EA1B5D-04A2-45BD-83BD-488D6EB7B942}) (Version: 3.0 - Roxio)
Roxio Easy VHS to DVD 3 (x32 Version: 3.0.137 - Roxio) Hidden
Roxio Express Labeler (x32 Version: 3.2.1 - Roxio) Hidden
ROXIOVHS3X64 (x32 Version: 1.02.0000 - ROXIO) Hidden
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.00.0000 - RSUPPORT)
Runaway with the Circus (x32 Version: 2.2.0.110 - WildTangent) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.1.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.1.0 - Shutterfly, Inc.) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.8.4.124.ga3559d86 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
Task Coach 1.3.31 (HKLM-x32\...\Task Coach_is1) (Version:  - Frank Niessink, Jerome Laheurte, and Aaron Wolf)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
Total Recorder 8.3 Professional Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wondershare PDF Editor(Build 3.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.0.0.18 - Wondershare Software Co.,Ltd.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
01-05-2014 10:41:37 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {258C8873-9E65-498A-9FF7-4992972E8F6F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {27B92FCB-4C16-4280-99D0-E85B897272CD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {295DFBA4-7DB5-41A5-87A6-DF74175DC6DF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {2EE1D1DE-CE72-466E-8B4C-FE108CFFB159} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {49FE33C1-5B57-4119-A46E-67E02B95699D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {55CCC968-67FA-463D-8D8D-E5B8F90E1A3B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {568C2B6A-37AB-4D14-9E2A-35EE2DA7C880} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {6FB14312-A922-4BAF-9309-EA3E2435AA70} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {73ED6864-532C-493C-8C5A-29C2985FAA67} - System32\Tasks\G2MUpdateTask-S-1-5-21-967247175-893293011-2753274408-1000 => C:\Users\Andrea\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {92DB3608-7DD9-4EA3-96F9-4006498CB002} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {9445A2D5-D160-452A-A0BE-7F6FF6F7C986} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22] (Google Inc.)
Task: {ADCE37CB-21F1-4D33-9350-5698FDAACBAF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {B1405C1A-9BFC-49A4-BC8B-D98162CEDEC1} - System32\Tasks\NCH Software\ExpressZipReminder => C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe [2012-06-02] (NCH Software)
Task: {B1B3CF12-F6FC-488B-80F8-4A16AA09C759} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {B1FAAC0B-F02C-42A1-AB36-5B6210200905} - System32\Tasks\NCH Software\WavePadDowngrade => C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe [2012-09-28] (NCH Software)
Task: {B2206F79-3F7B-4A50-ACE9-E79A62C962B1} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {C4036015-9FBA-4297-983D-3A6A1BDD0A92} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {CC222725-CCB0-47C3-8AD2-FE94146FC633} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {D678C295-BD16-4B99-873A-B1EF9D4A5985} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22] (Google Inc.)
Task: {E2E0A62B-823E-4589-A71B-28E6C1C8DD9A} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {EE49C3A6-9512-4513-8778-3C5947944FB6} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOff[email protected]
Task: {F472AE03-FC93-47F1-A656-48354C90DCF3} - \Browser Manager No Task File <==== ATTENTION
Task: {F8057668-DA9E-4D70-B5F9-5493945B2C0B} - \PC Optimizer Pro64 startups No Task File <==== ATTENTION
Task: {FE97909C-6D89-4599-81A6-9C2D1BEE41FE} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\windows\Tasks\EasyShare Registration Task.job => %ÅË¡™jXO²õ>c¬ÇåáFa<
 sÀ €!Þ!C:\windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt [email protected]Ü
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-967247175-893293011-2753274408-1000.job => C:\Users\Andrea\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-28 15:40 - 2014-04-23 20:33 - 00065352 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-29 07:30 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-29 07:30 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-04-28 15:43 - 2014-04-23 20:33 - 04081480 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-28 15:44 - 2014-04-23 20:33 - 00390472 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-28 15:41 - 2014-04-23 20:33 - 01647432 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:264B2CC4
AlternateDataStreams: C:\ProgramData\Temp:6BEB9EAA
AlternateDataStreams: C:\ProgramData\Temp:F5BECBD8
AlternateDataStreams: C:\Users\Andrea\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Andrea\Downloads\noname (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Andrea\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DragonSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: googletalk => C:\Users\Andrea\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KGShareApp => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: Sage Exchange => "C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms"
MSCONFIG\startupreg: Spotify => "C:\Users\Andrea\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Andrea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/02/2014 01:33:58 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Business 2010; Error = 0x8007043c).
 
Error: (05/02/2014 07:05:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2014 10:43:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2014 10:42:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Exception code: 0x40000015
Fault offset: 0x0007d28a
Faulting process id: 0x8d0
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (05/01/2014 10:42:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947e
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x61c
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
 
Error: (05/01/2014 08:58:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Exception code: 0x40000015
Fault offset: 0x0007d28a
Faulting process id: 0xaf0
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (05/01/2014 08:58:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2014 08:58:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947e
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x6dc
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
 
Error: (05/01/2014 08:53:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2014 06:53:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Exception code: 0x40000015
Fault offset: 0x0007d28a
Faulting process id: 0x8bc
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
 
System errors:
=============
Error: (05/02/2014 06:09:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2014 06:09:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2014 06:09:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2014 06:06:56 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2014 06:06:56 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2014 06:06:56 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2014 06:06:54 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2014 06:06:54 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2014 06:06:54 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2014 06:04:58 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (05/02/2014 01:33:58 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c
 
Error: (05/02/2014 07:05:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2014 10:43:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2014 10:42:52 PM) (Source: Application Error)(User: )
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28a8d001cf65b02cd7aa70C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe749888f9-d1a3-11e3-b95a-4c80938a6b8b
 
Error: (05/01/2014 10:42:34 PM) (Source: Application Error)(User: )
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd61c01cf65b01eabf94eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll69fee841-d1a3-11e3-b95a-4c80938a6b8b
 
Error: (05/01/2014 08:58:21 PM) (Source: Application Error)(User: )
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28aaf001cf65a1927401a3C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeda836d96-d194-11e3-9f24-4c80938a6b8b
 
Error: (05/01/2014 08:58:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2014 08:58:00 PM) (Source: Application Error)(User: )
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6dc01cf65a186f83e31C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllce59e5af-d194-11e3-9f24-4c80938a6b8b
 
Error: (05/01/2014 08:53:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2014 06:53:42 PM) (Source: Application Error)(User: )
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28a8bc01cf659029c80c79C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe70ab8b09-d183-11e3-884d-4c80938a6b8b
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 22%
Total physical RAM: 6050.05 MB
Available physical RAM: 4665.45 MB
Total Pagefile: 12098.29 MB
Available Pagefile: 10688.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:345.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2FAC01C7)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
# AdwCleaner v3.205 - Report created 01/05/2014 at 22:21:12
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Andrea - YGF2012
# Running from : C:\Users\Andrea\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\5c55da8cbc3ab845
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\speedypc software
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\pc optimizer pro
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\speedypc software
Key Found : HKLM\SOFTWARE\5c55da8cbc3ab845
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{081F856A-9653-461F-B575-D588D350A326}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1CD7792E-F41F-4FEC-93C0-62827E4A1C97}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{292A4B41-6290-4331-8599-DCC58CFB931F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EDA57D7-EBFE-4B21-AD18-4962E7242CF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{482E4109-8256-427F-BCD6-0156AC379287}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4A3C5F3B-A4A4-4E4C-81DD-E752E63B366E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B29CB15-852F-4F7C-8A66-355F75FFD123}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86421EBA-3921-4D56-97BB-064F4A4DF816}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C533E0C0-E6D1-4F17-A0DC-6E6C791FC582}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0E94CFD-9263-43F5-8ECB-FB82E9356DC3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ripit4me_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ripit4me_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\Software\speedypc software
Key Found : [x64] HKLM\SOFTWARE\pc optimizer pro
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16798
 
 
-\\ Google Chrome v
 
*************************
 
AdwCleaner[R0].txt - [3375 octets] - [01/05/2014 22:21:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3435 octets] ##########
 
 
# AdwCleaner v3.205 - Report created 01/05/2014 at 22:24:09
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Andrea - YGF2012
# Running from : C:\Users\Andrea\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKCU\Software\5c55da8cbc3ab845
Key Deleted : HKLM\SOFTWARE\5c55da8cbc3ab845
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ripit4me_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ripit4me_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{081F856A-9653-461F-B575-D588D350A326}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1CD7792E-F41F-4FEC-93C0-62827E4A1C97}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{292A4B41-6290-4331-8599-DCC58CFB931F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EDA57D7-EBFE-4B21-AD18-4962E7242CF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{482E4109-8256-427F-BCD6-0156AC379287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4A3C5F3B-A4A4-4E4C-81DD-E752E63B366E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B29CB15-852F-4F7C-8A66-355F75FFD123}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86421EBA-3921-4D56-97BB-064F4A4DF816}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C533E0C0-E6D1-4F17-A0DC-6E6C791FC582}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0E94CFD-9263-43F5-8ECB-FB82E9356DC3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\speedypc software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16798
 
 
-\\ Google Chrome v
 
*************************
 
AdwCleaner[R0].txt - [3539 octets] - [01/05/2014 22:21:12]
AdwCleaner[S0].txt - [3310 octets] - [01/05/2014 22:24:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3370 octets] ##########
 
 
Johnson Controls link can definitely be removed.  How should I do it?

  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello again GalFriday,

I see AVG in your logs but I don't see it in your installed programs.

Did you uninstall it at some point?

The reason I ask is because having two or more anti-virus programs leads to conflict resulting in slow computer  performance, error messages, crashes of the programs or other types of failure. I am not seeing it active anywhere in your logs but wonder if it might have left some bits and pieces behind.
Also did you install this one?

FreeScreenSharing

That one could be used maliciously but you may also have it quite legitimately.

Tell me about that and AVG when you return.

For now

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 


  • 0

#15
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I believe AVG might have been a recent malware scanner that I tried.  And I have used FreeScreenSharing a few times for meetings (several months ago).

 

Here's the fixlist:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by Andrea at 2014-05-02 20:07:13 Run:1
Running from C:\Users\Andrea\Downloads
Boot Mode: Safe Mode (with Networking)
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
C:\{156FD4A2-3392-4808-A15F-9B5D3276AABA}
Task: {F472AE03-FC93-47F1-A656-48354C90DCF3} - \Browser Manager No Task File <==== ATTENTION
Task: {F8057668-DA9E-4D70-B5F9-5493945B2C0B} - \PC Optimizer Pro64 startups No Task File <==== ATTENTION
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => Key deleted successfully.
C:\{156FD4A2-3392-4808-A15F-9B5D3276AABA} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F472AE03-FC93-47F1-A656-48354C90DCF3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F472AE03-FC93-47F1-A656-48354C90DCF3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Manager => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8057668-DA9E-4D70-B5F9-5493945B2C0B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8057668-DA9E-4D70-B5F9-5493945B2C0B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups => Key deleted successfully.
 
==== End of Fixlog ====

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP