Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow boot / No boot [Closed]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hi GalFriday,

 

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
 

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

 


  • 0

Advertisements


#17
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Okay, I'm in normal mode right now.  After this scan, it was only a second for my Chrome window to open and navigate here.  (I haven't rebooted yet, but I'm going to try that next.)

 

ComboFix 14-04-30.01 - Andrea 05/03/2014   8:30.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6050.4121 [GMT -4:00]
Running from: c:\users\Andrea\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6422\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6422\AddOnDownloaded\59be3af2-87f2-4d3a-b380-7509f3d47c40.dll
c:\programdata\PCDr\6422\AddOnDownloaded\8745715d-dc8a-4b32-b6a6-89cd3d0cc3c5.dll
c:\programdata\PCDr\6422\AddOnDownloaded\9c07cc30-4011-4e36-a63d-e59077a22429.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ad817bdc-639c-43e8-b06b-897bcb5b8f23.dll
c:\programdata\PCDr\6422\AddOnDownloaded\aeffdb78-a789-4b6a-b2c2-f85f9b4863e6.dll
c:\programdata\PCDr\6422\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6422\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6422\AddOnDownloaded\d48ca7e0-0e31-445b-a98c-56b7318daa06.dll
c:\programdata\PCDr\6422\AddOnDownloaded\e0db530c-27fc-4e55-af38-073796a09e9d.dll
c:\programdata\PCDr\6422\AddOnDownloaded\e5847967-7dc8-4833-8ca6-09af078c1bcb.dll
c:\programdata\Roaming
c:\users\Andrea\AppData\Local\assembly\tmp
c:\users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
c:\users\Andrea\AUTORUN.INF
c:\users\Andrea\Documents\~WRL3692.tmp
c:\users\Andrea\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-03 to 2014-05-03  )))))))))))))))))))))))))))))))
.
.
2014-05-03 12:52 . 2014-05-03 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-03 01:21 . 2014-05-03 10:48 -------- d-----w- c:\windows\system32\drivers\N360x64\1405000.01C
2014-05-03 01:19 . 2014-05-03 01:19 -------- d-----w- c:\users\Andrea\AppData\Roaming\DropboxMaster
2014-05-02 02:21 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-02 02:16 . 2014-05-02 02:24 -------- d-----w- C:\AdwCleaner
2014-05-01 23:07 . 2014-05-03 11:42 -------- d-----w- c:\programdata\boost_interprocess
2014-05-01 22:34 . 2014-05-03 12:52 -------- d-----w- c:\users\Andrea\AppData\Local\Temp
2014-05-01 22:34 . 2014-05-01 22:23 24064 ----a-w- c:\windows\zoek-delete.exe
2014-05-01 22:32 . 2014-05-01 22:34 -------- d-----w- C:\zoek
2014-04-30 09:34 . 2014-05-03 00:07 -------- d-----w- C:\FRST
2014-04-29 18:56 . 2014-05-01 11:26 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-29 18:54 . 2014-04-29 18:54 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-29 18:54 . 2014-04-29 18:54 -------- d-----w- c:\programdata\Malwarebytes
2014-04-29 18:54 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-29 18:54 . 2014-04-03 13:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-29 18:54 . 2014-04-03 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-29 18:51 . 2014-04-29 18:52 -------- d-----w- c:\program files (x86)\AVG
2014-04-29 18:51 . 2014-04-29 18:52 -------- d-----w- c:\programdata\Avg
2014-04-29 18:51 . 2014-04-29 18:51 -------- d--h--w- c:\programdata\Common Files
2014-04-29 18:51 . 2014-04-29 18:51 -------- d-----w- c:\users\Andrea\AppData\Local\Avg
2014-04-29 12:28 . 2014-04-29 12:28 -------- d-----w- c:\program files\CCleaner
2014-04-29 12:24 . 2014-04-29 12:24 -------- d-----w- c:\programdata\Soluto
2014-04-29 11:32 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-04-29 11:32 . 2014-04-29 11:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-04-29 11:32 . 2014-04-29 12:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-29 11:09 . 2014-04-30 19:44 17931952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-04-28 13:10 . 2014-04-28 13:10 -------- d-----w- c:\users\Andrea\WORK FILES.tsk.lock
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-30 19:44 . 2012-04-01 12:52 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-30 19:44 . 2012-01-14 16:58 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-10 13:35 . 2014-03-10 13:35 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-03-10 13:35 . 2014-03-10 13:35 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-10 13:35 . 2014-03-10 13:35 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-10 13:35 . 2014-03-10 13:35 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-03-10 13:35 . 2014-03-10 13:35 226304 ----a-w- c:\windows\system32\elshyph.dll
2014-03-10 13:35 . 2014-03-10 13:35 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-10 13:35 . 2014-03-10 13:35 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-10 13:35 . 2014-03-10 13:35 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-10 13:35 . 2014-03-10 13:35 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-10 13:35 . 2014-03-10 13:35 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-10 13:35 . 2014-03-10 13:35 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-10 13:35 . 2014-03-10 13:35 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-10 13:35 . 2014-03-10 13:35 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-10 13:35 . 2014-03-10 13:35 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-03-10 13:35 . 2014-03-10 13:35 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-10 13:35 . 2014-03-10 13:35 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-10 13:35 . 2014-03-10 13:35 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-10 13:35 . 2014-03-10 13:35 855552 ----a-w- c:\windows\system32\jscript.dll
2014-03-10 13:35 . 2014-03-10 13:35 81408 ----a-w- c:\windows\system32\icardie.dll
2014-03-10 13:35 . 2014-03-10 13:35 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-03-10 13:35 . 2014-03-10 13:35 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-10 13:35 . 2014-03-10 13:35 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-10 13:35 . 2014-03-10 13:35 67072 ----a-w- c:\windows\system32\iesetup.dll
2014-03-10 13:35 . 2014-03-10 13:35 62976 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-10 13:35 . 2014-03-10 13:35 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-10 13:35 . 2014-03-10 13:35 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-10 13:35 . 2014-03-10 13:35 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-10 13:35 . 2014-03-10 13:35 599552 ----a-w- c:\windows\system32\vbscript.dll
2014-03-10 13:35 . 2014-03-10 13:35 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-10 13:35 . 2014-03-10 13:35 526336 ----a-w- c:\windows\system32\ieui.dll
2014-03-10 13:35 . 2014-03-10 13:35 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-10 13:35 . 2014-03-10 13:35 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-10 13:35 . 2014-03-10 13:35 51200 ----a-w- c:\windows\system32\imgutil.dll
2014-03-10 13:35 . 2014-03-10 13:35 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-10 13:35 . 2014-03-10 13:35 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-10 13:35 . 2014-03-10 13:35 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-10 13:35 . 2014-03-10 13:35 441856 ----a-w- c:\windows\system32\html.iec
2014-03-10 13:35 . 2014-03-10 13:35 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-03-10 13:35 . 2014-03-10 13:35 3960320 ----a-w- c:\windows\system32\jscript9.dll
2014-03-10 13:35 . 2014-03-10 13:35 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-10 13:35 . 2014-03-10 13:35 361984 ----a-w- c:\windows\SysWow64\html.iec
2014-03-10 13:35 . 2014-03-10 13:35 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-10 13:35 . 2014-03-10 13:35 281600 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-10 13:35 . 2014-03-10 13:35 27648 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-10 13:35 . 2014-03-10 13:35 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-10 13:35 . 2014-03-10 13:35 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-10 13:35 . 2014-03-10 13:35 2648576 ----a-w- c:\windows\system32\iertutil.dll
2014-03-10 13:35 . 2014-03-10 13:35 247296 ----a-w- c:\windows\system32\webcheck.dll
2014-03-10 13:35 . 2014-03-10 13:35 235008 ----a-w- c:\windows\system32\url.dll
2014-03-10 13:35 . 2014-03-10 13:35 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-10 13:35 . 2014-03-10 13:35 2241536 ----a-w- c:\windows\system32\wininet.dll
2014-03-10 13:35 . 2014-03-10 13:35 216064 ----a-w- c:\windows\system32\msls31.dll
2014-03-10 13:35 . 2014-03-10 13:35 197120 ----a-w- c:\windows\system32\msrating.dll
2014-03-10 13:35 . 2014-03-10 13:35 19274240 ----a-w- c:\windows\system32\mshtml.dll
2014-03-10 13:35 . 2014-03-10 13:35 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-10 13:35 . 2014-03-10 13:35 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-03-10 13:35 . 2014-03-10 13:35 15403520 ----a-w- c:\windows\system32\ieframe.dll
2014-03-10 13:35 . 2014-03-10 13:35 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-10 13:35 . 2014-03-10 13:35 149504 ----a-w- c:\windows\system32\occache.dll
2014-03-10 13:35 . 2014-03-10 13:35 144896 ----a-w- c:\windows\system32\wextract.exe
2014-03-10 13:35 . 2014-03-10 13:35 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-10 13:35 . 2014-03-10 13:35 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-10 13:35 . 2014-03-10 13:35 13824 ----a-w- c:\windows\system32\mshta.exe
2014-03-10 13:35 . 2014-03-10 13:35 136704 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-10 13:35 . 2014-03-10 13:35 1365504 ----a-w- c:\windows\system32\urlmon.dll
2014-03-10 13:35 . 2014-03-10 13:35 136192 ----a-w- c:\windows\system32\iepeers.dll
2014-03-10 13:35 . 2014-03-10 13:35 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-10 13:35 . 2014-03-10 13:35 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-10 13:35 . 2014-03-10 13:35 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-10 13:35 . 2014-03-10 13:35 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-10 13:35 . 2014-03-10 13:35 102912 ----a-w- c:\windows\system32\inseng.dll
2014-03-10 13:33 . 2014-03-10 13:33 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-03-10 13:33 . 2014-03-10 13:33 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-03-10 13:33 . 2014-03-10 13:33 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-03-10 13:33 . 2014-03-10 13:33 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-03-10 13:33 . 2014-03-10 13:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-03-10 13:33 . 2014-03-10 13:33 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-03-10 13:33 . 2014-03-10 13:33 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-03-10 13:33 . 2014-03-10 13:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-03-10 13:33 . 2014-03-10 13:33 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-10 13:33 . 2014-03-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-10 13:33 . 2014-03-10 13:33 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-03-10 13:33 . 2014-03-10 13:33 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-03-10 13:33 . 2014-03-10 13:33 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-10 13:33 . 2014-03-10 13:33 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"HP Officejet 6700 (NET) A38340CDC9F47CCBF3F7BB3C1EC46A0C39C8CDBD3626A9B9E3EFA7EB"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
"DellSystemDetect"="c:\users\Andrea\AppData\Local\Apps\2.0\65J8EJRG.8KT\0ENBOXNG.74J\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe" [2014-04-28 254976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-12-18 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
.
c:\users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28J7KG0T05RQ;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 spiceworks;spiceworks;c:\users\Andrea\Dropbox\Sell Sell Sell\Spiceworks\bin\spiceworks.exe service;c:\users\Andrea\Dropbox\Sell Sell Sell\Spiceworks\bin\spiceworks.exe service [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe;c:\program files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140409.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140502.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140502.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1405000.01C\SYMNETS.SYS [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe;c:\program files (x86)\MediaMall\MediaMallServer.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys;c:\windows\SYSNATIVE\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys;c:\windows\SYSNATIVE\DRIVERS\tixhci.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:44]
.
2014-04-29 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-29 18:14]
.
2014-04-11 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-04-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job
- c:\users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 21:07]
.
2014-05-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job
- c:\users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 21:07]
.
2014-05-03 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-967247175-893293011-2753274408-1000.job
- c:\users\Andrea\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-15 16:33]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16 16:00]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16 16:00]
.
2014-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job
- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 20:11]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job
- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 20:11]
.
2014-04-29 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-29 18:13]
.
2014-04-29 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-04-29 18:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://my-remote.johnsoncontrols.com/https/jwimkns5.na.jci.com/dwa85W.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SMessaging - c:\users\Andrea\AppData\Local\Strongvault Online Backup\SMessaging.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
SafeBoot-rpcnet
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
AddRemove-{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1 - c:\program files (x86)\Wondershare\PDFEditor\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.5.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-03  08:54:21
ComboFix-quarantined-files.txt  2014-05-03 12:54
.
Pre-Run: 371,352,174,592 bytes free
Post-Run: 371,135,868,928 bytes free
.
- - End Of File - - AC81313729B93B46D62EAD9F80D459D6

  • 0

#18
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I rebooted to normal but it's all still the same.  Very slow to boot, login, and open a web page.  :(  I'm beginning to think computer companies send out malware purposely to get you to buy a new laptop every two years.


  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Don't give up yet. I actually think we are making progress. :)

 

Now

 

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services


[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]


  • 0

#20
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Here you go:

 

Farbar Service Scanner Version: 03-05-2014
Ran by Andrea (administrator) on 03-05-2014 at 20:41:08
Running from "C:\Users\Andrea\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Network
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
 
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
 
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello GalFriday,

Please download ESET's Service Repair Tool.

  • Double-click ServicesRepair.exe.
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.

After that

Please run Farbar's Service Scanner again and post back the FSS.txt it generates.


  • 0

#22
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I'm sorry it took so long to reply. Every reboot takes it back to "normal" and nothing functions.  then I couldn't get it to reboot into safe mode.

 

Here's the log:

Farbar Service Scanner Version: 03-05-2014
Ran by Andrea (administrator) on 04-05-2014 at 19:28:11
Running from "C:\Users\Andrea\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Network
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
 
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
 
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hmm... I was hoping that would improve things for you. ESET Service Repair Tool did repair some services but it looks like there is more to do.

Let's try this:

Download Windows Repair (All In One) from here.

It will allow you to repair common issues with your computer such as firewall, file permission, and Windows Update problems.  When using this tool you can select the particular fixes you would like to launch and start the repair process.

Please download the tool to somewhere you can find it.

Double click to open and follow the prompts to install.

Once installed click on the tab Start Repairs and the button Start

At the list that presents put a check (tick) in the following:

• Reset Registry Permissions
• Reset File Permissions
• Register System Files
• Repair WMI
• Repair Windows Firewall
• Repair Internet Explorer
• Repair MDAC & MS Jet
• Remove Policies Set By Infections
• Repair Icons
• Repair Winsock & DNS Cache
• Repair Windows Updates

Also put a check in the Restart/Shutdown System When Finished (lower right) box.

and in Restart System

Then click on the Start button if it doesn't do it automatically

If it asks you to back up your system click No and continue

When it is finished come back and tell me if there is any change in your computer.

 

 

 


  • 0

#24
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

After running that, here's what happened.

 

From "shutting down" to my login prompt, it was 3 minutes and 10 seconds.

From entering my password until my desktop "appeared" to load up completely, it was 3 minutes and 5 seconds.

I clicked on Chrome to open a web page and come back here - after 23 minutes, I had to kill the page and reboot into safe mode.

 

Do you have any recommendations on a good laptop for around $600?


  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

 

Do you have any recommendations on a good laptop for around $600?

 

I am not giving up yet. :lol:

 

Okay, something to try. When you ran ComboFix and before you rebooted your machine appeared to work fine.

That made me think that there was something wrong with the services on your computer. Malware often breaks services and other things. Sure enough when we ran FSS that is exactly what we found. I think we have now fixed those but the problem persists.

That says to me that there is more going on, maybe program conflict or corruption of some sort.

Another thing that happens when ComboFix runs is that security and other programs are stopped.

I think it's now a matter of elimination to find what is the cause.

Firstly, let's try uninstalling your security and anti-virus programs and see if that makes a difference. You can reinstall them later.

Please uninstall

Norton 360

and

Spybot Search and Destroy

After that come back and tell me if there is any difference.
 


  • 0

Advertisements


#26
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I removed Spybot and rebooted - still the same.  then I started to think about anything else I may have installed since I've had Norton on here forever and have never had any issues.  I noticed a small pop up window upon reboot "DSD."  This is a Dell diagnostic thing that apparently got added when I went there for some system checks.  I uninstalled it, but it didn't work.  I had to go to msconfig and uncheck it there.  I rebooted, and while things seem a little slow, I was actually able to get here at an almost normal pace.

 

I'm going to do some regular tasks and reboot the computer again to see what happens next.


  • 0

#27
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Well, regular tasks stalled.  I removed Norton and things are moving well.  Not like before (prior to the problem), but definitely an improvement.  Any thoughts as to what Norton is doing or why it's doing it now?  If I reinstall, will it still be okay since I'm using a "fresh" copy?


  • 0

#28
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I think I spoke too soon.  It's working, then it's not.  It's faster, then it stalls.


  • 0

#29
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

I think I spoke too soon.  It's working, then it's not.  It's faster, then it stalls.


Might be some left overs or something else going on as well. We will see...
 

Any thoughts as to what Norton is doing or why it's doing it now?


In the past Norton was often a problem. It had become very bloated over the years and slowed computers down a lot. I am told that more recently they have addressed that issue and things have improved but I think some machines do still experience slowing. Also, sometimes it's a conflict issue and removing the program that is the cause fixes the problem.

For now, I would leave Norton off for a bit just to see if that makes things better. We can use their cleanup utility to remove any bits and pieces.

Please download and run Norton Removal Tool.

After that

For protection in between (while we pin down the problem) you could use Microsoft Security Essentials, see below, it is free and Microsofts own AV so their shouldn't be any issues of slowing things down.

Important - you must uninstall all other real time security/anti-virus programs before you install Microsoft Security Essentials.

Download Microsoft Security Essentials and install it. Allow it to update and then run a full scan.

Finally

After you have completed those actions please run FRST again with the Additions box ticked. Post back the logs it generates. We can then have another look at where we are. :)
 


  • 0

#30
GalFriday

GalFriday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Sorry it took so long.  The MS scan ran for over 12 hours.  (It didn't find anything.)  I used my laptop this morning, then left.  It went to sleep, and when I came back, I couldn't wake it up entirely.  So I rebooted.  And it was slow and laggy again.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by Andrea (administrator) on YGF2012 on 06-05-2014 14:27:19
Running from C:\Users\Andrea\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dropbox, Inc.) C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10365952 2011-05-19] (Intel Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85672 2011-05-10] (Absolute Software)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-967247175-893293011-2753274408-1000\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...age={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://my-remote.jo....com/dwa85W.cab
DPF: HKLM-x32 {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://my-remote.jo...i.com/dwa8W.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @playon.tv/PlayOnToolbar - C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Andrea\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Andrea\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Andrea\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Andrea\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrea\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrea\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-22]
CHR Extension: (Google Search) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-22]
CHR Extension: (Motive Extension) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-02-12]
CHR Extension: (Skyrama) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap [2012-02-22]
CHR Extension: (Grepolis) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2012-02-22]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2012-12-28]
CHR Extension: (Gmail) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-22]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Andrea\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-16]
CHR HKLM-x32\...\Chrome\Extension: [ienaefcpghbmccojmklhdffdobkbencj] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]
CHR StartMenuInternet: Google Chrome - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5454640 2014-03-28] (MediaMall Technologies, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1114384 2011-12-19] (Rovi Corporation)
S2 spiceworks; "C:\Users\Andrea\Dropbox\Sell Sell Sell\Spiceworks\bin\spiceworks.exe" service [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-11-02] (MediaMall Technologies, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 TotRec8; C:\windows\system32\drivers\TotRec8.sys [122640 2012-08-13] (High Criteria inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64A.sys [736280 2011-12-28] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64A.sys [1171992 2011-12-28] (eMPIA Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-05 18:09 - 2014-05-05 18:09 - 00001945 _____ () C:\windows\epplauncher.mif
2014-05-05 18:06 - 2014-05-05 18:06 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-05 18:06 - 2014-05-05 18:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-05 18:06 - 2014-05-05 18:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-05 18:02 - 2014-05-05 18:02 - 13829304 _____ (Microsoft Corporation) C:\Users\Andrea\Downloads\mseinstall.exe
2014-05-05 18:00 - 2014-05-05 18:00 - 00869456 _____ () C:\Users\Andrea\Downloads\Norton_Removal_Tool.exe
2014-05-05 06:48 - 2014-05-05 06:48 - 00000085 _____ () C:\windows\wininit.ini
2014-05-04 21:31 - 2014-05-04 21:31 - 00000207 _____ () C:\windows\tweaking.com-regbackup-YGF2012-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-05-04 21:30 - 2014-05-04 21:30 - 00000000 ____D () C:\RegBackup
2014-05-04 21:29 - 2014-05-04 21:29 - 00002161 _____ () C:\Users\Andrea\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-05-04 21:29 - 2014-05-04 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-05-04 21:28 - 2014-05-04 21:28 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-05-04 21:27 - 2014-05-04 21:27 - 05459368 _____ () C:\Users\Andrea\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-05-04 07:56 - 2014-05-04 07:56 - 04009167 _____ () C:\Users\Andrea\Downloads\ServicesRepair.exe
2014-05-04 07:56 - 2014-05-04 07:56 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-05-03 20:41 - 2014-05-04 19:28 - 00003584 _____ () C:\Users\Andrea\Downloads\FSS.txt
2014-05-03 20:40 - 2014-05-03 20:40 - 00408576 _____ (Farbar) C:\Users\Andrea\Downloads\FSS.exe
2014-05-03 08:54 - 2014-05-03 08:54 - 00039923 _____ () C:\ComboFix.txt
2014-05-03 08:27 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe
2014-05-03 08:27 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe
2014-05-03 08:27 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-05-03 08:27 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-05-03 08:27 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-05-03 08:27 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe
2014-05-03 08:27 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe
2014-05-03 08:27 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe
2014-05-03 07:17 - 2014-05-03 08:54 - 00000000 ____D () C:\Qoobox
2014-05-03 07:16 - 2014-05-03 08:53 - 00000000 ____D () C:\windows\erdnt
2014-05-03 07:01 - 2014-05-03 07:01 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-05-03 06:57 - 2014-05-03 06:58 - 05197895 ____R (Swearware) C:\Users\Andrea\Desktop\ComboFix.exe
2014-05-02 21:19 - 2014-05-02 21:19 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\DropboxMaster
2014-05-02 07:07 - 2014-05-06 14:26 - 00000000 ____D () C:\Users\Andrea\Downloads\FRST-OlderVersion
2014-05-01 22:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-01 22:16 - 2014-05-01 22:24 - 00000000 ____D () C:\AdwCleaner
2014-05-01 21:45 - 2014-05-01 21:47 - 01310621 _____ () C:\Users\Andrea\Downloads\AdwCleaner.exe
2014-05-01 19:07 - 2014-05-06 13:58 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-01 18:34 - 2014-05-01 18:23 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-05-01 18:32 - 2014-05-01 18:34 - 00000000 ____D () C:\zoek
2014-05-01 18:27 - 2014-05-01 19:15 - 00011745 _____ () C:\zoek-results.log
2014-05-01 18:23 - 2014-05-01 18:33 - 00000000 ____D () C:\zoek_backup
2014-05-01 10:51 - 2014-05-01 10:51 - 01285120 _____ () C:\Users\Andrea\Desktop\zoek.exe
2014-04-30 14:29 - 2014-04-30 14:29 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Mozilla
2014-04-30 05:36 - 2014-05-02 18:11 - 00055898 _____ () C:\Users\Andrea\Downloads\Addition.txt
2014-04-30 05:34 - 2014-05-06 14:27 - 00020576 _____ () C:\Users\Andrea\Downloads\FRST.txt
2014-04-30 05:34 - 2014-05-06 14:27 - 00000000 ____D () C:\FRST
2014-04-30 05:33 - 2014-05-06 14:26 - 02063872 _____ (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2014-04-29 14:56 - 2014-05-01 07:26 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 14:54 - 2014-04-29 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 14:54 - 2014-04-29 14:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-29 14:54 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-29 14:54 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-29 14:54 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-29 14:51 - 2014-04-29 14:52 - 00000000 ____D () C:\Users\Andrea\AppData\Local\AvgSetupLog
2014-04-29 14:51 - 2014-04-29 14:52 - 00000000 ____D () C:\ProgramData\Avg
2014-04-29 14:51 - 2014-04-29 14:52 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-29 14:51 - 2014-04-29 14:51 - 16045040 _____ (AVG Technologies) C:\Users\Andrea\Downloads\avg_zist_stb_all_208_23.exe
2014-04-29 14:51 - 2014-04-29 14:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Avg
2014-04-29 08:42 - 2014-05-06 14:12 - 00485948 _____ () C:\windows\WindowsUpdate.log
2014-04-29 08:32 - 2014-05-06 13:51 - 00001400 _____ () C:\windows\setupact.log
2014-04-29 08:32 - 2014-04-29 08:32 - 00000000 _____ () C:\windows\setuperr.log
2014-04-29 08:31 - 2014-05-06 13:50 - 00335952 _____ () C:\windows\PFRO.log
2014-04-29 08:28 - 2014-04-29 08:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-29 08:27 - 2014-04-29 08:27 - 04745984 _____ (Piriform Ltd) C:\Users\Andrea\Downloads\ccsetup413.exe
2014-04-29 08:26 - 2014-04-29 08:26 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583 (1).exe
2014-04-29 08:24 - 2014-04-29 08:24 - 01514048 _____ (Soluto Inc) C:\Users\Andrea\Downloads\solutoinstaller-k56pw02ao39y.exe
2014-04-29 08:24 - 2014-04-29 08:24 - 00000000 ____D () C:\ProgramData\Soluto
2014-04-29 08:22 - 2014-04-29 08:22 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583.exe
2014-04-29 07:32 - 2014-05-05 06:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-29 07:32 - 2014-05-05 06:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-29 07:30 - 2014-04-29 07:30 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Andrea\Downloads\spybot-2.3.exe
2014-04-29 07:09 - 2014-04-30 15:44 - 17931952 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 16:31 - 2014-04-28 16:31 - 00417872 _____ () C:\Users\Andrea\Downloads\DellSystemDetect.exe
2014-04-28 09:10 - 2014-04-28 09:10 - 00000000 ____D () C:\Users\Andrea\WORK FILES.tsk.lock
2014-04-28 01:52 - 2014-04-28 01:52 - 00003120 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-04-27 23:23 - 2014-04-27 23:23 - 03774570 _____ () C:\Users\Andrea\Documents\AutoRuns.arn
2014-04-26 08:35 - 2014-04-26 08:35 - 00478193 _____ () C:\Users\Andrea\Downloads\MayTiger Tales 2013.ppp
2014-04-25 07:30 - 2014-04-25 07:30 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (2).eml
2014-04-25 07:26 - 2014-04-25 07:26 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (1).eml
2014-04-21 21:35 - 2014-04-21 21:38 - 30841344 _____ () C:\Users\Andrea\Downloads\Fall_Slideshow_2010_0.ppt
2014-04-21 15:19 - 2014-04-21 15:30 - 00001121 _____ () C:\Users\Andrea\Downloads\HistoryDownload.csv
2014-04-21 14:05 - 2014-04-21 14:05 - 00016897 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 4-21-2014.xlsx
2014-04-18 09:07 - 2014-04-18 09:07 - 00034816 _____ () C:\Users\Andrea\Downloads\How to Get Free Traffic From Google - Registration Report.xls
2014-04-16 13:22 - 2014-04-16 13:22 - 00045559 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 16APR2014_revised action.xlsx
2014-04-15 08:49 - 2014-04-15 08:49 - 00000231 _____ () C:\Users\Andrea\Downloads\Introduction-To-Google-Analytics-Webinar-12.6.13-PART-1.mp4
 
==================== One Month Modified Files and Folders =======
 
2014-05-06 14:27 - 2014-04-30 05:34 - 00020576 _____ () C:\Users\Andrea\Downloads\FRST.txt
2014-05-06 14:27 - 2014-04-30 05:34 - 00000000 ____D () C:\FRST
2014-05-06 14:27 - 2012-02-22 21:39 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Skype
2014-05-06 14:26 - 2014-05-02 07:07 - 00000000 ____D () C:\Users\Andrea\Downloads\FRST-OlderVersion
2014-05-06 14:26 - 2014-04-30 05:33 - 02063872 _____ (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2014-05-06 14:16 - 2009-07-14 00:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 14:16 - 2009-07-14 00:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 14:12 - 2014-04-29 08:42 - 00485948 _____ () C:\windows\WindowsUpdate.log
2014-05-06 14:12 - 2012-04-30 20:01 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job
2014-05-06 14:12 - 2012-02-22 21:27 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Dropbox
2014-05-06 14:00 - 2014-01-16 12:00 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 14:00 - 2012-02-22 16:11 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job
2014-05-06 13:59 - 2012-02-22 21:29 - 00000000 ___RD () C:\Users\Andrea\Dropbox
2014-05-06 13:58 - 2014-05-01 19:07 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-06 13:54 - 2014-01-16 12:00 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-06 13:53 - 2012-01-14 13:41 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-05-06 13:53 - 2012-01-14 13:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-05-06 13:53 - 2012-01-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-06 13:51 - 2014-04-29 08:32 - 00001400 _____ () C:\windows\setupact.log
2014-05-06 13:51 - 2012-02-22 16:11 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job
2014-05-06 13:51 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-06 13:50 - 2014-04-29 08:31 - 00335952 _____ () C:\windows\PFRO.log
2014-05-06 13:48 - 2014-01-24 08:54 - 00000568 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-967247175-893293011-2753274408-1000.job
2014-05-06 13:46 - 2012-08-05 08:37 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-06 07:53 - 2012-02-22 14:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-06 07:19 - 2014-01-06 09:51 - 00206791 _____ () C:\Users\Andrea\Documents\2014 Time Tracking.xlsx
2014-05-06 06:43 - 2012-04-11 16:16 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\PamFax Office Integrations
2014-05-06 06:37 - 2012-12-08 06:49 - 00000000 ____D () C:\ProgramData\MediaMall
2014-05-05 18:09 - 2014-05-05 18:09 - 00001945 _____ () C:\windows\epplauncher.mif
2014-05-05 18:06 - 2014-05-05 18:06 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-05 18:06 - 2014-05-05 18:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-05 18:06 - 2014-05-05 18:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-05 18:02 - 2014-05-05 18:02 - 13829304 _____ (Microsoft Corporation) C:\Users\Andrea\Downloads\mseinstall.exe
2014-05-05 18:01 - 2012-08-25 13:03 - 00000000 ____D () C:\ProgramData\Norton
2014-05-05 18:00 - 2014-05-05 18:00 - 00869456 _____ () C:\Users\Andrea\Downloads\Norton_Removal_Tool.exe
2014-05-05 17:12 - 2012-04-30 20:01 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job
2014-05-05 16:07 - 2013-05-21 16:35 - 00000000 ____D () C:\Program Files\My Dell
2014-05-05 16:07 - 2012-02-25 13:04 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-05 16:02 - 2013-05-21 16:36 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-05-05 15:55 - 2009-07-14 01:13 - 00006740 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-05 13:32 - 2013-10-28 14:43 - 00001976 _____ () C:\Users\Public\Desktop\Dell DataSafe Online.lnk
2014-05-05 13:32 - 2013-10-28 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe Online
2014-05-05 07:28 - 2012-02-22 16:11 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Deployment
2014-05-05 06:49 - 2014-04-29 07:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-05 06:48 - 2014-05-05 06:48 - 00000085 _____ () C:\windows\wininit.ini
2014-05-05 06:48 - 2014-04-29 07:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-04 22:18 - 2012-02-22 15:02 - 00114392 _____ () C:\Users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-04 22:15 - 2009-07-14 00:45 - 00416264 _____ () C:\windows\system32\FNTCACHE.DAT
2014-05-04 22:11 - 2009-07-13 22:34 - 00000546 _____ () C:\windows\win.ini
2014-05-04 22:06 - 2011-11-16 15:25 - 00006740 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-05-04 21:31 - 2014-05-04 21:31 - 00000207 _____ () C:\windows\tweaking.com-regbackup-YGF2012-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-05-04 21:30 - 2014-05-04 21:30 - 00000000 ____D () C:\RegBackup
2014-05-04 21:29 - 2014-05-04 21:29 - 00002161 _____ () C:\Users\Andrea\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-05-04 21:29 - 2014-05-04 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-05-04 21:28 - 2014-05-04 21:28 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-05-04 21:27 - 2014-05-04 21:27 - 05459368 _____ () C:\Users\Andrea\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-05-04 19:28 - 2014-05-03 20:41 - 00003584 _____ () C:\Users\Andrea\Downloads\FSS.txt
2014-05-04 08:26 - 2012-02-22 16:11 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Apps\2.0
2014-05-04 07:56 - 2014-05-04 07:56 - 04009167 _____ () C:\Users\Andrea\Downloads\ServicesRepair.exe
2014-05-04 07:56 - 2014-05-04 07:56 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-05-03 20:40 - 2014-05-03 20:40 - 00408576 _____ (Farbar) C:\Users\Andrea\Downloads\FSS.exe
2014-05-03 08:54 - 2014-05-03 08:54 - 00039923 _____ () C:\ComboFix.txt
2014-05-03 08:54 - 2014-05-03 07:17 - 00000000 ____D () C:\Qoobox
2014-05-03 08:54 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-05-03 08:53 - 2014-05-03 07:16 - 00000000 ____D () C:\windows\erdnt
2014-05-03 08:52 - 2012-02-22 15:02 - 00000000 ____D () C:\Users\Andrea
2014-05-03 08:52 - 2012-02-22 14:05 - 00000000 ___RD () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 08:52 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2014-05-03 07:01 - 2014-05-03 07:01 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-05-03 06:58 - 2014-05-03 06:57 - 05197895 ____R (Swearware) C:\Users\Andrea\Desktop\ComboFix.exe
2014-05-03 06:51 - 2012-08-25 13:24 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-05-02 21:19 - 2014-05-02 21:19 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\DropboxMaster
2014-05-02 21:19 - 2012-02-22 21:29 - 00001023 _____ () C:\Users\Andrea\Desktop\Dropbox.lnk
2014-05-02 21:19 - 2012-02-22 21:28 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-02 18:11 - 2014-04-30 05:36 - 00055898 _____ () C:\Users\Andrea\Downloads\Addition.txt
2014-05-01 22:24 - 2014-05-01 22:16 - 00000000 ____D () C:\AdwCleaner
2014-05-01 21:47 - 2014-05-01 21:45 - 01310621 _____ () C:\Users\Andrea\Downloads\AdwCleaner.exe
2014-05-01 20:59 - 2014-01-16 12:02 - 00000000 ___RD () C:\Users\Andrea\Google Drive
2014-05-01 19:15 - 2014-05-01 18:27 - 00011745 _____ () C:\zoek-results.log
2014-05-01 18:34 - 2014-05-01 18:32 - 00000000 ____D () C:\zoek
2014-05-01 18:33 - 2014-05-01 18:23 - 00000000 ____D () C:\zoek_backup
2014-05-01 18:23 - 2014-05-01 18:34 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-05-01 10:54 - 2013-07-13 14:45 - 00000000 ____D () C:\Users\Andrea\Desktop\GRAM
2014-05-01 10:51 - 2014-05-01 10:51 - 01285120 _____ () C:\Users\Andrea\Desktop\zoek.exe
2014-05-01 08:26 - 2012-02-25 13:20 - 00000000 ____D () C:\Users\Andrea\Documents\Outlook Files
2014-05-01 07:26 - 2014-04-29 14:56 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 07:15 - 2012-02-22 20:28 - 00000000 ____D () C:\Users\Andrea\Documents\PTA
2014-04-30 15:44 - 2014-04-29 07:09 - 17931952 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-30 15:44 - 2012-08-05 08:37 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 15:44 - 2012-04-01 08:52 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 15:44 - 2012-01-14 12:58 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 14:29 - 2014-04-30 14:29 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Mozilla
2014-04-29 15:27 - 2012-01-14 14:45 - 00000000 ____D () C:\windows\ShellNew
2014-04-29 14:54 - 2014-04-29 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 14:54 - 2014-04-29 14:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 14:54 - 2014-04-29 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-29 14:52 - 2014-04-29 14:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\AvgSetupLog
2014-04-29 14:52 - 2014-04-29 14:51 - 00000000 ____D () C:\ProgramData\Avg
2014-04-29 14:52 - 2014-04-29 14:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-29 14:51 - 2014-04-29 14:51 - 16045040 _____ (AVG Technologies) C:\Users\Andrea\Downloads\avg_zist_stb_all_208_23.exe
2014-04-29 14:51 - 2014-04-29 14:51 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Avg
2014-04-29 08:32 - 2014-04-29 08:32 - 00000000 _____ () C:\windows\setuperr.log
2014-04-29 08:30 - 2012-08-31 05:48 - 00000000 ____D () C:\Users\Andrea\AppData\Local\CrashDumps
2014-04-29 08:30 - 2012-08-25 12:56 - 00000000 ____D () C:\windows\Minidump
2014-04-29 08:30 - 2011-02-23 09:08 - 00000000 ____D () C:\windows\Panther
2014-04-29 08:28 - 2014-04-29 08:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-29 08:28 - 2014-04-29 08:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-29 08:27 - 2014-04-29 08:27 - 04745984 _____ (Piriform Ltd) C:\Users\Andrea\Downloads\ccsetup413.exe
2014-04-29 08:26 - 2014-04-29 08:26 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583 (1).exe
2014-04-29 08:24 - 2014-04-29 08:24 - 01514048 _____ (Soluto Inc) C:\Users\Andrea\Downloads\solutoinstaller-k56pw02ao39y.exe
2014-04-29 08:24 - 2014-04-29 08:24 - 00000000 ____D () C:\ProgramData\Soluto
2014-04-29 08:22 - 2014-04-29 08:22 - 00929416 _____ (CNET Download.com) C:\Users\Andrea\Downloads\cbsidlm-cbsi188-Soluto-SEO-75446583.exe
2014-04-29 07:30 - 2014-04-29 07:30 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Andrea\Downloads\spybot-2.3.exe
2014-04-28 16:31 - 2014-04-28 16:31 - 00417872 _____ () C:\Users\Andrea\Downloads\DellSystemDetect.exe
2014-04-28 16:16 - 2012-02-22 16:11 - 00002372 _____ () C:\Users\Andrea\Desktop\Google Chrome.lnk
2014-04-28 15:06 - 2013-09-25 16:41 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Screencast-O-Matic
2014-04-28 09:37 - 2013-09-02 20:19 - 00143880 _____ () C:\Users\Andrea\WORK FILES.tsk
2014-04-28 09:14 - 2012-02-22 16:05 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Nero
2014-04-28 09:10 - 2014-04-28 09:10 - 00000000 ____D () C:\Users\Andrea\WORK FILES.tsk.lock
2014-04-28 08:58 - 2013-08-19 09:15 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Task Coach
2014-04-28 08:43 - 2012-01-14 13:10 - 00000000 ____D () C:\ProgramData\Nero
2014-04-28 08:43 - 2012-01-14 13:10 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-04-28 08:42 - 2012-01-14 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL
2014-04-28 08:18 - 2012-10-18 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-28 08:17 - 2014-01-16 20:45 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Opera Software
2014-04-28 08:17 - 2014-01-16 20:45 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Opera Software
2014-04-28 08:17 - 2014-01-16 20:45 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-28 01:52 - 2014-04-28 01:52 - 00003120 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-04-28 01:33 - 2012-06-22 15:17 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Arcsoft
2014-04-28 01:33 - 2012-02-25 17:06 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-04-28 01:33 - 2012-02-22 16:11 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-28 01:33 - 2012-01-14 14:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-28 01:32 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-04-27 23:23 - 2014-04-27 23:23 - 03774570 _____ () C:\Users\Andrea\Documents\AutoRuns.arn
2014-04-26 08:35 - 2014-04-26 08:35 - 00478193 _____ () C:\Users\Andrea\Downloads\MayTiger Tales 2013.ppp
2014-04-25 07:30 - 2014-04-25 07:30 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (2).eml
2014-04-25 07:26 - 2014-04-25 07:26 - 00036868 _____ () C:\Users\Andrea\Downloads\noname (1).eml
2014-04-24 15:45 - 2014-03-16 14:15 - 00000000 ____D () C:\Users\Andrea\Documents\Baby Shower
2014-04-24 15:27 - 2013-01-24 11:48 - 00000000 ____D () C:\Users\Andrea\Documents\9999_POTENTIAL CLIENTS
2014-04-23 11:01 - 2013-02-11 13:18 - 00000000 ____D () C:\Users\Andrea\Documents\39_TOMASES & COMPANY
2014-04-22 14:27 - 2014-04-02 08:51 - 00000000 ____D () C:\Users\Andrea\Documents\53_JOHN POLIS
2014-04-21 21:38 - 2014-04-21 21:35 - 30841344 _____ () C:\Users\Andrea\Downloads\Fall_Slideshow_2010_0.ppt
2014-04-21 15:32 - 2013-04-17 18:55 - 00000000 ____D () C:\Users\Andrea\Documents\42_SELL SELL SELL
2014-04-21 15:30 - 2014-04-21 15:19 - 00001121 _____ () C:\Users\Andrea\Downloads\HistoryDownload.csv
2014-04-21 14:05 - 2014-04-21 14:05 - 00016897 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 4-21-2014.xlsx
2014-04-21 11:51 - 2012-02-22 22:40 - 00000000 ____D () C:\Users\Andrea\Documents\Personal Items 2011
2014-04-18 09:07 - 2014-04-18 09:07 - 00034816 _____ () C:\Users\Andrea\Downloads\How to Get Free Traffic From Google - Registration Report.xls
2014-04-16 16:12 - 2012-12-28 20:31 - 00002475 _____ () C:\Users\Andrea\AppData\Roaming\SAS7_000.DAT
2014-04-16 13:22 - 2014-04-16 13:22 - 00045559 _____ () C:\Users\Andrea\Downloads\Biosentronics Returns 16APR2014_revised action.xlsx
2014-04-16 07:38 - 2012-02-22 22:06 - 00000000 ____D () C:\Users\Andrea\Documents\99_PRIOR CLIENTS
2014-04-15 08:49 - 2014-04-15 08:49 - 00000231 _____ () C:\Users\Andrea\Downloads\Introduction-To-Google-Analytics-Webinar-12.6.13-PART-1.mp4
2014-04-15 08:49 - 2013-01-22 21:03 - 00000000 ____D () C:\Users\Andrea\Documents\36_MAIN STREET ROI
2014-04-11 15:08 - 2012-06-22 15:09 - 00000402 _____ () C:\windows\Tasks\EasyShare Registration Task.job
2014-04-09 21:41 - 2014-03-30 07:10 - 00012810 _____ () C:\Users\Andrea\Documents\GOW power.xlsx
2014-04-07 09:05 - 2012-12-08 06:50 - 00000000 ____D () C:\Program Files (x86)\MediaMall
2014-04-07 09:02 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
 
Files to move or delete:
====================
C:\Users\Andrea\AppData\Roaming\CamLayout.ini
C:\Users\Andrea\AppData\Roaming\CamShapes.ini
 
 
Some content of TEMP:
====================
C:\Users\Andrea\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp7pizu.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-30 17:51
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by Andrea at 2014-05-06 14:28:29
Running from C:\Users\Andrea\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.10 - Absolute Software)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
AVI To MP4 Converter 1.0 (HKLM-x32\...\AVI To MP4 Converter_is1) (Version:  - A Software Plus)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BCL easyConverter Desktop 3 (Word Version) (HKLM-x32\...\{8C5845B5-729F-40E3-A945-4454E67F65F4}) (Version: 3.0.18 - BCL Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brainville (x32 Version: 2.2.0.110 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.9.0.19 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.67 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.67 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Email Extractor (HKLM-x32\...\Email Extractor) (Version: 5.0 - WebPro Software)
Email Extractor (x32 Version: 5.0 - WebPro Solutions) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Express Dictate (HKLM-x32\...\Express) (Version: 5.72 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.63 - NCH Software)
Express Zip File Compression Software (HKLM-x32\...\ExpressZip) (Version:  - NCH Software)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreeScreenSharing (HKCU\...\FreeScreenSharing) (Version: 0.56.21.0 - Free Conferencing Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Product Detection (HKLM-x32\...\{A34CC51D-C2FF-4E0E-9F27-28B0249A15DD}) (Version: 11.15.0007 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KODAK Share Button App (HKLM-x32\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)
liteCam HD Evaluation (HKLM-x32\...\{18F68A39-B013-447B-B28B-9F678A2241EF}) (Version: 4.53.0000 - RSUPPORT)
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
PamFax (HKLM-x32\...\{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1) (Version: 3.4.6.11 - Scendix Software GmbH)
PamFax Office Integration (x32 Version: 1.0.2 - Scendix Software GmbH) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Peachtree Accounting 2012 (x32 Version: 19.00.01 - Sage Software, Inc.) Hidden
Peachtree Signature Ready Forms (x32 Version: 12.1.10 - Sage Software SB, Inc.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.net)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version:  - NCH Software)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayOn (HKLM-x32\...\{69144213-E603-459D-B6B6-C27A87E61D6F}) (Version: 3.8.12 - MediaMall Technologies, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 4.32 - NCH Software)
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Easy VHS to DVD 3 (HKLM-x32\...\{01EA1B5D-04A2-45BD-83BD-488D6EB7B942}) (Version: 3.0 - Roxio)
Roxio Easy VHS to DVD 3 (x32 Version: 3.0.137 - Roxio) Hidden
Roxio Express Labeler (x32 Version: 3.2.1 - Roxio) Hidden
ROXIOVHS3X64 (x32 Version: 1.02.0000 - ROXIO) Hidden
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.00.0000 - RSUPPORT)
Runaway with the Circus (x32 Version: 2.2.0.110 - WildTangent) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.1.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.1.0 - Shutterfly, Inc.) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.8.4.124.ga3559d86 - Spotify AB)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
Task Coach 1.3.31 (HKLM-x32\...\Task Coach_is1) (Version:  - Frank Niessink, Jerome Laheurte, and Aaron Wolf)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
Total Recorder 8.3 Professional Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.6.2 - Tweaking.com)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wondershare PDF Editor(Build 3.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.0.0.18 - Wondershare Software Co.,Ltd.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
01-05-2014 10:41:37 Scheduled Checkpoint
03-05-2014 12:27:40 ComboFix created restore point
05-05-2014 22:08:58 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-05-03 08:52 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {258C8873-9E65-498A-9FF7-4992972E8F6F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {27B92FCB-4C16-4280-99D0-E85B897272CD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {2EE1D1DE-CE72-466E-8B4C-FE108CFFB159} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {49FE33C1-5B57-4119-A46E-67E02B95699D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {4C2CF09B-2471-4CCE-870F-7329A37BADAB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe
Task: {55CCC968-67FA-463D-8D8D-E5B8F90E1A3B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {568C2B6A-37AB-4D14-9E2A-35EE2DA7C880} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {6FB14312-A922-4BAF-9309-EA3E2435AA70} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {73ED6864-532C-493C-8C5A-29C2985FAA67} - System32\Tasks\G2MUpdateTask-S-1-5-21-967247175-893293011-2753274408-1000 => C:\Users\Andrea\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {7C25E995-3C1D-4AC9-A86A-F2FA4E692DAF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe
Task: {9445A2D5-D160-452A-A0BE-7F6FF6F7C986} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22] (Google Inc.)
Task: {ADCE37CB-21F1-4D33-9350-5698FDAACBAF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {B1405C1A-9BFC-49A4-BC8B-D98162CEDEC1} - System32\Tasks\NCH Software\ExpressZipReminder => C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe [2012-06-02] (NCH Software)
Task: {B1FAAC0B-F02C-42A1-AB36-5B6210200905} - System32\Tasks\NCH Software\WavePadDowngrade => C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe [2012-09-28] (NCH Software)
Task: {B2206F79-3F7B-4A50-ACE9-E79A62C962B1} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {C4036015-9FBA-4297-983D-3A6A1BDD0A92} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {CC222725-CCB0-47C3-8AD2-FE94146FC633} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {D678C295-BD16-4B99-873A-B1EF9D4A5985} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22] (Google Inc.)
Task: {D8CB93A3-C75E-4319-9D46-9205BC276F5B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\WSCStub.exe
Task: {E2E0A62B-823E-4589-A71B-28E6C1C8DD9A} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {EE49C3A6-9512-4513-8778-3C5947944FB6} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt [email protected]
Task: {FE97909C-6D89-4599-81A6-9C2D1BEE41FE} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\EasyShare Registration Task.job => %ÅË¡™jXO²õ>c¬ÇåáFa<
 sÀ €!Þ!C:\windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt [email protected]Ü
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job => C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-967247175-893293011-2753274408-1000.job => C:\Users\Andrea\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000Core.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967247175-893293011-2753274408-1000UA.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-15 19:46 - 2011-09-15 19:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-01-14 14:29 - 2011-04-10 14:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-15 19:46 - 2011-09-15 19:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-01-14 13:30 - 2011-08-18 12:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-05-06 13:54 - 2014-05-06 13:54 - 00041984 _____ () c:\users\andrea\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp7pizu.dll
2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Users\Andrea\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-17 04:42 - 2013-12-17 04:42 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll
2012-12-08 13:42 - 2012-08-01 01:03 - 00017408 _____ () C:\Program Files (x86)\MediaMall\plugins\ParseUtilities.dll
2014-03-10 17:12 - 2014-03-10 17:12 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2012-01-14 12:57 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-04-28 15:40 - 2014-04-23 20:33 - 00065352 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-28 15:41 - 2014-04-23 20:33 - 00674632 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-28 15:41 - 2014-04-23 20:33 - 00093000 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-28 15:41 - 2014-04-23 20:33 - 01647432 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-28 15:44 - 2014-04-23 20:33 - 13692232 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
2014-04-28 15:43 - 2014-04-23 20:33 - 04081480 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-28 15:44 - 2014-04-23 20:33 - 00390472 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:264B2CC4
AlternateDataStreams: C:\ProgramData\Temp:6BEB9EAA
AlternateDataStreams: C:\ProgramData\Temp:F5BECBD8
AlternateDataStreams: C:\Users\Andrea\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Andrea\Downloads\noname (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Andrea\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DragonSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Andrea\AppData\Local\Apps\2.0\65J8EJRG.8KT\0ENBOXNG.74J\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: googletalk => C:\Users\Andrea\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KGShareApp => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: Sage Exchange => "C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sage Payment Solutions\Sage Exchange.appref-ms"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Andrea\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Andrea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/06/2014 01:53:13 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Exception code: 0x40000015
Fault offset: 0x0007d28a
Faulting process id: 0xeb0
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (05/06/2014 01:52:56 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947e
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xc28
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
 
Error: (05/05/2014 05:05:55 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/05/2014 05:05:29 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/05/2014 03:55:49 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) (EventID: 3011)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (05/05/2014 03:55:49 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) (EventID: 3012)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (05/05/2014 01:17:06 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Exception code: 0x40000015
Fault offset: 0x0007d28a
Faulting process id: 0x868
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (05/05/2014 01:16:47 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947e
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x6f4
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
 
Error: (05/05/2014 00:25:30 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Exception code: 0x40000015
Fault offset: 0x0007d28a
Faulting process id: 0xd08
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (05/05/2014 00:24:56 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947e
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x6e8
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
 
 
System errors:
=============
Error: (05/06/2014 02:01:58 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The Intel® Management and Security Application User Notification Service service failed to start due to the following error: 
%%1053
 
Error: (05/06/2014 02:01:58 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.
 
Error: (05/06/2014 02:01:23 PM) (Source: Service Control Manager) (User: ) (EventID: 7022)
Description: The Windows Update service hung on starting.
 
Error: (05/06/2014 01:57:48 PM) (Source: Service Control Manager) (User: ) (EventID: 7022)
Description: The Dell DataSafe Online service hung on starting.
 
Error: (05/06/2014 01:53:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/06/2014 01:52:57 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (05/06/2014 01:52:57 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
Error: (05/06/2014 01:51:31 PM) (Source: EventLog) (User: ) (EventID: 6008)
Description: The previous system shutdown at 1:49:43 PM on ‎5/‎6/‎2014 was unexpected.
 
Error: (05/06/2014 01:45:53 PM) (Source: Service Control Manager) (User: ) (EventID: 7011)
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NOBU service.
 
Error: (05/06/2014 01:45:13 PM) (Source: Service Control Manager) (User: ) (EventID: 7011)
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
 
 
Microsoft Office Sessions:
=========================
Error: (05/06/2014 01:53:13 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28aeb001cf695403879d1eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe4aa4ee6b-d547-11e3-9f21-4c80938a6b8b
 
Error: (05/06/2014 01:52:56 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdc2801cf6953f1495144C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll408fe90b-d547-11e3-9f21-4c80938a6b8b
 
Error: (05/05/2014 05:05:55 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
 
Error: (05/05/2014 05:05:29 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe
 
Error: (05/05/2014 03:55:49 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) (EventID: 3011)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (05/05/2014 03:55:49 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) (EventID: 3012)
Description: Performance1637070000000000000000000009030000
 
Error: (05/05/2014 01:17:06 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28a86801cf6885cda47a2dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe149b03bf-d479-11e3-8aef-4c80938a6b8b
 
Error: (05/05/2014 01:16:47 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6f401cf6885c14432a0C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll09775336-d479-11e3-8aef-4c80938a6b8b
 
Error: (05/05/2014 00:25:30 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28ad0801cf687e92a25403C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exedf7ff9cb-d471-11e3-be22-4c80938a6b8b
 
Error: (05/05/2014 00:24:56 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6e801cf687e8054f4c7C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllcb3b2f8e-d471-11e3-be22-4c80938a6b8b
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-03 08:52:04.483
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-03 08:52:04.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 40%
Total physical RAM: 6050.05 MB
Available physical RAM: 3621.92 MB
Total Pagefile: 12098.29 MB
Available Pagefile: 9448.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:345.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2FAC01C7)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP