Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows 7 Windows 7
Search Search
Search for:
Tech Support Guy > > >

Solved: Win 7 slow/hanging- unable to resolve


(!)

megavites's Avatar
megavites megavites is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2014
12-Mar-2014, 08:01 PM #1
Solved: Win 7 slow/hanging- unable to resolve
Win 7 (64bit) HP box, AMD PhenomII x4 , 6GB ram

been dealing with hangs/ no response for about 4wks now. Went thru a malware investigation on another forum and couldn't find anything.(Adw, JRT, Mbar, eset) Thought an external backup drive was the cause (if fell), disconnected it, things ran better for a day, then back to hangs and no response. I resorted to a system restore prior to these events. This did not resolve the problem.
Things seem to go bad when the system is idle. I did find a pup.optional.fullspectrumadmin w/mbar on a safe mode boot scan prior to the system restore. I may have picked it up after those scans. Cleaned it, but still have same issues after sys. restore. I also had to reload Nortons as it got corrupted. file indexing is turned off. I see different kinds of errors in the Win event viewer but they are not consistent. Here's a security check to start with. Thanks for your help.

Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Reader 10.1.9 Adobe Reader out of Date!
Google Chrome 31.0.1650.57
Google Chrome 33.0.1750.146
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
lunarlander's Avatar
Computer Specs
Member with 5,618 posts.
 
Join Date: Sep 2007
12-Mar-2014, 08:05 PM #2
Windows Firewall should be deactivated if Norton Internet Security has a firewall.
megavites's Avatar
megavites megavites is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2014
12-Mar-2014, 08:11 PM #3
I believe Nortons uses the Windows firewall. Going into the Win settings and it says its managed by Nortons Internet security.
megavites's Avatar
megavites megavites is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2014
14-Mar-2014, 09:28 PM #4
I've since run all windows updates, updated IE to 11. I have Adobe reader X and it says its up to date. I ran SFC and it stopped at 92%. Log seemed to indicate everything ok up to that point.
Not sure what step to take next.
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
15-Mar-2014, 06:12 AM #5
Clearly something is not right here with SFC stopping before completion, how long did you leave it for?

This scan may help to reveal what is going on.

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click on FRST to run it. When the tool opens click Yes to the disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
  • The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.
__________________
Please Copy & Paste scan results into your replies, DO NOT send them as attachments or in Code or Quote boxes unless asked to.
megavites's Avatar
megavites megavites is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2014
15-Mar-2014, 08:53 AM #6
additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by smith at 2014-03-15 08:51:31
Running from C:\Users\smith\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD64Bit (Version: 1.00.0000 - InterVideo) Hidden
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11266.0 - Cisco Consumer Products LLC)
Corel DVD Copy 6 (HKLM-x32\...\InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}) (Version: 6.0 - Corel Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.25 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Copy (x32 Version: 6.0 - Corel Corporation) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.1 - Nikon)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.2.4521 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.027 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
InterVideo DiscLabel (HKLM-x32\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version: - )
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version: - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Publisher 2010 (HKLM-x32\...\Office14.PUBLISHERR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.0 - Nikon)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.1.1.7 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.6 - Nikon)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.0.34.1 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7280 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SU_Podium_Browser version 2.0 (HKLM-x32\...\SU_Podium_Browser_is1) (Version: - Cadalog Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.4.0 - Nikon)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wisdom-soft Set up ScreenHunter 5.1 Free (HKLM-x32\...\Wisdom-soft Set up ScreenHunter 5.1 Free) (Version: - Wisdom Software Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

13-03-2014 01:42:39 Windows Update
14-03-2014 07:00:29 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-03-09 12:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {048D8E69-187B-4354-9711-8462B2EF7C97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1478CEDA-A39A-4CE2-AFB8-BBBA5FE2B751} - System32\Tasks\smith Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-02-10] (Seagate Technology LLC)
Task: {23886A4D-6021-4C8B-8106-0BC14D7EC8C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04] (Google Inc.)
Task: {38488B2A-2D9B-4C55-8D68-DAB7FC92D2D9} - System32\Tasks\smith => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-02-10] (Seagate Technology LLC)
Task: {3CB5FDD8-34BB-403A-95D1-B27F04A63BDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {4BC31B53-95E5-426C-B5E0-66F94B849C88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: {5FB2B242-4348-4B19-AC7C-81702FD20B53} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {6FC3355C-81D9-4B19-AD2C-11CC18EFFD36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04] (Google Inc.)
Task: {821E35B3-CE81-478E-AA26-416B1969DB60} - System32\Tasks\smith DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-02-10] (Seagate Technology LLC)
Task: {8C9FA2D7-8005-468F-801E-10EBFE0FDDE5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8DA93986-317C-41B1-A155-FF1B39DC3641} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {948F4A48-4E4F-4571-A707-5419C0A2FA47} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {97F306CD-0A89-4A5F-8859-AF9665686AF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A1B1B745-49EC-407F-ACBD-123A7B202BBA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\WSCStub.exe [2014-02-11] (Symantec Corporation)
Task: {A3BB2589-F26C-4407-8216-D67F448DA5A3} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-02-10] (Seagate Technology LLC)
Task: {D2E2597D-4AE6-458C-90A8-2F9392B78570} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {E55E1C86-B2C0-4C2B-AF3E-46E3E5FE7D20} - System32\Tasks\HPCeeScheduleForsmith => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {E6B1A537-A763-414E-9DF0-D204C491B054} - System32\Tasks\{1E0C4CF8-7B60-4EB6-A90A-7D36A24CD91B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForsmith.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2014 03:06:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (03/12/2014 11:44:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (03/12/2014 09:19:00 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (03/12/2014 08:50:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -515.

Error: (03/12/2014 08:50:50 PM) (Source: ESENT) (User: )
Description: Catalog Database (1248) Catalog Database: Database recovery/restore failed with unexpected error -515.

Error: (03/12/2014 08:26:00 PM) (Source: ESENT) (User: )
Description: Catalog Database (1160) Catalog Database: Unable to rollback operation #702 on database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error: -510. All future database updates will be rejected.

Error: (03/12/2014 08:26:00 PM) (Source: ESENT) (User: )
Description: Catalog Database (1160) Catalog Database: The logfile sequence in "C:\Windows\system32\CatRoot2\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (03/12/2014 08:26:00 PM) (Source: ESENT) (User: )
Description: Catalog Database (1160) Catalog Database: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1022.

Error: (03/12/2014 08:26:00 PM) (Source: ESENT) (User: )
Description: Catalog Database (1160) Catalog Database: An attempt to move the file "C:\Windows\system32\CatRoot2\edb.log" to "C:\Windows\system32\CatRoot2\edb005A3.log" failed with system error 183 (0x000000b7): "Cannot create a file when that file already exists. ". The move file operation will fail with error -1022 (0xfffffc02).

Error: (03/12/2014 05:23:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".E rror in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/15/2014 08:51:37 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/15/2014 08:51:37 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/15/2014 08:51:37 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/15/2014 08:51:25 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/15/2014 08:51:25 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/15/2014 08:51:25 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/15/2014 08:51:15 AM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (03/15/2014 08:49:39 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (03/15/2014 08:49:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/15/2014 08:49:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/14/2014 03:06:18 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD _NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/12/2014 11:44:15 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD _NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/12/2014 09:19:00 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (03/12/2014 08:50:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: -515

Error: (03/12/2014 08:50:50 PM) (Source: ESENT)(User: )
Description: Catalog Database1248Catalog Database: -515

Error: (03/12/2014 08:26:00 PM) (Source: ESENT)(User: )
Description: Catalog Database1160Catalog Database: 702C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-510

Error: (03/12/2014 08:26:00 PM) (Source: ESENT)(User: )
Description: Catalog Database1160Catalog Database: C:\Windows\system32\CatRoot2\

Error: (03/12/2014 08:26:00 PM) (Source: ESENT)(User: )
Description: Catalog Database1160Catalog Database: -1022

Error: (03/12/2014 08:26:00 PM) (Source: ESENT)(User: )
Description: Catalog Database1160Catalog Database: C:\Windows\system32\CatRoot2\edb.logC:\Windows\system32\CatRoot2\edb005A3.l og-1022 (0xfffffc02)183 (0x000000b7)Cannot create a file when that file already exists.

Error: (03/12/2014 05:23:18 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\W indows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\U sers\smith\Desktop\virus and malware\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
Date: 2014-03-09 12:44:02.266
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-09 12:44:02.001
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 5887.29 MB
Available physical RAM: 4829.2 MB
Total Pagefile: 11772.75 MB
Available Pagefile: 10747.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.13 GB) (Free:786.29 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.28 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1564.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 175D89A9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: CB352FE1)

Partition: GPT Partition Type.

==================== End Of Log ============================
megavites's Avatar
megavites megavites is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2014
15-Mar-2014, 08:55 AM #7
frst.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by smith (administrator) on smith-HP on 15-03-2014 08:50:55
Running from C:\Users\smith\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [lxecmon.exe] - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2011-01-23] ()
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DBAgent] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-02-10] (Seagate Technology LLC)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-02-25] (Hewlett-Packard)
HKU\S-1-5-21-3447961908-2287881627-3116208830-1001\...\Run: [Uploader] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {77759B6C-171E-416D-9131-4314E206DC42} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={ outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {77759B6C-171E-416D-9131-4314E206DC42} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={ outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.1.7\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\coIEPlg.dll (Symantec Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136

Chrome:
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dl l ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\np HDPlg.dll (Hulu LLC)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-16]
CHR Extension: (Google Drive) - C:\Users\smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16]
CHR Extension: (YouTube) - C:\Users\smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16]
CHR Extension: (Google Cast) - C:\Users\smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-11-04]
CHR Extension: (Google Search) - C:\Users\smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Autodesk Homestyler) - C:\Users\smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-12-28]
CHR Extension: (Norton Identity Protection) - C:\Users\smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-08]
CHR Extension: (Google Wallet) - C:\Users\smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Users\smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\Exts\Chrome.crx [2014-03-08]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
S2 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe [276376 2014-02-12] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2014-02-14] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501010.007\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-03-08] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140313.001\IDSvia64.sys [524504 2014-03-07] (Symantec Corporation)
R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21792 2007-01-11] (InterVideo, Inc.)
R3 Iviaspi; C:\Windows\SysWOW64\drivers\iviaspi.sys [10368 2005-12-01] (InterVideo, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140314.001\ENG64.SYS [126040 2014-03-08] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140314.001\EX64.SYS [2099288 2014-03-08] (Symantec Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1501010.007\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501010.007\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501010.007\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501010.007\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-08] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1501010.007\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NISx64\1501010.007\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 08:42 - 2014-03-15 08:51 - 00014146 _____ () C:\Users\smith\Desktop\FRST.txt
2014-03-15 08:41 - 2014-03-15 08:42 - 00000000 ____D () C:\FRST
2014-03-15 08:39 - 2014-03-15 08:39 - 02157056 _____ (Farbar) C:\Users\smith\Desktop\FRST64.exe
2014-03-15 08:33 - 2014-03-15 08:33 - 02096355 _____ () C:\Users\smith\Downloads\2FA8.tmp
2014-03-15 08:33 - 2014-03-15 08:33 - 00017373 _____ () C:\Users\smith\Downloads\2F77.tmp
2014-03-15 08:33 - 2014-03-15 08:33 - 00017373 _____ () C:\Users\smith\Downloads\2F76.tmp
2014-03-14 16:54 - 2014-03-14 16:54 - 00003732 _____ () C:\Windows\System32\Tasks\smith Merge
2014-03-14 03:01 - 2013-12-21 05:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-14 03:01 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 18:51 - 2014-03-13 18:51 - 00072306 _____ () C:\Users\smith\Desktop\sfcdetails.txt
2014-03-13 18:50 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 18:50 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 18:50 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 18:50 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 18:50 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 18:50 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 18:50 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 18:50 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 18:50 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 18:50 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 18:50 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 18:50 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 18:50 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 18:50 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 18:50 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 18:50 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 18:50 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 18:50 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 18:50 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 18:50 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 18:50 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 18:50 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 18:50 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 18:50 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 18:50 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 18:50 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 18:50 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 18:50 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 18:50 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 18:50 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 18:50 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 18:50 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 18:50 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 18:50 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 18:50 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 18:50 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 18:50 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 18:50 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 18:50 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 18:50 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 21:51 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-03-12 21:47 - 2014-03-12 21:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-12 21:47 - 2014-03-12 21:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-12 21:47 - 2014-03-12 21:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-12 21:47 - 2014-03-12 21:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-12 21:47 - 2014-03-12 21:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-12 21:47 - 2014-03-12 21:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-12 21:47 - 2014-03-12 21:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-12 21:33 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-12 21:33 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-12 20:26 - 2014-03-12 20:26 - 00000134 _____ () C:\Users\smith\Desktop\Internet Explorer Troubleshooting.url
2014-03-12 20:20 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-12 20:20 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-12 20:20 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-12 20:20 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-12 20:20 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-12 20:20 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-12 20:20 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-12 20:20 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-12 20:20 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-12 20:20 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-12 20:20 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-12 20:20 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-12 20:20 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-12 20:20 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-12 20:20 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-12 20:20 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-12 20:07 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-12 20:07 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-12 17:21 - 2014-03-12 17:21 - 00987442 _____ () C:\Users\smith\Downloads\SecurityCheck.exe
2014-03-12 17:21 - 2014-03-12 17:21 - 00987442 _____ () C:\Users\smith\Desktop\SecurityCheck.exe
2014-03-12 17:07 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 17:07 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 17:07 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 17:07 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 17:07 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 17:07 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 17:07 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 17:07 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-09 15:55 - 2014-03-14 16:54 - 00003716 _____ () C:\Windows\System32\Tasks\smith
2014-03-09 15:50 - 2014-03-09 15:50 - 00003500 _____ () C:\Windows\System32\Tasks\smith DBAgent 2 0
2014-03-09 15:46 - 2014-03-09 15:46 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2014-03-09 15:41 - 2014-03-09 15:41 - 00000000 ____D () C:\ProgramData\Seagate
2014-03-09 14:53 - 2014-03-09 14:53 - 00000000 ____D () C:\Users\smith\AppData\Local\Apps\2.0
2014-03-09 13:16 - 2014-03-09 13:16 - 00925193 _____ () C:\Users\smith\Downloads\WinDlg_v1_25.zip
2014-03-09 13:16 - 2014-03-09 13:16 - 00000000 ____D () C:\Program Files (x86)\Western Digital Corporation
2014-03-09 12:57 - 2014-03-09 12:57 - 00021988 _____ () C:\ComboFix.txt
2014-03-09 12:33 - 2014-03-09 13:02 - 00000000 ____D () C:\Windows\erdnt
2014-03-09 11:10 - 2013-05-10 01:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-03-09 11:10 - 2013-05-10 01:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-03-09 11:10 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-03-09 11:10 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-03-09 10:57 - 2014-03-12 21:51 - 00026505 _____ () C:\Windows\IE11_main.log
2014-03-09 10:43 - 2014-03-09 10:43 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-09 10:37 - 2014-03-09 10:37 - 00000000 ____D () C:\Windows\pss
2014-03-08 23:44 - 2014-03-08 23:44 - 01244192 _____ () C:\Users\smith\Downloads\adwcleaner.exe
2014-03-08 23:44 - 2014-03-08 23:44 - 01244192 _____ () C:\Users\smith\Desktop\adwcleaner.exe
2014-03-08 19:32 - 2014-03-08 19:32 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-08 19:32 - 2014-03-08 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-08 19:32 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-08 19:22 - 2014-03-12 20:02 - 00000000 ____D () C:\Users\smith\Desktop\virus and malware
2014-03-08 18:05 - 2014-03-08 18:05 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-03-08 18:03 - 2014-03-08 18:03 - 00002570 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-03-08 18:02 - 2014-03-08 18:02 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-03-08 18:02 - 2014-03-08 18:02 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-03-08 17:43 - 2014-03-08 17:43 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Oracle
2014-03-08 17:40 - 2014-03-08 17:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-08 17:40 - 2014-03-08 17:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-08 17:40 - 2014-03-08 17:40 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-08 17:40 - 2014-03-08 17:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-08 17:26 - 2014-03-15 08:28 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForsmith
2014-03-08 17:26 - 2014-03-15 08:28 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForsmith.job
2014-03-08 17:08 - 2014-03-08 17:08 - 01931088 _____ (Symantec Corporation) C:\Users\smith\Desktop\FixTDSS.exe
2014-03-08 17:01 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-08 17:01 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-08 17:01 - 2013-11-23 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-08 17:01 - 2013-11-23 13:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-08 17:01 - 2013-10-29 22:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-08 17:01 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-08 16:59 - 2012-07-26 01:32 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-03-08 16:58 - 2014-03-08 16:58 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2014-03-08 16:58 - 2014-03-08 16:58 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-03-08 16:58 - 2013-11-11 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-08 16:58 - 2013-11-11 22:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-08 16:58 - 2013-10-18 22:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-08 16:58 - 2013-10-18 21:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-08 16:58 - 2012-07-26 01:32 - 00125872 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi64.dll
2014-03-08 16:58 - 2012-07-26 01:32 - 00106928 _____ (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2014-03-08 16:57 - 2013-12-05 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-08 16:57 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-08 16:54 - 2013-10-03 22:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-08 16:54 - 2013-10-03 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-08 16:53 - 2014-03-08 18:05 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-03-08 16:53 - 2014-03-08 17:55 - 00001298 _____ () C:\Users\smith\Desktop\Norton Installation Files.lnk
2014-03-08 16:53 - 2014-03-08 16:53 - 01022080 _____ (Symantec Corporation) C:\Users\smith\Downloads\NBRT-Retail-Downloader.exe
2014-03-08 16:53 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-08 16:53 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-08 16:53 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-08 16:53 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-08 16:53 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-08 16:53 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-08 16:53 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-08 16:53 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-08 16:53 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-08 16:53 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-08 16:53 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-08 16:53 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-08 16:53 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-08 16:53 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-08 16:53 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-08 16:53 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-08 16:53 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-08 16:53 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-08 16:52 - 2013-11-26 21:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-08 16:52 - 2013-11-26 21:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-08 16:52 - 2013-11-26 21:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-08 16:52 - 2013-11-26 21:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-08 16:52 - 2013-11-26 21:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-08 16:52 - 2013-11-26 21:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-08 16:52 - 2013-11-26 21:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-08 16:51 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-08 16:51 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-08 16:51 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-08 16:51 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-08 16:51 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-08 16:51 - 2013-10-11 22:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-08 16:51 - 2013-10-11 22:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-08 16:51 - 2013-10-11 22:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-08 16:51 - 2013-10-11 22:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-08 16:51 - 2013-10-11 21:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-08 16:51 - 2013-10-11 21:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-08 16:51 - 2013-10-11 21:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-08 16:51 - 2013-10-11 21:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-07 23:39 - 2014-03-08 17:28 - 00000000 ____D () C:\Users\smith\AppData\Local\NPE
2014-03-01 16:58 - 2014-03-01 16:58 - 00000000 ____D () C:\ProgramData\Nero
2014-02-25 19:57 - 2014-02-25 19:57 - 00000000 ____D () C:\found.000
2014-02-20 18:21 - 2014-02-20 18:21 - 00000000 ____D () C:\Users\smith\AppData\Roaming\NewspaperDirect
2014-02-19 19:07 - 2014-02-19 19:07 - 00005908 _____ () C:\Users\smith\Documents\eventviewer.xml
2014-02-18 18:50 - 2014-02-18 18:50 - 00000000 ____D () C:\Users\smith\AppData\Roaming\QuickScan
2014-02-16 22:53 - 2014-03-07 22:40 - 00000000 ____D () C:\Users\smith\Downloads\ProcessExplorer
2014-02-16 22:17 - 2014-02-16 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-16 22:16 - 2014-02-16 22:16 - 00000939 _____ () C:\Users\smith\Downloads\AdwCleaner[S1].txt
2014-02-16 21:59 - 2014-02-16 22:16 - 00000633 _____ () C:\Users\smith\Downloads\JRT.txt
2014-02-16 21:57 - 2014-02-16 21:57 - 01243588 _____ () C:\Users\smith\Downloads\ProcessExplorer.zip
2014-02-16 21:52 - 2014-02-16 21:52 - 00000000 ____D () C:\Windows\ERUNT
2014-02-16 21:01 - 2014-02-16 21:01 - 00001197 _____ () C:\Users\smith\Downloads\checkup.txt
2014-02-16 20:22 - 2014-03-07 22:40 - 00000000 ____D () C:\Users\smith\Downloads\lspfix
2014-02-16 20:03 - 2014-02-16 20:07 - 00201030 _____ () C:\Users\smith\Downloads\lspfix.zip
2014-02-16 20:02 - 2014-02-16 20:32 - 00000000 ____D () C:\Users\smith\Downloads\backups
2014-02-16 19:51 - 2014-02-16 20:25 - 00012436 _____ () C:\Users\smith\Downloads\hijackthis.log
2014-02-16 17:12 - 2014-03-08 23:46 - 00000000 ____D () C:\AdwCleaner
2014-02-16 17:08 - 2014-03-07 22:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-15 18:17 - 2014-02-15 18:17 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Malwarebytes
2014-02-15 18:17 - 2014-02-15 18:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 14:07 - 2014-02-15 14:07 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Nero
2014-02-15 14:06 - 2014-03-09 15:49 - 00003512 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2014-02-15 13:59 - 2014-03-01 16:55 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Seagate
2014-02-15 13:53 - 2014-03-01 16:51 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-02-15 13:50 - 2014-02-15 13:50 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Leadertech
2014-02-13 09:59 - 2013-12-05 22:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 09:59 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-03-15 08:51 - 2014-03-15 08:42 - 00014146 _____ () C:\Users\smith\Desktop\FRST.txt
2014-03-15 08:50 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 08:46 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 08:42 - 2014-03-15 08:41 - 00000000 ____D () C:\FRST
2014-03-15 08:41 - 2010-11-05 20:58 - 01586117 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 08:39 - 2014-03-15 08:39 - 02157056 _____ (Farbar) C:\Users\smith\Desktop\FRST64.exe
2014-03-15 08:37 - 2013-01-04 20:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 08:37 - 2012-04-30 20:25 - 00350009 _____ () C:\ProgramData\lxecscan.log
2014-03-15 08:36 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 08:36 - 2009-07-14 00:51 - 00055831 _____ () C:\Windows\setupact.log
2014-03-15 08:33 - 2014-03-15 08:33 - 02096355 _____ () C:\Users\smith\Downloads\2FA8.tmp
2014-03-15 08:33 - 2014-03-15 08:33 - 00017373 _____ () C:\Users\smith\Downloads\2F77.tmp
2014-03-15 08:33 - 2014-03-15 08:33 - 00017373 _____ () C:\Users\smith\Downloads\2F76.tmp
2014-03-15 08:28 - 2014-03-08 17:26 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForsmith
2014-03-15 08:28 - 2014-03-08 17:26 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForsmith.job
2014-03-15 08:28 - 2013-10-11 18:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 08:28 - 2013-01-04 20:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-14 16:54 - 2014-03-14 16:54 - 00003732 _____ () C:\Windows\System32\Tasks\smith Merge
2014-03-14 16:54 - 2014-03-09 15:55 - 00003716 _____ () C:\Windows\System32\Tasks\smith
2014-03-14 03:42 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 03:08 - 2012-11-19 21:42 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-13 18:51 - 2014-03-13 18:51 - 00072306 _____ () C:\Users\smith\Desktop\sfcdetails.txt
2014-03-12 23:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-03-12 22:27 - 2011-03-13 17:16 - 00001419 _____ () C:\Users\smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-12 22:25 - 2011-06-22 23:19 - 00000000 ____D () C:\Windows\Minidump
2014-03-12 22:22 - 2010-11-05 23:02 - 00286067 ____N () C:\Windows\Minidump\031214-192255-01.dmp
2014-03-12 22:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-12 21:51 - 2014-03-09 10:57 - 00026505 _____ () C:\Windows\IE11_main.log
2014-03-12 21:47 - 2014-03-12 21:47 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-12 21:47 - 2014-03-12 21:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-12 21:47 - 2014-03-12 21:47 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-12 21:47 - 2014-03-12 21:47 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-12 21:47 - 2014-03-12 21:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-12 21:47 - 2014-03-12 21:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-12 21:47 - 2014-03-12 21:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-12 21:47 - 2014-03-12 21:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-12 21:47 - 2014-03-12 21:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-12 21:24 - 2011-03-13 17:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 20:50 - 2009-07-14 00:45 - 00422216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 20:49 - 2013-03-13 03:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 20:49 - 2013-03-13 03:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 20:49 - 2010-11-05 23:02 - 00480660 _____ () C:\Windows\PFRO.log
2014-03-12 20:26 - 2014-03-12 20:26 - 00000134 _____ () C:\Users\smith\Desktop\Internet Explorer Troubleshooting.url
2014-03-12 20:17 - 2010-11-05 21:06 - 00005698 _____ () C:\Windows\system32\RaCoInst.log
2014-03-12 20:15 - 2013-10-11 17:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 20:13 - 2011-03-14 16:07 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-12 20:02 - 2014-03-08 19:22 - 00000000 ____D () C:\Users\smith\Desktop\virus and malware
2014-03-12 17:21 - 2014-03-12 17:21 - 00987442 _____ () C:\Users\smith\Downloads\SecurityCheck.exe
2014-03-12 17:21 - 2014-03-12 17:21 - 00987442 _____ () C:\Users\smith\Desktop\SecurityCheck.exe
2014-03-10 21:39 - 2011-03-14 16:06 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-10 21:38 - 2011-11-14 21:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-10 21:37 - 2011-03-14 16:05 - 00000000 ____D () C:\Users\smith\AppData\Roaming\HpUpdate
2014-03-10 21:37 - 2011-03-14 16:05 - 00000000 ____D () C:\Users\smith\AppData\Roaming\HP Support Assistant
2014-03-09 15:50 - 2014-03-09 15:50 - 00003500 _____ () C:\Windows\System32\Tasks\smith DBAgent 2 0
2014-03-09 15:49 - 2014-02-15 14:06 - 00003512 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2014-03-09 15:46 - 2014-03-09 15:46 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2014-03-09 15:41 - 2014-03-09 15:41 - 00000000 ____D () C:\ProgramData\Seagate
2014-03-09 15:41 - 2011-03-13 17:14 - 00113616 _____ () C:\Users\smith\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-09 14:53 - 2014-03-09 14:53 - 00000000 ____D () C:\Users\smith\AppData\Local\Apps\2.0
2014-03-09 13:16 - 2014-03-09 13:16 - 00925193 _____ () C:\Users\smith\Downloads\WinDlg_v1_25.zip
2014-03-09 13:16 - 2014-03-09 13:16 - 00000000 ____D () C:\Program Files (x86)\Western Digital Corporation
2014-03-09 13:02 - 2014-03-09 12:33 - 00000000 ____D () C:\Windows\erdnt
2014-03-09 12:57 - 2014-03-09 12:57 - 00021988 _____ () C:\ComboFix.txt
2014-03-09 12:57 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-03-09 12:47 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-09 10:44 - 2011-05-09 11:49 - 00000000 ____D () C:\ProgramData\Skype
2014-03-09 10:43 - 2014-03-09 10:43 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-09 10:43 - 2011-05-09 11:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 10:37 - 2014-03-09 10:37 - 00000000 ____D () C:\Windows\pss
2014-03-08 23:46 - 2014-02-16 17:12 - 00000000 ____D () C:\AdwCleaner
2014-03-08 23:44 - 2014-03-08 23:44 - 01244192 _____ () C:\Users\smith\Downloads\adwcleaner.exe
2014-03-08 23:44 - 2014-03-08 23:44 - 01244192 _____ () C:\Users\smith\Desktop\adwcleaner.exe
2014-03-08 19:32 - 2014-03-08 19:32 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-08 19:32 - 2014-03-08 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-08 18:54 - 2010-11-05 21:18 - 00000000 ____D () C:\ProgramData\PDFC
2014-03-08 18:05 - 2014-03-08 18:05 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-03-08 18:05 - 2014-03-08 16:53 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-03-08 18:05 - 2010-11-05 21:30 - 00000000 ____D () C:\ProgramData\Norton
2014-03-08 18:03 - 2014-03-08 18:03 - 00002570 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-03-08 18:03 - 2013-09-03 20:55 - 00003232 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-03-08 18:03 - 2010-11-05 21:30 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-03-08 18:03 - 2010-11-05 21:30 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-03-08 18:02 - 2014-03-08 18:02 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-03-08 18:02 - 2014-03-08 18:02 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-03-08 17:55 - 2014-03-08 16:53 - 00001298 _____ () C:\Users\smith\Desktop\Norton Installation Files.lnk
2014-03-08 17:49 - 2012-04-29 09:36 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-03-08 17:43 - 2014-03-08 17:43 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Oracle
2014-03-08 17:41 - 2013-12-09 21:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-08 17:40 - 2014-03-08 17:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-08 17:40 - 2014-03-08 17:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-08 17:40 - 2014-03-08 17:40 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-08 17:40 - 2014-03-08 17:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-08 17:40 - 2013-03-15 16:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-08 17:28 - 2014-03-07 23:39 - 00000000 ____D () C:\Users\smith\AppData\Local\NPE
2014-03-08 17:20 - 2011-03-13 17:05 - 00000000 ____D () C:\Users\smith
2014-03-08 17:20 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-03-08 17:19 - 2012-02-28 20:27 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-08 17:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2014-03-08 17:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2014-03-08 17:08 - 2014-03-08 17:08 - 01931088 _____ (Symantec Corporation) C:\Users\smith\Desktop\FixTDSS.exe
2014-03-08 17:08 - 2011-03-13 17:52 - 00000000 ____D () C:\Users\smith\AppData\Local\Microsoft Help
2014-03-08 17:07 - 2013-02-06 08:20 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-03-08 17:07 - 2010-11-05 21:30 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-03-08 17:07 - 2010-11-05 21:17 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-03-08 17:07 - 2010-11-05 20:57 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-08 17:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-08 17:05 - 2010-11-05 21:25 - 00000000 ____D () C:\Program Files (x86)\Kobo
2014-03-08 16:58 - 2014-03-08 16:58 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2014-03-08 16:58 - 2014-03-08 16:58 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-03-08 16:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-03-08 16:56 - 2010-11-05 20:57 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-08 16:53 - 2014-03-08 16:53 - 01022080 _____ (Symantec Corporation) C:\Users\smith\Downloads\NBRT-Retail-Downloader.exe
2014-03-08 16:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2014-03-08 16:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-08 16:48 - 2013-05-16 22:39 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-08 16:47 - 2013-01-04 20:49 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-08 16:46 - 2013-01-04 20:49 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-08 16:44 - 2013-01-31 19:13 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-08 16:37 - 2010-11-05 21:25 - 00000000 ____D () C:\Program Files (x86)\K-NFB Reading Technology Inc
2014-03-08 16:37 - 2010-11-05 20:57 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-08 16:36 - 2013-01-04 20:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-08 16:27 - 2011-04-11 11:06 - 00000000 ____D () C:\ProgramData\Recovery
2014-03-08 05:21 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther
2014-03-07 23:33 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-07 22:44 - 2014-02-16 17:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-07 22:40 - 2014-02-16 22:53 - 00000000 ____D () C:\Users\smith\Downloads\ProcessExplorer
2014-03-07 22:40 - 2014-02-16 20:22 - 00000000 ____D () C:\Users\smith\Downloads\lspfix
2014-03-07 22:40 - 2013-12-27 18:06 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Spotify
2014-03-01 20:21 - 2011-03-22 19:02 - 00000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2014-03-01 20:18 - 2011-03-22 19:01 - 00000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2014-03-01 16:58 - 2014-03-01 16:58 - 00000000 ____D () C:\ProgramData\Nero
2014-03-01 16:58 - 2012-11-19 21:43 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-03-01 16:55 - 2014-02-15 13:59 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Seagate
2014-03-01 16:51 - 2014-02-15 13:53 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-03-01 02:05 - 2014-03-13 18:50 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-13 18:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-13 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-13 18:50 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-13 18:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-13 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-13 18:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-13 18:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-13 18:50 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-13 18:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-13 18:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-13 18:50 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-13 18:50 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-13 18:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-13 18:50 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-13 18:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-13 18:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-13 18:50 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-13 18:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-13 18:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-13 18:50 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-13 18:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-13 18:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-13 18:50 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-13 18:50 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-13 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-13 18:50 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-13 18:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-13 18:50 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-13 18:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-13 18:50 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-13 18:50 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-13 18:50 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-13 18:50 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-13 18:50 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-13 18:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-13 18:50 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-13 18:50 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-13 18:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-13 18:50 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-25 19:57 - 2014-02-25 19:57 - 00000000 ____D () C:\found.000
2014-02-22 12:28 - 2013-11-29 12:49 - 01283584 _____ () C:\Users\smith\Documents\MEC 2013-14 Calendars.pub
2014-02-20 18:21 - 2014-02-20 18:21 - 00000000 ____D () C:\Users\smith\AppData\Roaming\NewspaperDirect
2014-02-19 19:07 - 2014-02-19 19:07 - 00005908 _____ () C:\Users\smith\Documents\eventviewer.xml
2014-02-18 18:50 - 2014-02-18 18:50 - 00000000 ____D () C:\Users\smith\AppData\Roaming\QuickScan
2014-02-16 22:27 - 2014-02-16 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-16 22:16 - 2014-02-16 22:16 - 00000939 _____ () C:\Users\smith\Downloads\AdwCleaner[S1].txt
2014-02-16 22:16 - 2014-02-16 21:59 - 00000633 _____ () C:\Users\smith\Downloads\JRT.txt
2014-02-16 21:57 - 2014-02-16 21:57 - 01243588 _____ () C:\Users\smith\Downloads\ProcessExplorer.zip
2014-02-16 21:52 - 2014-02-16 21:52 - 00000000 ____D () C:\Windows\ERUNT
2014-02-16 21:01 - 2014-02-16 21:01 - 00001197 _____ () C:\Users\smith\Downloads\checkup.txt
2014-02-16 20:32 - 2014-02-16 20:02 - 00000000 ____D () C:\Users\smith\Downloads\backups
2014-02-16 20:25 - 2014-02-16 19:51 - 00012436 _____ () C:\Users\smith\Downloads\hijackthis.log
2014-02-16 20:07 - 2014-02-16 20:03 - 00201030 _____ () C:\Users\smith\Downloads\lspfix.zip
2014-02-16 17:11 - 2011-03-23 21:30 - 00000000 ____D () C:\Users\smith\AppData\Local\CrashDumps
2014-02-15 18:17 - 2014-02-15 18:17 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Malwarebytes
2014-02-15 18:17 - 2014-02-15 18:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 14:07 - 2014-02-15 14:07 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Nero
2014-02-15 13:50 - 2014-02-15 13:50 - 00000000 ____D () C:\Users\smith\AppData\Roaming\Leadertech

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 21:19

==================== End Of Log ============================
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
15-Mar-2014, 12:08 PM #8
I'm not seeing anything specific in the logs, although there are one or two uncommon errors in the error logs, but they are unlikely to be causing the hang ups and freezing.

I can see you have used Combofix, was this under the guidance of a Malware expert on the other forum as it has not been correctly removed. We should run a scan with it and then we can uninstall it in the correct manor.

Have you performed a disk check or tested the memory?

Please follow this and post the log:

Please download ComboFix from one of the locations below and save it to your Desktop. <-Important!!!

Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first, just follow the prompts when you run it.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.

-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

Quote:
Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.
megavites's Avatar
megavites megavites is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2014
15-Mar-2014, 02:52 PM #9
yes, combofix was leftover from a malware investigation.
I tried running it in safemode, but was unable to shut off nortons. Booted normally, shut off nortons and malware and
combofix is now preparing log report, but its been running for over an hour. This is kind of what happens, things slowdown or hang, but I'll give this some more time and see if it finishes.
Dskchk and memory check turned out normal, although I think I'm hearing an occasional odd noise from the drive. Almost like a 1 second scratch on glass.
I'll post log as soon as it finishes.
megavites's Avatar
megavites megavites is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2014
15-Mar-2014, 07:03 PM #10
ok, it finished...and properly uninstalled now.
ComboFix 14-03-13.01 - smith 03/15/2014 13:26:50.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4235 [GMT -4:00]
Running from: c:\users\smith\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
J:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-02-15 to 2014-03-15 )))))))))))))))))))))))))))))))
.
.
2014-03-15 17:36 . 2014-03-15 17:36 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-03-15 17:36 . 2014-03-15 17:36 -------- d-----w- c:\users\TEMP.smith-HP\AppData\Local\temp
2014-03-15 17:36 . 2014-03-15 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-15 12:41 . 2014-03-15 12:51 -------- d-----w- C:\FRST
2014-03-14 07:01 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-14 07:01 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-03-13 01:51 . 2013-10-14 22:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-03-13 01:33 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-13 01:33 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-03-13 00:28 . 2014-03-13 00:28 -------- d-----w- c:\windows\Migration
2014-03-13 00:07 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-13 00:07 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-03-12 21:07 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 21:07 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 21:07 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 21:07 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 21:07 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 21:07 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 21:07 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 21:07 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-09 19:41 . 2014-03-09 19:41 -------- d-----w- c:\programdata\Seagate
2014-03-09 18:56 . 2014-03-09 18:56 -------- d-----w- c:\users\smith\AppData\Local\HuluDesktop
2014-03-09 18:53 . 2014-03-09 18:53 -------- d-----w- c:\users\smith\AppData\Local\Apps
2014-03-09 17:16 . 2014-03-09 17:16 -------- d-----w- c:\program files (x86)\Western Digital Corporation
2014-03-09 15:10 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-03-09 15:10 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-03-09 15:10 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-03-09 15:10 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-03-09 15:10 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-03-09 14:43 . 2014-03-09 14:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-08 23:32 . 2014-03-08 23:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-08 23:32 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-08 22:02 . 2014-03-08 22:02 -------- d-----w- c:\windows\system32\drivers\NISx64
2014-03-08 22:02 . 2014-03-08 22:02 -------- d-----w- c:\program files (x86)\Norton Internet Security
2014-03-08 21:43 . 2014-03-08 21:43 -------- d-----w- c:\users\smith\AppData\Roaming\Oracle
2014-03-08 21:41 . 2014-03-08 21:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-03-08 21:40 . 2014-03-08 21:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-08 21:01 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-03-08 21:01 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-03-08 21:01 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-03-08 21:01 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-03-08 20:59 . 2012-07-26 05:32 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-03-08 20:59 . 2014-03-08 20:59 -------- dc----w- c:\windows\system32\DRVSTORE
2014-03-08 20:58 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-03-08 20:58 . 2012-07-26 05:32 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2014-03-08 20:58 . 2012-07-26 05:32 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2014-03-08 20:58 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-03-08 20:58 . 2014-03-08 20:58 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2014-03-08 20:58 . 2014-03-08 20:58 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2014-03-08 20:58 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-08 20:58 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-03-08 20:57 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-08 20:57 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-03-08 20:54 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-03-08 20:54 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-03-08 20:52 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-03-08 20:52 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-03-08 20:52 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-03-08 20:52 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-03-08 20:52 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-03-08 20:52 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-03-08 20:52 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-03-08 03:39 . 2014-03-08 21:28 -------- d-----w- c:\users\smith\AppData\Local\NPE
2014-03-01 20:59 . 2014-03-01 20:59 -------- d-----w- c:\program files (x86)\Common Files\Nero
2014-03-01 20:58 . 2014-03-01 20:58 -------- d-----w- c:\programdata\Nero
2014-02-25 23:57 . 2014-02-25 23:57 -------- d-----w- C:\found.000
2014-02-20 22:21 . 2014-02-20 22:21 -------- d-----w- c:\users\smith\AppData\Roaming\NewspaperDirect
2014-02-18 22:50 . 2014-02-18 22:50 -------- d-----w- c:\users\smith\AppData\Roaming\QuickScan
2014-02-17 02:17 . 2014-02-17 02:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-17 01:52 . 2014-02-17 01:52 -------- d-----w- c:\windows\ERUNT
2014-02-16 21:12 . 2014-03-09 03:46 -------- d-----w- C:\AdwCleaner
2014-02-16 21:08 . 2014-03-08 02:44 -------- d-----w- c:\program files\CCleaner
2014-02-15 22:17 . 2014-02-15 22:17 -------- d-----w- c:\users\smith\AppData\Roaming\Malwarebytes
2014-02-15 22:17 . 2014-02-15 22:17 -------- d-----w- c:\programdata\Malwarebytes
2014-02-15 22:17 . 2014-02-15 22:17 -------- d-----w- c:\users\smith\AppData\Local\Programs
2014-02-15 18:07 . 2014-02-15 18:07 -------- d-----w- c:\users\smith\AppData\Roaming\Nero
2014-02-15 17:59 . 2014-03-01 20:55 -------- d-----w- c:\users\smith\AppData\Roaming\Seagate
2014-02-15 17:50 . 2014-02-15 17:50 -------- d-----w- c:\users\smith\AppData\Roaming\Leadertech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-13 00:13 . 2011-03-14 20:07 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-08 22:03 . 2010-11-06 01:30 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2014-02-10 126056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"DBAgent"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2014-02-10 1519176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\s pool\DRIVERS\x64\3\\lxecserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\ lxecserv.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCo llector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\ lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIV ERS\lvuvc64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows \SYSNATIVE\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIV E\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNA TIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNA TIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501010.007\SYMDS64.SYS;c:\windows \SYSNATIVE\drivers\NISx64\1501010.007\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501010.007\SYMEFA64.SYS;c:\w indows\SYSNATIVE\drivers\NISx64\1501010.007\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140214.001\BHDrvx64.sys ;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501010.007\ccSetx64.sys;c:\wind ows\SYSNATIVE\drivers\NISx64\1501010.007\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140313.001\IDSvia64.sys; c:\program files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140313.001\IDSvia64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501010.007\Ironx64.SYS;c:\window s\SYSNATIVE\drivers\NISx64\1501010.007\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1501010.007\SYMNETS.SYS;c:\window s\SYSNATIVE\drivers\NISx64\1501010.007\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe;c:\windows\SYSNATI VE\lxeccoms.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
S2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS \netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVER S\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVE RS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-08 20:48 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 22:01]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05 00:48]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05 00:48]
.
2014-03-15 c:\windows\Tasks\HPCeeScheduleForsmith.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-23 148280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-02-26 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.245.135 167.206.245.136
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
"ImagePath"="\SystemRoot\system32\drivers\NISx64\1501010.007\SYMNETS.SY S"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.1.7;c:\program files (x86)\Norton Internet Security\Engine64\21.1.1.7"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-15 16:49:26
ComboFix-quarantined-files.txt 2014-03-15 20:49
ComboFix2.txt 2014-03-09 16:57
.
Pre-Run: 844,133,031,936 bytes free
Post-Run: 843,794,239,488 bytes free
.
- - End Of File - - 2ED0CD8D85DFEC061422624E6220CC16
A734C2027C4644981BAA66E41F7DD1C3

Last edited by megavites; 15-Mar-2014 at 07:10 PM..
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
15-Mar-2014, 07:37 PM #11
Combofix log looks fine, but this comment in your last post tells me something:

Quote:
Dskchk and memory check turned out normal, although I think I'm hearing an occasional odd noise from the drive. Almost like a 1 second scratch on glass.
Sounds to me from that comment, that your hard drive may be failing, unless that noise is coming from a worn out fan. Run this diagnostic test and see what the result is:

You can create the Seatools disc on any fully functional PC with a CD burner or use any PC to create the Flash Drive.

Open Internet Explorer and click on this: Seatools

Save the download to your desktop.

In Windows 7 right click the ISO file, select Open With, then select Windows Disc Image Burning Tool then follow the prompts.
For all other versions of windows (if you do not have an ISO burner) download this free software. ImgBurn Install the program (make sure you uncheck any boxes that will install bundled software) and start the application. Select the top left hand option to Write image file to disc and then on the next window click on the small yellow folder icon and browse to the ISO file on your desktop. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

You will need a blank recordable CD or a re-recordable CD. If your PC has no CD/DVD drive or you would prefer to run Seatools from a Flash Drive follow this guide: How to run Seatools from a USB Flash Drive

When the CD has been burned boot the PC into the Bios setup and set the CD/DVD drive to 1st in the boot sequence Bios Boot Order Guide. Insert the disk in the drive then reboot and the disc will load into DOS. Click on Basic Tests and select the Long Test. If using a Flash Drive you need to set USB to 1st in the boot order, if there is no USB available in the boot order you will have to run the test from a CD.

A full set of instructions can be found here: Seatools instructions

When the test completes it will show a Pass or Fail.
megavites's Avatar
megavites megavites is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2014
15-Mar-2014, 08:59 PM #12
Mark,
you nailed it. Looks like bad sectors on the harddrive. Prior to this test, I tried a chkdsk and it hung.
I have data backed up. Do we try to run chkdsk /r and map out bad sectors or maybe use a better utility?
Is a hardrive swap the best play here and if that were the case, I guess that would mean re-installing Win 7, any programs and any backed up personal files?
thanks for your help so far.
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
16-Mar-2014, 08:03 AM #13
Once a hard drive starts to fail, there is no turning back. Your best move would be to replace the drive and reinstall Windows.

Using chkdsk /r will repair bad sectors, but it isn't really a repair, it just stops the system writing to the bad sectors. Once bad sectors start to appear it is the first sign that the hard drive is wearing out and you can guarantee more bad sectors will appear and as your drive is also making mechanical noises it cannot be relied on and could fail completely at any time.
megavites's Avatar
megavites megavites is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2014
16-Mar-2014, 10:38 AM #14
Thankyou Mark.
I'm disappointed this Western Digital SATA drive is failing and its only 3yrs old, but there's always that chance with any mechanical device.
Thanks again for your time.
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
16-Mar-2014, 11:46 AM #15
You have been unlucky to have the drive start to fail after only three years, but unfortunately drives are just not made as well as they use to be due to fierce competition between manufacturers which has caused a drop in quality to keep prices down. Many drives these days will fail within five years, it is one of the most common failures with modern PC's. If you can afford it, go for an SSD as they are likely to outlive a normal mechanical drive, my own SSD has already done 11,000 hours and is still showing a life expectancy of a further 6 years.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑