Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU, High Memory, Postgres user appears, etc.


  • This topic is locked This topic is locked
45 replies to this topic

#1 maineiac13

maineiac13

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 16 October 2013 - 08:26 AM

Recently I have been seeing 100% CPU and nearly the same Memory numbers when I am doing virtually nothing on my computer.  I am also getting messages telling me to shut down programs because of the high memory usage...but I don't actually have much running.  Additionally, when I try to restart the computer, I am often told that an app is running preventing the restart but I can not tell what app that is...Restart sometimes will work nevertheless, other times I have to manually shut the computer down and then manually start it up again.  Also, sometimes after restart I am presented with two users to choose from, my regular user and a "user" that I have no idea what it is but it is called "postgres."

 

Also, though I do not know if this is related to this problem or not, I use Norton Internet Security, including its anti-spam program.  I use it with Outlook 2013.  Sometimes Norton fails to designate spam emails with its usual designation of "Norton Anti Spam."   What is weird about this is that the problem turns up intermittently in that a group of emails will be properly marked...but 30 minutes later the next group won't be.

 

Thanks for your help, Ken

 

Here is the DDS. txt file:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Kenneth at 8:58:36 on 2013-10-16
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.16271.12753 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhostex.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Users\Kenneth\Desktop\Downloads\Auto HotKey\AutoHotkey.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe
C:\Windows\System32\RuntimeBroker.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nytimes.com/
uDefault_Page_URL = www.dell.com
uURLSearchHooks: FCToolbarURLSearchHook Class: {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files (x86)\Upromise RewardU Toolbar\Helper.dll
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uWinlogon: Shell = -
mWinlogon: Userinit = userinit.exe
BHO: Upromise RewardU Toolbar BHO: {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\IPS\IPSBHO.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Upromise RewardU Toolbar: {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\CoIEPlg.dll
TB: Upromise RewardU Toolbar: {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\CoIEPlg.dll
uRun: [Google Update] "C:\Users\Kenneth\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [PxDotNetLoader] "C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"
uRun: [Copy] "C:\Users\Kenneth\AppData\Roaming\Copy\CopyAgent.exe"
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [DellSystemDetect] C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
uRun: [DIMDownloading your update...1366902225528] "C:\Program Files (x86)\Corel\WinDVD11\DIM.EXE" "c:\programdata\corel\downloads\540215436_007003\1366902225528\dim_params.xml" -Launch=3 -uibase="c:\users\kenneth\appdata\roaming\corel\messages\540215436_007003\en\messagecache2\workflow"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE"
mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
dRun: [Copy] "C:\Users\Kenneth\AppData\Roaming\Copy\CopyAgent.exe"
StartupFolder: C:\Users\Kenneth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOHO~1.LNK - C:\Users\Kenneth\Desktop\Downloads\Auto HotKey\AutoHotkey.exe
StartupFolder: C:\Users\Kenneth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Kenneth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
mPolicies-System: FilterAdministratorToken = dword:1
mPolicies-System: EnableUIPI = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: Interfaces\{3893F1BA-9AE0-497E-9A48-7378E3AF15E4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{419A89FB-4B65-442C-9657-221EF1AC448D} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: FilterAdministratorToken = dword:1
x64-mPolicies-System: EnableUIPI = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-5-20 651832]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-8-27 30496]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-6-13 56336]
R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1500020.001\SymDS64.sys [2013-10-15 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1500020.001\SymEFA64.sys [2013-10-15 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [2013-10-1 1525848]
R1 ccSet_NIS;NIS Settings Manager;C:\windows\System32\Drivers\NISx64\1500020.001\ccSetx64.sys [2013-10-15 150104]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-5-20 92536]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131014.001\IDSviA64.sys [2013-10-14 520280]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1500020.001\Ironx64.sys [2013-10-15 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1500020.001\symnets.sys [2013-10-15 590424]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-5-20 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 Dell WMI Service;Dell WMI Service;C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [2013-5-20 122880]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2013-3-5 33072]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-20 14904]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe [2013-10-15 275696]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-7-21 1907896]
R2 regi;regi;C:\windows\System32\Drivers\regi.sys [2013-6-10 15672]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-5-30 16000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-5-20 1919336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-9 413472]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
R3 azvusb;Virtual USB Hub;C:\windows\System32\Drivers\azvusb.sys [2009-8-24 54784]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-27 121728]
R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]
R3 CW100;CW-100 Device;C:\windows\System32\Drivers\CW100.sys [2008-10-30 24704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-10-15 140376]
R3 FintekCIR;Fintek eHome Transceiver;C:\windows\System32\Drivers\FintekCIR.sys [2013-5-20 33128]
R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-5-20 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-6-22 110744]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\Drivers\NETwNe64.sys [2012-6-2 11400192]
R3 PCTV340_801;YUAN based TV tuner device;C:\windows\System32\Drivers\dvb7700all.sys [2010-3-10 946176]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\Drivers\RtsPStor.sys [2013-5-20 339600]
R3 tilfilter;TI xHCI Lower Filter Driver Service;C:\windows\System32\Drivers\TIxHCIlfilter.sys [2012-11-20 17528]
R3 tiufilter;TI xHCI Upper Filter Driver Service;C:\windows\System32\Drivers\TIxHCIufilter.sys [2012-11-20 23184]
R3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-6-9 23552]
S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1500020.001\SymELAM.sys [2013-10-15 23568]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/05/20 20:15:05;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-13 236144]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
S3 AthDfu;Qualcomm Atheros Valkyrie USB BootROM;C:\windows\System32\Drivers\AthDfu.sys [2013-5-20 55448]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2013-5-20 33944]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2013-5-20 178840]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\windows\System32\Drivers\leath_hid.sys [2013-5-20 39704]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]
S3 pmxdrv;pmxdrv;C:\windows\System32\Drivers\pmxdrv.sys [2013-6-23 31152]
S3 qca_shb;Qualcomm Atheros UART Bus Driver;C:\windows\System32\Drivers\qca_shb.sys [2013-5-20 99328]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-10-15 19:10:08 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-10-15 19:09:03 858200 ----a-w- C:\windows\System32\drivers\NISx64\1501000.012\srtsp64.sys
2013-10-15 19:09:03 590936 ----a-w- C:\windows\System32\drivers\NISx64\1501000.012\symnets.sys
2013-10-15 19:09:03 493656 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\symds64.sys
2013-10-15 19:09:03 36952 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\srtspx64.sys
2013-10-15 19:09:03 264280 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\ironx64.sys
2013-10-15 19:09:03 23568 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\symelam.sys
2013-10-15 19:09:03 162392 ----a-w- C:\windows\System32\drivers\NISx64\1501000.012\ccsetx64.sys
2013-10-15 19:09:03 1147480 ----a-w- C:\windows\System32\drivers\NISx64\1501000.012\symefa64.sys
2013-10-15 16:38:01 177752 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2013-10-15 16:37:09 854616 ----a-r- C:\windows\System32\drivers\NISx64\1500020.001\srtsp64.sys
2013-10-15 16:37:09 590424 ----a-r- C:\windows\System32\drivers\NISx64\1500020.001\symnets.sys
2013-10-15 16:37:09 493656 ----a-r- C:\windows\System32\drivers\NISx64\1500020.001\SymDS64.sys
2013-10-15 16:37:09 36952 ----a-r- C:\windows\System32\drivers\NISx64\1500020.001\srtspx64.sys
2013-10-15 16:37:09 264280 ----a-r- C:\windows\System32\drivers\NISx64\1500020.001\Ironx64.sys
2013-10-15 16:37:09 23568 ----a-r- C:\windows\System32\drivers\NISx64\1500020.001\SymELAM.sys
2013-10-15 16:37:09 150104 ----a-r- C:\windows\System32\drivers\NISx64\1500020.001\ccSetx64.sys
2013-10-15 16:37:09 1147480 ----a-r- C:\windows\System32\drivers\NISx64\1500020.001\SymEFA64.sys
2013-10-15 16:36:56 -------- d-----w- C:\windows\System32\drivers\NISx64\1500020.001
2013-10-15 16:36:54 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2013-10-15 16:32:24 -------- d-----w- C:\ProgramData\PCSettings
2013-10-14 23:37:03 -------- d-----w- C:\windows\System32\drivers\NISx64\1501000.012
2013-10-14 18:55:06 290992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10221.bin
2013-10-12 18:04:22 -------- d-----w- C:\Users\Kenneth\AppData\Roaming\DS Development
2013-10-12 18:03:24 -------- d-----w- C:\ProgramData\DS Development
2013-10-10 10:10:17 447320 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-10-10 10:10:17 337752 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS
2013-10-10 10:10:17 213336 ----a-w- C:\windows\System32\drivers\UCX01000.SYS
2013-10-08 17:59:04 -------- d-----w- C:\Program Files\My Dell
2013-10-08 17:51:59 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-10-08 17:26:05 -------- d--h--w- C:\windows\System32\WLANProfiles
2013-10-08 17:20:59 -------- d-----w- C:\Users\Kenneth\AppData\Roaming\Intel
2013-10-08 17:20:50 -------- d-----w- C:\Users\Kenneth\Roaming
2013-10-08 17:20:50 -------- d-----w- C:\ProgramData\Roaming
2013-10-08 17:19:56 -------- d-----w- C:\Program Files (x86)\Cisco
2013-10-08 17:19:43 -------- d-----w- C:\ProgramData\Intel.sav
2013-10-08 17:11:07 -------- d-----w- C:\Program Files\Dell
2013-10-08 17:11:01 6406792 ----a-w- C:\ProgramData\Dell Click 2 Fix+-64-bit-V2545.exe
2013-10-08 17:10:50 867608 ----a-w- C:\windows\DellClick2Fix+_DownloadManager.exe
2013-10-08 17:10:50 379276 ----a-w- C:\windows\DellClick2Fix+_DownloadManager-1.bin
2013-10-08 17:10:50 12124 ----a-w- C:\windows\DellClick2Fix+_DownloadManager-0.bin
2013-10-05 12:56:29 -------- d-----w- C:\Users\Kenneth\AppData\Local\IsolatedStorage
2013-10-01 21:17:55 -------- d-----w- C:\windows\SysWow64\NV
2013-10-01 21:17:55 -------- d-----w- C:\windows\System32\NV
2013-09-25 13:36:56 94208 ----a-w- C:\windows\System32\esxw2_dd.dll
2013-09-25 13:36:56 65793 ----a-w- C:\windows\System32\esfwdd.bin
2013-09-25 13:36:56 281088 ----a-w- C:\windows\System32\esxuindd.dll
2013-09-25 13:36:56 262144 ----a-w- C:\windows\SysWow64\esintdd.dll
.
==================== Find3M  ====================
.
2013-10-08 17:14:33 31152 ----a-w- C:\windows\System32\drivers\pmxdrv.sys
2013-10-08 16:43:18 103272 ----a-w- C:\Users\Kenneth\GoToAssistDownloadHelper.exe
2013-10-02 01:38:13 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 01:38:13 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-08-23 05:11:57 4040192 ----a-w- C:\windows\System32\win32k.sys
2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe
2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll
2013-08-10 05:21:51 448512 ----a-w- C:\windows\System32\SettingSync.dll
2013-08-10 05:21:51 128512 ----a-w- C:\windows\System32\SettingSyncInfo.dll
2013-08-10 03:58:51 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll
2013-08-09 20:07:36 6513440 ----a-w- C:\windows\System32\nvcpl.dll
2013-08-09 20:07:36 3519264 ----a-w- C:\windows\System32\nvsvc64.dll
2013-08-09 20:07:33 893728 ----a-w- C:\windows\System32\nvvsvc.exe
2013-08-09 20:07:32 67072 ----a-w- C:\windows\System32\nv3dappshextr.dll
2013-08-09 20:07:32 63776 ----a-w- C:\windows\System32\nvshext.dll
2013-08-09 20:07:32 2555680 ----a-w- C:\windows\System32\nvsvcr.dll
2013-08-09 20:07:32 237856 ----a-w- C:\windows\System32\nvmctray.dll
2013-08-09 20:07:32 1025824 ----a-w- C:\windows\System32\nv3dappshext.dll
2013-08-09 19:37:12 566560 ----a-w- C:\windows\SysWow64\nvStreaming.exe
2013-08-09 01:05:34 3310693 ----a-w- C:\windows\System32\nvcoproc.bin
2013-08-07 05:15:02 144896 ----a-w- C:\windows\System32\tssdisai.dll
2013-08-03 06:40:49 462336 ----a-w- C:\windows\System32\sysmon.ocx
2013-08-03 06:40:17 566784 ----a-w- C:\windows\System32\wvc.dll
2013-08-03 06:40:01 1374208 ----a-w- C:\windows\System32\wdc.dll
2013-08-03 05:14:15 399360 ----a-w- C:\windows\SysWow64\sysmon.ocx
2013-08-03 05:13:57 437248 ----a-w- C:\windows\SysWow64\wvc.dll
2013-08-03 05:13:43 1245696 ----a-w- C:\windows\SysWow64\wdc.dll
2013-08-02 06:28:29 10116608 ----a-w- C:\windows\System32\twinui.dll
2013-08-02 06:26:53 2304512 ----a-w- C:\windows\System32\authui.dll
2013-08-02 05:08:18 8858112 ----a-w- C:\windows\SysWow64\twinui.dll
2013-08-02 05:06:50 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-08-01 10:41:31 2233688 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-07-27 03:58:39 2207232 ----a-w- C:\windows\SysWow64\PrintConfig.dll
2013-07-24 23:10:08 158208 ----a-w- C:\windows\SysWow64\mbsmsapi.dll
2013-07-24 23:06:39 225280 ----a-w- C:\windows\System32\mbsmsapi.dll
2013-07-19 22:13:34 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-07-19 22:13:15 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
============= FINISH:  9:00:05.77 ===============

Attached File  attach.txt   11.67KB   0 downloads
 


Edited by maineiac13, 16 October 2013 - 12:28 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 21 October 2013 - 08:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/510955 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 maineiac13

maineiac13
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 21 October 2013 - 08:50 AM

Yes....I still need assistance.  The problems I have been having have been escalating as now I have to close down the computer two or three times a day because I run out of memory and no programs will work.  Usually, I must close down manually as when I try to use the "Restart" button, the computer never completes the process.

 

Yes, I have my original Windows disk.

 

Below is the new DDS.txt  log and I am also attaching the Attach.txt log.

 

Thanks for your help, Ken

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Kenneth at 9:41:59 on 2013-10-21
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.16271.8986 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Users\Kenneth\Desktop\Downloads\Auto HotKey\AutoHotkey.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\WUDFHost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\splwow64.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nytimes.com/
uDefault_Page_URL = www.dell.com
uURLSearchHooks: FCToolbarURLSearchHook Class: {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files (x86)\Upromise RewardU Toolbar\Helper.dll
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uWinlogon: Shell = -
mWinlogon: Userinit = userinit.exe
BHO: Upromise RewardU Toolbar BHO: {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Upromise RewardU Toolbar: {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
TB: Upromise RewardU Toolbar: {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
uRun: [Google Update] "C:\Users\Kenneth\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [PxDotNetLoader] "C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"
uRun: [Copy] "C:\Users\Kenneth\AppData\Roaming\Copy\CopyAgent.exe"
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [DellSystemDetect] C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
uRun: [DIMDownloading your update...1366902225528] "C:\Program Files (x86)\Corel\WinDVD11\DIM.EXE" "c:\programdata\corel\downloads\540215436_007003\1366902225528\dim_params.xml" -Launch=3 -uibase="c:\users\kenneth\appdata\roaming\corel\messages\540215436_007003\en\messagecache2\workflow"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE"
mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
dRun: [Copy] "C:\Users\Kenneth\AppData\Roaming\Copy\CopyAgent.exe"
StartupFolder: C:\Users\Kenneth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOHO~1.LNK - C:\Users\Kenneth\Desktop\Downloads\Auto HotKey\AutoHotkey.exe
StartupFolder: C:\Users\Kenneth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Kenneth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
mPolicies-System: FilterAdministratorToken = dword:1
mPolicies-System: EnableUIPI = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3893F1BA-9AE0-497E-9A48-7378E3AF15E4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{419A89FB-4B65-442C-9657-221EF1AC448D} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: FilterAdministratorToken = dword:1
x64-mPolicies-System: EnableUIPI = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-5-20 651832]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-8-27 30496]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-6-13 56336]
R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1501000.012\symds64.sys [2013-10-15 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1501000.012\symefa64.sys [2013-10-15 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [2013-10-1 1525848]
R1 ccSet_NIS;NIS Settings Manager;C:\windows\System32\Drivers\NISx64\1501000.012\ccsetx64.sys [2013-10-15 162392]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-5-20 92536]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131018.001\IDSviA64.sys [2013-10-18 521816]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1501000.012\ironx64.sys [2013-10-15 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1501000.012\symnets.sys [2013-10-15 590936]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-5-20 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 Dell WMI Service;Dell WMI Service;C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [2013-5-20 122880]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2013-3-5 33072]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-20 14904]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe [2013-10-15 275696]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-7-21 1907896]
R2 regi;regi;C:\windows\System32\Drivers\regi.sys [2013-6-10 15672]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-5-30 16000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-5-20 1919336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-9 413472]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
R3 azvusb;Virtual USB Hub;C:\windows\System32\Drivers\azvusb.sys [2009-8-24 54784]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-27 121728]
R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]
R3 CW100;CW-100 Device;C:\windows\System32\Drivers\CW100.sys [2008-10-30 24704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-10-15 140376]
R3 FintekCIR;Fintek eHome Transceiver;C:\windows\System32\Drivers\FintekCIR.sys [2013-5-20 33128]
R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-5-20 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-6-22 110744]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\Drivers\NETwNe64.sys [2012-6-2 11400192]
R3 PCTV340_801;YUAN based TV tuner device;C:\windows\System32\Drivers\dvb7700all.sys [2010-3-10 946176]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\Drivers\RtsPStor.sys [2013-5-20 339600]
R3 tilfilter;TI xHCI Lower Filter Driver Service;C:\windows\System32\Drivers\TIxHCIlfilter.sys [2012-11-20 17528]
R3 tiufilter;TI xHCI Upper Filter Driver Service;C:\windows\System32\Drivers\TIxHCIufilter.sys [2012-11-20 23184]
R3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-6-9 23552]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1501000.012\symelam.sys [2013-10-15 23568]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/05/20 20:15:05;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-13 236144]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
S3 AthDfu;Qualcomm Atheros Valkyrie USB BootROM;C:\windows\System32\Drivers\AthDfu.sys [2013-5-20 55448]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2013-5-20 33944]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2013-5-20 178840]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\windows\System32\Drivers\leath_hid.sys [2013-5-20 39704]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]
S3 pmxdrv;pmxdrv;C:\windows\System32\Drivers\pmxdrv.sys [2013-6-23 31152]
S3 qca_shb;Qualcomm Atheros UART Bus Driver;C:\windows\System32\Drivers\qca_shb.sys [2013-5-20 99328]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-10-15 19:10:08 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-10-15 19:09:03 858200 ----a-w- C:\windows\System32\drivers\NISx64\1501000.012\srtsp64.sys
2013-10-15 19:09:03 590936 ----a-w- C:\windows\System32\drivers\NISx64\1501000.012\symnets.sys
2013-10-15 19:09:03 493656 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\symds64.sys
2013-10-15 19:09:03 36952 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\srtspx64.sys
2013-10-15 19:09:03 264280 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\ironx64.sys
2013-10-15 19:09:03 23568 ----a-r- C:\windows\System32\drivers\NISx64\1501000.012\symelam.sys
2013-10-15 19:09:03 162392 ----a-w- C:\windows\System32\drivers\NISx64\1501000.012\ccsetx64.sys
2013-10-15 19:09:03 1147480 ----a-w- C:\windows\System32\drivers\NISx64\1501000.012\symefa64.sys
2013-10-15 16:38:01 177752 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2013-10-15 16:36:54 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2013-10-15 16:32:24 -------- d-----w- C:\ProgramData\PCSettings
2013-10-14 23:37:03 -------- d-----w- C:\windows\System32\drivers\NISx64\1501000.012
2013-10-14 18:55:06 290992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10221.bin
2013-10-12 18:04:22 -------- d-----w- C:\Users\Kenneth\AppData\Roaming\DS Development
2013-10-12 18:03:24 -------- d-----w- C:\ProgramData\DS Development
2013-10-10 10:10:17 447320 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-10-10 10:10:17 337752 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS
2013-10-10 10:10:17 213336 ----a-w- C:\windows\System32\drivers\UCX01000.SYS
2013-10-08 17:59:04 -------- d-----w- C:\Program Files\My Dell
2013-10-08 17:51:59 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-10-08 17:26:05 -------- d--h--w- C:\windows\System32\WLANProfiles
2013-10-08 17:20:59 -------- d-----w- C:\Users\Kenneth\AppData\Roaming\Intel
2013-10-08 17:20:50 -------- d-----w- C:\Users\Kenneth\Roaming
2013-10-08 17:20:50 -------- d-----w- C:\ProgramData\Roaming
2013-10-08 17:19:56 -------- d-----w- C:\Program Files (x86)\Cisco
2013-10-08 17:19:43 -------- d-----w- C:\ProgramData\Intel.sav
2013-10-08 17:11:07 -------- d-----w- C:\Program Files\Dell
2013-10-08 17:11:01 6406792 ----a-w- C:\ProgramData\Dell Click 2 Fix+-64-bit-V2545.exe
2013-10-08 17:10:50 867608 ----a-w- C:\windows\DellClick2Fix+_DownloadManager.exe
2013-10-08 17:10:50 379276 ----a-w- C:\windows\DellClick2Fix+_DownloadManager-1.bin
2013-10-08 17:10:50 12124 ----a-w- C:\windows\DellClick2Fix+_DownloadManager-0.bin
2013-10-05 12:56:29 -------- d-----w- C:\Users\Kenneth\AppData\Local\IsolatedStorage
2013-10-01 21:17:55 -------- d-----w- C:\windows\SysWow64\NV
2013-10-01 21:17:55 -------- d-----w- C:\windows\System32\NV
2013-09-25 13:36:56 94208 ----a-w- C:\windows\System32\esxw2_dd.dll
2013-09-25 13:36:56 65793 ----a-w- C:\windows\System32\esfwdd.bin
2013-09-25 13:36:56 281088 ----a-w- C:\windows\System32\esxuindd.dll
2013-09-25 13:36:56 262144 ----a-w- C:\windows\SysWow64\esintdd.dll
.
==================== Find3M  ====================
.
2013-10-08 17:14:33 31152 ----a-w- C:\windows\System32\drivers\pmxdrv.sys
2013-10-08 16:43:18 103272 ----a-w- C:\Users\Kenneth\GoToAssistDownloadHelper.exe
2013-10-02 01:38:13 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 01:38:13 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-08-23 05:11:57 4040192 ----a-w- C:\windows\System32\win32k.sys
2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe
2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll
2013-08-10 05:21:51 448512 ----a-w- C:\windows\System32\SettingSync.dll
2013-08-10 05:21:51 128512 ----a-w- C:\windows\System32\SettingSyncInfo.dll
2013-08-10 03:58:51 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll
2013-08-09 20:07:36 6513440 ----a-w- C:\windows\System32\nvcpl.dll
2013-08-09 20:07:36 3519264 ----a-w- C:\windows\System32\nvsvc64.dll
2013-08-09 20:07:33 893728 ----a-w- C:\windows\System32\nvvsvc.exe
2013-08-09 20:07:32 67072 ----a-w- C:\windows\System32\nv3dappshextr.dll
2013-08-09 20:07:32 63776 ----a-w- C:\windows\System32\nvshext.dll
2013-08-09 20:07:32 2555680 ----a-w- C:\windows\System32\nvsvcr.dll
2013-08-09 20:07:32 237856 ----a-w- C:\windows\System32\nvmctray.dll
2013-08-09 20:07:32 1025824 ----a-w- C:\windows\System32\nv3dappshext.dll
2013-08-09 19:37:12 566560 ----a-w- C:\windows\SysWow64\nvStreaming.exe
2013-08-09 01:05:34 3310693 ----a-w- C:\windows\System32\nvcoproc.bin
2013-08-07 05:15:02 144896 ----a-w- C:\windows\System32\tssdisai.dll
2013-08-03 06:40:49 462336 ----a-w- C:\windows\System32\sysmon.ocx
2013-08-03 06:40:17 566784 ----a-w- C:\windows\System32\wvc.dll
2013-08-03 06:40:01 1374208 ----a-w- C:\windows\System32\wdc.dll
2013-08-03 05:14:15 399360 ----a-w- C:\windows\SysWow64\sysmon.ocx
2013-08-03 05:13:57 437248 ----a-w- C:\windows\SysWow64\wvc.dll
2013-08-03 05:13:43 1245696 ----a-w- C:\windows\SysWow64\wdc.dll
2013-08-02 06:28:29 10116608 ----a-w- C:\windows\System32\twinui.dll
2013-08-02 06:26:53 2304512 ----a-w- C:\windows\System32\authui.dll
2013-08-02 05:08:18 8858112 ----a-w- C:\windows\SysWow64\twinui.dll
2013-08-02 05:06:50 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-08-01 10:41:31 2233688 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-07-27 03:58:39 2207232 ----a-w- C:\windows\SysWow64\PrintConfig.dll
2013-07-24 23:10:08 158208 ----a-w- C:\windows\SysWow64\mbsmsapi.dll
2013-07-24 23:06:39 225280 ----a-w- C:\windows\System32\mbsmsapi.dll
.
============= FINISH:  9:42:51.71 ===============

 

Attached File  attach.txt   10.73KB   0 downloads
 

 

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:11 PM

Posted 22 October 2013 - 10:28 AM

Greetings Ken and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

It appears your computer is infected. I would like to run a different scan which provides more detailed information about the state of your computer. Once we get the panoramic view we will be ready to attack the nasties, full speed ahead.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 maineiac13

maineiac13
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 22 October 2013 - 12:20 PM

Hi Gary, thanks for your help.

 

Here are the logs you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013
Ran by Kenneth (administrator) on DELL2710 on 22-10-2013 13:06:05
Running from C:\Users\Kenneth\Desktop
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(InterVideo) c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
() C:\Users\Kenneth\Desktop\Downloads\Auto HotKey\AutoHotkey.exe
() C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
() C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548624 2012-06-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Kenneth\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-08] (Google Inc.)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7110744 2013-05-19] (SlySoft, Inc.)
HKCU\...\Run: [PxDotNetLoader] - C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe [44104 2013-05-01] (Fidelity Investments)
HKCU\...\Run: [Copy] - C:\Users\Kenneth\AppData\Roaming\Copy\CopyAgent.exe [15229072 2013-07-17] (Barracuda Networks, Inc.)
HKCU\...\Run: [Uploader] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)
HKCU\...\Run: [DellSystemDetect] - C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKCU\...\Run: [DIMDownloading your update...1366902225528] - c:\programdata\corel\downloads\540215436_007003\1366902225528\dim_params.xml [950 2013-10-19] ()
HKCU\...\Winlogon: [Shell] -
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [76912 2012-07-13] (cyberlink)
HKLM-x32\...\Run: [DELLOSD] - C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2011-08-26] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [QuickFinder Scheduler] - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [155592 2012-10-31] (Corel Corporation)
HKLM-x32\...\Run: [DLSService] - C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2010-05-10] (Sanford, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe Photo Downloader] - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1066504 2013-06-13] (Carbonite, Inc.)
HKLM-x32\...\Run: [DBAgent] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)
AppInit_DLLs: C:\windows\system32\nvinitx.dll [266448 2013-08-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll [214960 2013-08-27] (NVIDIA Corporation)
Startup: C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey.lnk
ShortcutTarget: AutoHotkey.lnk -> C:\Users\Kenneth\Desktop\Downloads\Auto HotKey\AutoHotkey.exe ()
Startup: C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
URLSearchHook: (No Name) - {6f52f077-2dbf-f864-8da7-73cc1a21005a} -  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - {37F24943-6924-4964-A6E6-B1290DA92501} URL = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=DPgUeGb11NSUl4XpsJVeAGU0t1g?q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Upromise RewardU Toolbar BHO - {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll ()
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Upromise RewardU Toolbar - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR RestoreOnStartup: "hxxp://latimes.com/", "hxxp://jsonline.com/", "hxxp://host.madison.com/wsj"
CHR DefaultSearchURL: (Bing) - http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Plugin: (Shockwave Flash) - C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Kenneth\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [236144 2012-07-13] (CyberLink)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [8704 2012-07-25] (Microsoft Corporation)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [122880 2012-07-12] ()
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [62976 2012-07-25] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1919336 2012-08-06] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
S4 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [670208 2013-04-08] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)
R3 azvusb; C:\Windows\System32\drivers\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-10-01] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CW100; C:\Windows\System32\Drivers\CW100.sys [24704 2008-10-30] (CASIO COMPUTER CO.,LTD.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-10-14] (Symantec Corporation)
R3 FintekCIR; C:\Windows\System32\drivers\FintekCIR.sys [33128 2012-06-07] (Fintek)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-08] (Atheros)
S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [946176 2010-03-10] (DiBcom)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131021.001\ENG64.SYS [126040 2013-10-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131021.001\EX64.SYS [2099288 2013-10-21] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 PCTV340_801; C:\Windows\System32\Drivers\dvb7700all.sys [946176 2010-03-10] (DiBcom)
S3 pmxdrv; C:\windows\system32\drivers\pmxdrv.sys [31152 2013-10-08] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-08-08] (Qualcomm Atheros Communications Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
R3 tilfilter; C:\Windows\System32\drivers\TIxHCIlfilter.sys [17528 2012-11-20] (Texas Instruments, Inc.)
R3 tiufilter; C:\Windows\System32\drivers\TIxHCIufilter.sys [23184 2012-11-20] (Texas Instruments, Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-22 13:05 - 2013-10-22 13:05 - 00000000 ____D C:\FRST
2013-10-22 12:11 - 2013-10-22 12:11 - 01087503 _____ (Farbar) C:\Users\Kenneth\Desktop\FRST.exe
2013-10-22 12:08 - 2013-10-22 12:08 - 01954682 _____ (Farbar) C:\Users\Kenneth\Downloads\FRST64 (3).exe
2013-10-22 12:08 - 2013-10-22 12:08 - 01954682 _____ (Farbar) C:\Users\Kenneth\Downloads\FRST64 (2).exe
2013-10-22 12:07 - 2013-10-22 12:07 - 01954682 _____ (Farbar) C:\Users\Kenneth\Downloads\FRST64 (1).exe
2013-10-22 12:06 - 2013-10-22 12:09 - 01954682 _____ (Farbar) C:\Users\Kenneth\Desktop\FRST64.exe
2013-10-17 16:10 - 2013-10-17 16:10 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2013-10-16 09:00 - 2013-10-21 09:42 - 00029128 _____ C:\Users\Kenneth\Desktop\dds.txt
2013-10-16 09:00 - 2013-10-21 09:42 - 00010990 _____ C:\Users\Kenneth\Desktop\attach.txt
2013-10-16 08:57 - 2013-10-16 08:57 - 00688992 ____R (Swearware) C:\Users\Kenneth\Downloads\dds.com
2013-10-15 12:38 - 2013-10-15 12:38 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2013-10-15 12:38 - 2013-10-15 12:38 - 00008222 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2013-10-15 12:37 - 2013-10-17 16:04 - 00002463 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-10-15 12:36 - 2013-10-15 12:36 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-10-15 12:32 - 2013-10-15 12:32 - 00000000 ____D C:\ProgramData\PCSettings
2013-10-15 09:51 - 2013-10-15 09:51 - 07539624 _____ (Symantec Corporation) C:\Users\Kenneth\Desktop\NRnR.exe
2013-10-14 19:57 - 2013-10-14 19:57 - 00007605 _____ C:\Users\Kenneth\AppData\Local\Resmon.ResmonCfg
2013-10-14 10:04 - 2013-10-14 10:04 - 00001292 _____ C:\Users\Kenneth\Desktop\Norton Installation Files.lnk
2013-10-12 14:04 - 2013-10-12 14:04 - 00000000 ____D C:\Users\Kenneth\AppData\Roaming\DS Development
2013-10-12 14:03 - 2013-10-12 14:04 - 00000000 ____D C:\ProgramData\DS Development
2013-10-10 17:42 - 2013-10-10 17:42 - 02110328 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-10 06:10 - 2013-07-01 21:41 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2013-10-10 06:10 - 2013-07-01 21:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-10-10 06:10 - 2013-07-01 21:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-10-08 14:17 - 2013-10-08 14:17 - 00001436 _____ C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-08 14:07 - 2013-10-08 14:07 - 00172000 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Kenneth\Downloads\GoToAssistStarter (1).exe
2013-10-08 13:59 - 2013-10-08 13:59 - 00000000 ____D C:\Program Files\My Dell
2013-10-08 13:52 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-08 13:52 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-08 13:52 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-08 13:52 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-08 13:52 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-08 13:52 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-08 13:52 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-08 13:52 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-08 13:52 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-08 13:52 - 2013-07-05 20:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-08 13:52 - 2013-07-03 22:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-08 13:52 - 2013-05-15 18:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-10-08 13:52 - 2013-05-15 18:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-10-08 13:52 - 2013-05-14 09:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-08 13:52 - 2013-05-14 05:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-08 13:52 - 2013-04-28 18:28 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-10-08 13:52 - 2013-02-21 06:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-08 13:52 - 2013-02-21 06:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-08 13:52 - 2013-02-21 06:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-08 13:52 - 2013-02-21 06:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-08 13:52 - 2013-02-19 05:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2013-10-08 13:52 - 2012-11-08 00:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-08 13:52 - 2012-11-08 00:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-08 13:51 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-08 13:51 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-08 13:51 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-08 13:51 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-08 13:51 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-08 13:51 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-08 13:51 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-08 13:51 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-08 13:51 - 2013-08-23 01:11 - 04040192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-08 13:51 - 2013-07-19 18:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 13:51 - 2013-07-19 18:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 13:51 - 2013-07-05 18:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-08 13:51 - 2013-07-05 18:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-08 13:51 - 2013-07-01 18:14 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-08 13:51 - 2013-07-01 18:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys
2013-10-08 13:51 - 2013-06-30 21:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-08 13:51 - 2013-06-30 21:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-08 13:51 - 2013-06-30 21:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-08 13:51 - 2013-06-30 21:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-08 13:51 - 2013-06-28 23:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-08 13:51 - 2013-06-28 23:07 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-08 13:51 - 2013-06-28 23:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-08 13:51 - 2013-06-28 23:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-08 13:51 - 2013-06-22 01:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-08 13:51 - 2013-06-22 01:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2013-10-08 13:51 - 2013-05-26 19:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-08 13:51 - 2013-05-26 18:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-08 13:51 - 2013-05-24 23:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-08 13:51 - 2013-05-24 22:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-08 13:51 - 2013-02-21 06:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-08 13:51 - 2013-02-21 06:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-08 13:35 - 2013-10-08 13:35 - 01779712 _____ (Dell Inc) C:\Users\Kenneth\Downloads\aulauncher.exe
2013-10-08 13:20 - 2013-10-08 13:20 - 00000000 ____D C:\Users\Kenneth\AppData\Roaming\Intel
2013-10-08 13:19 - 2013-10-08 13:19 - 00000000 ____D C:\ProgramData\Intel.sav
2013-10-08 13:19 - 2013-10-08 13:19 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-10-08 13:15 - 2013-10-08 13:17 - 96974304 _____ C:\Users\Kenneth\Downloads\WIFI_INTEL_W84_A01_SETUP-DDG59_ZPE.exe
2013-10-08 13:13 - 2013-10-08 13:13 - 12982280 _____ (DELL INC.) C:\Users\Kenneth\Downloads\XPS One 2710 A11 (1).exe
2013-10-08 13:13 - 2013-10-08 13:13 - 00000062 _____ C:\SerialNumber.txt
2013-10-08 13:11 - 2013-10-08 14:32 - 00000000 ____D C:\Program Files\Dell
2013-10-08 13:11 - 2013-10-08 13:11 - 06406792 _____ (Dell                                                        ) C:\ProgramData\Dell Click 2 Fix+-64-bit-V2545.exe
2013-10-08 13:10 - 2013-10-05 14:00 - 00867608 _____ C:\windows\DellClick2Fix+_DownloadManager.exe
2013-10-08 13:10 - 2013-10-05 13:59 - 00379276 _____ C:\windows\DellClick2Fix+_DownloadManager-1.bin
2013-10-08 13:10 - 2013-10-05 13:59 - 00012124 _____ C:\windows\DellClick2Fix+_DownloadManager-0.bin
2013-10-08 13:08 - 2013-10-08 13:08 - 01006872 _____ (                                                            ) C:\Users\Kenneth\Downloads\DellClick2Fix+_DownloadManager_V1.0.0.4-deb3e0e2df75b55d0bca9fa03a0619e9 (1).exe
2013-10-08 12:54 - 2013-10-08 12:54 - 01006872 _____ (                                                            ) C:\Users\Kenneth\Downloads\DellClick2Fix+_DownloadManager_V1.0.0.4-deb3e0e2df75b55d0bca9fa03a0619e9.exe
2013-10-05 08:56 - 2013-10-05 08:56 - 00000000 ____D C:\Users\Kenneth\AppData\Local\IsolatedStorage
2013-10-01 17:23 - 2013-10-01 17:23 - 00001944 _____ C:\{810BD905-F937-42A5-8C7F-ACB2A700065E}
2013-10-01 17:17 - 2013-10-01 17:18 - 00000000 ____D C:\windows\SysWOW64\NV
2013-10-01 17:17 - 2013-10-01 17:17 - 00000000 ____D C:\windows\system32\NV
2013-10-01 17:05 - 2013-08-10 01:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2013-10-01 17:05 - 2013-08-10 01:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2013-10-01 17:05 - 2013-08-09 23:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2013-10-01 17:05 - 2013-08-03 02:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2013-10-01 17:05 - 2013-08-03 02:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2013-10-01 17:05 - 2013-08-03 02:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2013-10-01 17:05 - 2013-08-03 01:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2013-10-01 17:05 - 2013-08-03 01:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2013-10-01 17:05 - 2013-08-03 01:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2013-10-01 17:05 - 2013-08-02 02:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-10-01 17:05 - 2013-08-02 02:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2013-10-01 17:05 - 2013-08-02 02:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-10-01 17:05 - 2013-08-02 02:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-10-01 17:05 - 2013-08-02 01:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-10-01 17:05 - 2013-08-02 01:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2013-10-01 17:05 - 2013-08-02 01:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-10-01 17:05 - 2013-08-02 01:06 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-10-01 17:05 - 2013-08-01 06:41 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-01 17:05 - 2013-07-30 19:30 - 00386923 _____ C:\windows\system32\ApnDatabase.xml
2013-10-01 17:05 - 2013-07-24 19:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2013-10-01 17:05 - 2013-07-24 19:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2013-10-01 17:05 - 2013-07-13 02:15 - 00459776 _____ (Microsoft Corporation) C:\windows\system32\appmgr.dll
2013-10-01 17:05 - 2013-07-13 00:23 - 00366592 _____ (Microsoft Corporation) C:\windows\SysWOW64\appmgr.dll
2013-10-01 17:05 - 2013-04-09 19:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2013-10-01 17:05 - 2013-04-09 18:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2013-09-25 09:36 - 2013-09-25 09:39 - 00000060 _____ C:\windows\PERFV37_370.ini
2013-09-25 09:36 - 2012-08-08 00:00 - 00094208 _____ (Seiko Epson Corporation.) C:\windows\system32\esxw2_dd.dll
2013-09-25 09:36 - 2012-04-20 00:00 - 00262144 _____ (Seiko Epson Corporation) C:\windows\SysWOW64\esintdd.dll
2013-09-25 09:36 - 2012-04-18 00:00 - 00281088 _____ (Seiko Epson Corporation) C:\windows\system32\esxuindd.dll
2013-09-25 09:36 - 2012-03-26 01:00 - 00065793 _____ C:\windows\system32\esfwdd.bin

==================== One Month Modified Files and Folders =======

2013-10-22 13:05 - 2013-10-22 13:05 - 00000000 ____D C:\FRST
2013-10-22 13:05 - 2013-06-07 09:13 - 00000000 ____D C:\Users\Kenneth\Documents\Outlook Files
2013-10-22 13:02 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\sru
2013-10-22 12:49 - 2013-06-07 09:00 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2183751426-3156833515-2721662838-1001
2013-10-22 12:47 - 2013-06-13 08:30 - 00000000 ____D C:\Users\Kenneth\AppData\Roaming\Copy
2013-10-22 12:44 - 2013-05-20 21:20 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-10-22 12:11 - 2013-10-22 12:11 - 01087503 _____ (Farbar) C:\Users\Kenneth\Desktop\FRST.exe
2013-10-22 12:09 - 2013-10-22 12:06 - 01954682 _____ (Farbar) C:\Users\Kenneth\Desktop\FRST64.exe
2013-10-22 12:09 - 2013-06-09 13:41 - 00024064 ___SH C:\Users\Kenneth\Downloads\Thumbs.db
2013-10-22 12:08 - 2013-10-22 12:08 - 01954682 _____ (Farbar) C:\Users\Kenneth\Downloads\FRST64 (3).exe
2013-10-22 12:08 - 2013-10-22 12:08 - 01954682 _____ (Farbar) C:\Users\Kenneth\Downloads\FRST64 (2).exe
2013-10-22 12:07 - 2013-10-22 12:07 - 01954682 _____ (Farbar) C:\Users\Kenneth\Downloads\FRST64 (1).exe
2013-10-22 11:17 - 2013-06-08 14:57 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2183751426-3156833515-2721662838-1001UA.job
2013-10-22 07:56 - 2013-06-07 08:52 - 00000000 ____D C:\Users\Kenneth\AppData\Local\Packages
2013-10-21 15:50 - 2013-05-20 20:53 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-21 15:50 - 2012-07-26 03:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-21 14:52 - 2008-07-19 19:41 - 00000000 ___RD C:\Users\Kenneth\Desktop\MySpace Images
2013-10-21 14:52 - 2008-07-19 15:32 - 00000000 ____D C:\Users\Kenneth\Documents\Slides
2013-10-21 14:42 - 2012-07-26 03:28 - 00850046 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-21 12:38 - 2013-06-07 08:51 - 00000000 ____D C:\Users\Kenneth
2013-10-21 09:42 - 2013-10-16 09:00 - 00029128 _____ C:\Users\Kenneth\Desktop\dds.txt
2013-10-21 09:42 - 2013-10-16 09:00 - 00010990 _____ C:\Users\Kenneth\Desktop\attach.txt
2013-10-21 07:55 - 2013-05-20 22:50 - 00362484 _____ C:\windows\PFRO.log
2013-10-20 15:43 - 2008-07-17 19:05 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-10-20 15:23 - 2012-07-26 01:26 - 00524288 ___SH C:\windows\system32\config\BBI
2013-10-20 12:30 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\NDF
2013-10-20 04:17 - 2013-06-08 14:57 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2183751426-3156833515-2721662838-1001Core.job
2013-10-18 13:49 - 2008-10-29 12:34 - 00000000 ____D C:\Users\Public\Images
2013-10-18 13:33 - 2008-07-19 15:54 - 00000000 ____D C:\Users\Kenneth\Documents\Web Page
2013-10-18 08:19 - 2013-06-08 14:59 - 00002382 _____ C:\Users\Kenneth\Desktop\Google Chrome.lnk
2013-10-18 07:21 - 2012-07-26 01:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-10-18 07:17 - 2012-07-26 04:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-10-17 16:10 - 2013-10-17 16:10 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2013-10-17 16:05 - 2013-06-07 15:33 - 00003234 _____ C:\windows\System32\Tasks\Norton WSC Integration
2013-10-17 16:05 - 2013-06-07 15:32 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2013-10-17 16:04 - 2013-10-15 12:37 - 00002463 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-10-17 12:42 - 2013-05-20 20:54 - 01420502 _____ C:\windows\WindowsUpdate.log
2013-10-16 08:57 - 2013-10-16 08:57 - 00688992 ____R (Swearware) C:\Users\Kenneth\Downloads\dds.com
2013-10-15 12:38 - 2013-10-15 12:38 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2013-10-15 12:38 - 2013-10-15 12:38 - 00008222 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2013-10-15 12:38 - 2013-06-07 15:33 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-15 12:36 - 2013-10-15 12:36 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-10-15 12:36 - 2013-06-07 15:31 - 00000000 ____D C:\ProgramData\Norton
2013-10-15 12:32 - 2013-10-15 12:32 - 00000000 ____D C:\ProgramData\PCSettings
2013-10-15 09:51 - 2013-10-15 09:51 - 07539624 _____ (Symantec Corporation) C:\Users\Kenneth\Desktop\NRnR.exe
2013-10-15 04:32 - 2012-07-26 04:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-10-14 19:57 - 2013-10-14 19:57 - 00007605 _____ C:\Users\Kenneth\AppData\Local\Resmon.ResmonCfg
2013-10-14 10:15 - 2013-06-24 09:20 - 00000000 ____D C:\Users\Kenneth\AppData\Roaming\DYMO Stamps
2013-10-14 10:04 - 2013-10-14 10:04 - 00001292 _____ C:\Users\Kenneth\Desktop\Norton Installation Files.lnk
2013-10-14 10:04 - 2013-01-02 17:38 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-14 10:04 - 2011-07-21 08:08 - 02671616 ___SH C:\Users\Kenneth\Desktop\Thumbs.db
2013-10-12 14:45 - 2013-06-08 12:01 - 00000000 ____D C:\Users\Kenneth\AppData\Local\CrashDumps
2013-10-12 14:04 - 2013-10-12 14:04 - 00000000 ____D C:\Users\Kenneth\AppData\Roaming\DS Development
2013-10-12 14:04 - 2013-10-12 14:03 - 00000000 ____D C:\ProgramData\DS Development
2013-10-11 17:10 - 2011-06-23 10:08 - 00000513 _____ C:\Users\Kenneth\Desktop\weather.com.website
2013-10-10 20:04 - 2013-07-21 16:20 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-10 17:42 - 2013-10-10 17:42 - 02110328 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-10 04:12 - 2013-06-08 14:57 - 00003884 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2183751426-3156833515-2721662838-1001UA
2013-10-10 04:12 - 2013-06-08 14:57 - 00003504 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2183751426-3156833515-2721662838-1001Core
2013-10-09 07:26 - 2013-06-09 16:58 - 00000125 ___SH C:\ProgramData\.zreglib
2013-10-08 20:13 - 2012-07-26 04:12 - 00000000 ____D C:\windows\rescache
2013-10-08 15:54 - 2013-08-13 20:48 - 00000000 ____D C:\windows\system32\MRT
2013-10-08 15:53 - 2013-06-08 03:02 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-08 14:32 - 2013-10-08 13:11 - 00000000 ____D C:\Program Files\Dell
2013-10-08 14:31 - 2013-06-08 14:57 - 00000000 ____D C:\Users\Kenneth\AppData\Local\Deployment
2013-10-08 14:17 - 2013-10-08 14:17 - 00001436 _____ C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-08 14:07 - 2013-10-08 14:07 - 00172000 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Kenneth\Downloads\GoToAssistStarter (1).exe
2013-10-08 13:59 - 2013-10-08 13:59 - 00000000 ____D C:\Program Files\My Dell
2013-10-08 13:38 - 2013-05-20 21:24 - 00000000 ____D C:\ProgramData\PCDr
2013-10-08 13:35 - 2013-10-08 13:35 - 01779712 _____ (Dell Inc) C:\Users\Kenneth\Downloads\aulauncher.exe
2013-10-08 13:22 - 2013-05-20 20:57 - 00000000 ____D C:\Program Files\Intel
2013-10-08 13:20 - 2013-10-08 13:20 - 00000000 ____D C:\Users\Kenneth\AppData\Roaming\Intel
2013-10-08 13:20 - 2013-08-01 08:00 - 00000000 ____D C:\Users\postgres
2013-10-08 13:20 - 2013-06-13 15:21 - 00017732 _____ C:\windows\DPINST.LOG
2013-10-08 13:20 - 2012-07-26 01:37 - 00000000 __RHD C:\Users\Default
2013-10-08 13:19 - 2013-10-08 13:19 - 00000000 ____D C:\ProgramData\Intel.sav
2013-10-08 13:19 - 2013-10-08 13:19 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-10-08 13:19 - 2013-06-07 08:56 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-10-08 13:19 - 2013-05-20 21:29 - 00000000 ____D C:\ProgramData\Intel
2013-10-08 13:19 - 2013-05-20 20:57 - 00000000 ____D C:\Program Files (x86)\Intel
2013-10-08 13:17 - 2013-10-08 13:15 - 96974304 _____ C:\Users\Kenneth\Downloads\WIFI_INTEL_W84_A01_SETUP-DDG59_ZPE.exe
2013-10-08 13:14 - 2013-06-23 15:31 - 00031152 _____ C:\windows\system32\Drivers\pmxdrv.sys
2013-10-08 13:13 - 2013-10-08 13:13 - 12982280 _____ (DELL INC.) C:\Users\Kenneth\Downloads\XPS One 2710 A11 (1).exe
2013-10-08 13:13 - 2013-10-08 13:13 - 00000062 _____ C:\SerialNumber.txt
2013-10-08 13:11 - 2013-10-08 13:11 - 06406792 _____ (Dell                                                        ) C:\ProgramData\Dell Click 2 Fix+-64-bit-V2545.exe
2013-10-08 13:08 - 2013-10-08 13:08 - 01006872 _____ (                                                            ) C:\Users\Kenneth\Downloads\DellClick2Fix+_DownloadManager_V1.0.0.4-deb3e0e2df75b55d0bca9fa03a0619e9 (1).exe
2013-10-08 12:54 - 2013-10-08 12:54 - 01006872 _____ (                                                            ) C:\Users\Kenneth\Downloads\DellClick2Fix+_DownloadManager_V1.0.0.4-deb3e0e2df75b55d0bca9fa03a0619e9.exe
2013-10-08 12:43 - 2013-06-23 15:17 - 00103272 _____ C:\Users\Kenneth\GoToAssistDownloadHelper.exe
2013-10-05 14:00 - 2013-10-08 13:10 - 00867608 _____ C:\windows\DellClick2Fix+_DownloadManager.exe
2013-10-05 13:59 - 2013-10-08 13:10 - 00379276 _____ C:\windows\DellClick2Fix+_DownloadManager-1.bin
2013-10-05 13:59 - 2013-10-08 13:10 - 00012124 _____ C:\windows\DellClick2Fix+_DownloadManager-0.bin
2013-10-05 08:56 - 2013-10-05 08:56 - 00000000 ____D C:\Users\Kenneth\AppData\Local\IsolatedStorage
2013-10-01 21:38 - 2013-06-08 13:50 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-01 21:38 - 2013-06-08 13:50 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-01 17:23 - 2013-10-01 17:23 - 00001944 _____ C:\{810BD905-F937-42A5-8C7F-ACB2A700065E}
2013-10-01 17:18 - 2013-10-01 17:17 - 00000000 ____D C:\windows\SysWOW64\NV
2013-10-01 17:18 - 2013-06-07 08:52 - 00000000 ___RD C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-01 17:18 - 2013-06-07 08:52 - 00000000 ___RD C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-01 17:17 - 2013-10-01 17:17 - 00000000 ____D C:\windows\system32\NV
2013-10-01 17:14 - 2012-07-26 04:12 - 00000000 ___RD C:\windows\ToastData
2013-10-01 17:12 - 2013-05-20 22:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-01 17:10 - 2013-05-20 22:51 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-25 15:30 - 2013-06-11 08:41 - 00000000 ____D C:\Users\Kenneth\AppData\Local\Adobe
2013-09-25 09:39 - 2013-09-25 09:36 - 00000060 _____ C:\windows\PERFV37_370.ini
2013-09-25 09:39 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\FxsTmp
2013-09-25 09:38 - 2013-06-14 12:38 - 00000000 ____D C:\Program Files (x86)\epson
2013-09-25 09:37 - 2013-06-14 12:39 - 00000000 ____D C:\Program Files (x86)\Epson Software
2013-09-25 09:36 - 2013-06-14 12:38 - 00000936 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-22 19:28 - 2013-10-08 13:52 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-22 19:28 - 2013-10-08 13:52 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-22 19:27 - 2013-10-08 13:52 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-22 19:27 - 2013-10-08 13:52 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-22 19:27 - 2013-10-08 13:51 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-22 19:27 - 2013-10-08 13:51 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-22 19:27 - 2013-10-08 13:51 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-22 19:27 - 2013-10-08 13:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-22 18:55 - 2013-10-08 13:52 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-22 18:55 - 2013-10-08 13:52 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-22 18:55 - 2013-10-08 13:51 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-22 18:54 - 2013-10-08 13:52 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-22 18:54 - 2013-10-08 13:52 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-22 18:54 - 2013-10-08 13:52 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-22 18:54 - 2013-10-08 13:51 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-22 18:54 - 2013-10-08 13:51 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-22 18:54 - 2013-10-08 13:51 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

Files to move or delete:
====================
C:\ProgramData\Dell Click 2 Fix+-64-bit-V2545.exe

Some content of TEMP:
====================
C:\Users\Kenneth\AppData\Local\Temp\AskSLib.dll
C:\Users\Kenneth\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Kenneth\AppData\Local\Temp\COMAP.EXE
C:\Users\Kenneth\AppData\Local\Temp\FastFreeConverter_Somoto2.exe
C:\Users\Kenneth\AppData\Local\Temp\helper.exe
C:\Users\Kenneth\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Kenneth\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Kenneth\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Kenneth\AppData\Local\Temp\pricepeep_130001_0101.exe
C:\Users\Kenneth\AppData\Local\Temp\readSTILog.dll
C:\Users\Kenneth\AppData\Local\Temp\setup.exe
C:\Users\Kenneth\AppData\Local\Temp\Setup.X86.en-US_HomeBusinessRetail_693051ce-e5a5-48b9-bd55-fb01cff50986_TX_PR_.exe
C:\Users\Kenneth\AppData\Local\Temp\SetupProPlusRetail.x86.en-us.exe
C:\Users\Kenneth\AppData\Local\Temp\sqlite3.exe
C:\Users\Kenneth\AppData\Local\Temp\_is15F5.exe
C:\Users\Kenneth\AppData\Local\Temp\_is2D94.exe
C:\Users\Kenneth\AppData\Local\Temp\_isBAF6.exe
C:\Users\Kenneth\AppData\Local\Temp\_isD78B.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-09 03:00

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2013
Ran by Kenneth at 2013-10-22 13:07:00
Running from C:\Users\Kenneth\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Photoshop Elements 11 (x32 Version: 11.0)
Adobe Photoshop Elements 6.0 (x32 Version: 6.0)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
AnyDVD (x32 Version: 7.2.0.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft MediaImpression 2 (x32 Version: 2.0.14.672)
ArcSoft Scan-n-Stitch Deluxe (x32 Version: 1.1.2.27)
AutoUpdate (x32 Version: 1.1)
Bonjour (Version: 3.0.0.10)
Carbonite (x32 Version: 5.4.7 build 3239 (Jun-13-2013))
CloneDVD2 (x32 Version: 2.9.3.0)
Convert AVI to MP4 (x32)
Copy (Version: 1.30.347.0)
Corel WinDVD (x32 Version: 11)
Corel WinDVD Pro 11 (x32 Version: 11.0.0.289)
CuteFTP 8 Home (x32 Version: 8.3.4)
CuteSITE Builder (x32 Version: 5.0)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913)
CyberLink Media Suite Essentials (x32 Version: 10.0)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904)
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52)
D3DX10 (x32 Version: 15.4.2368.0902)
DAZzle (x32)
Dell Backup and Recovery - Support Software (x32 Version: 1.0.0.1)
Dell Backup and Recovery (x32 Version: 1.0.0.1)
DELLOSD (x32 Version: 1.0.0.14)
DISC TITLE PRINTER for CW-100 (x32 Version: 4.50.000)
DivX Codec (x32 Version: 6.6.1)
DVD Decrypter (Remove Only) (x32)
DVDFab 8.2.2.8 (26/02/2013) Qt (x32)
DYMO Label v.8 (x32 Version: 8.5.0.1751)
DYMO Printable Postage (x32 Version: 3.3)
Elements 11 Organizer (x32 Version: 11.0)
Elevated Installer (x32 Version: 2.1.13)
Epson Copy Utility 3.5 (x32 Version: 3.5.0.0)
Epson Event Manager (x32 Version: 2.40.0001)
EPSON Perfection V33/V330 Photo Scanner Driver Update (x32)
EPSON Perfection V37 Scanner Driver Update version 3.0.2.0 (x32 Version: 3.0.2.0)
EPSON Scan (x32)
Extended Asian Language font pack for Adobe Reader XI (x32 Version: 11.0.0)
Fidelity Active Trader Pro® (x32 Version: 9.8.84.0)
Garmin Express (x32 Version: 2.1.13)
Garmin Express Tray (x32 Version: 2.1.13)
Garmin Update Service (x32 Version: 2.1.13)
Google Chrome (HKCU Version: 30.0.1599.101)
H&R Block Basic + Efile + State 2012 (x32 Version: 12.03.7803)
ICA (x32 Version: 1.0)
ICA (x32 Version: 11.5.0.61)
ImgBurn (x32 Version: 2.5.7.0)
Intel PROSet Wireless
Intel® Control Center (x32 Version: 1.2.1.1008)
Intel® Processor Graphics (x32 Version: 9.17.10.2849)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.5.4.0423)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.6.1209.0268)
Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel® PROSet/Wireless WiFi Software (Version: 15.05.6000.1620)
IPM (x32 Version: 1.00.0000)
IPM (x32 Version: 11.5)
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.2.4)
Java™ 6 Update 22 (x32 Version: 6.0.220)
Legalsounds Download Manager (x32 Version: 1.4.9)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0)
MakeMKV v1.8.3 (x32 Version: v1.8.3)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office Home and Business 2013 - en-us (Version: 15.0.4535.1511)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero Blu-ray Player (x32 Version: 12.0.20012)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000)
Nero ControlCenter (x32 Version: 11.0.15600)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000)
Nero Core Components (x32 Version: 11.0.20200)
Nero Disc Menus Basic (x32 Version: 12.0.11500)
Nero Effects Basic (x32 Version: 12.0.11500)
Nero Kwik Media (x32 Version: 1.18.20100)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero PiP Effects Basic (x32 Version: 12.0.11500)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
Nero Video (x32 Version: 12.5.2001)
Nero Video 12 (x32 Version: 12.5.00600)
Nero Video Help (CHM) (x32 Version: 12.0.12000)
neroxml (x32 Version: 1.0.0)
Norton Internet Security (x32 Version: 21.1.0.18)
NVIDIA 3D Vision Driver 320.78 (Version: 320.78)
NVIDIA Control Panel 320.78 (Version: 320.78)
NVIDIA Graphics Driver 320.78 (Version: 320.78)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA Optimus 1.14.17 (Version: 1.14.17)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2078)
NVIDIA Update 1.14.17 (Version: 1.14.17)
NVIDIA Update Components (Version: 1.14.17)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1511)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PeaZip 4.2 (WIN64)
Photo Gallery (x32 Version: 16.4.3505.0912)
Prerequisite installer (x32 Version: 12.0.0003)
PSE11 STI Installer (x32 Version: 11.0)
Quicken 2012 (x32 Version: 21.1.7.18)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6673)
Remote Control USB Driver (x32 Version: 2.3.2.317)
Seagate Dashboard 2.0 (x32 Version: 2.2.29.0)
Setup (x32 Version: 11.0)
Setup (x32 Version: 11.5.0.61)
Shared C Run-time for x64 (Version: 10.0.0)
sMedio WinDVD Pro 11 (x32 Version: 11.5.0.61)
TI xHCI Filter Driver 1.0.0.4 (x32 Version: 1.0.0.4)
TVCenter (Version: 6.4.4.905)
Upromise RewardU Toolbar (x32)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinDVD (x32 Version: 11.5.0.61)
WordPerfect Office IFilter 32-bit (x32 Version: 1.4)
WordPerfect Office IFilter 64-bit (Version: 1.4)
WordPerfect Office X6 - Common Files (x32 Version: 16.2.1)
WordPerfect Office X6 - Common Files English (x32 Version: 16.2)
WordPerfect Office X6 - Extras (x32 Version: 1.00.0000)
WordPerfect Office X6 - IPM (x32 Version: 16.2)
WordPerfect Office X6 - Lightning Files (x32 Version: 16.2)
WordPerfect Office X6 - Lightning Files English (x32 Version: 16.2)
WordPerfect Office X6 - Oxford (x32 Version: 16.2)
WordPerfect Office X6 - Presentations Files (x32 Version: 16.2)
WordPerfect Office X6 - Presentations Files English (x32 Version: 16.2)
WordPerfect Office X6 - Quattro Pro Files (x32 Version: 16.2.1)
WordPerfect Office X6 - Quattro Pro Files English (x32 Version: 16.2)
WordPerfect Office X6 - Setup Files (x32 Version: 16.2.1)
WordPerfect Office X6 - System Files (x32 Version: 15.0)
WordPerfect Office X6 - WordPerfect Files (x32 Version: 16.2.1)
WordPerfect Office X6 - WordPerfect Files English (x32 Version: 16.2.1)
WordPerfect Office X6 - WT (x32 Version: 16.1)
WordPerfect Office X6 (x32 Version: 16.0)
WordPerfect Office X6 (x32 Version: 16.0.0.428)
Xara Web Designer 7 (x32 Version: 7.1.2.18332)
Xilisoft MP4 to MP3 Converter 6 (x32 Version: 6.8.0.1101)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2012-07-26 01:26 - 2011-01-12 18:45 - 00000734 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {08A6B621-97B0-4BE3-B14A-6B7A0E756671} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {23D15609-5288-4E58-AF6B-75AFB88FC4B3} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-05-30] (Seagate Technology LLC)
Task: {2DC4BE05-1811-4779-80B5-EB9D3A133B81} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {31C4BF36-6EEE-4EB8-A25E-CA37ED9BE567} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {582935C1-995F-4BF8-8ABA-0F583B657799} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {5E4F6C7F-4AEE-4305-BA48-8FD71C0F8860} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5F590A83-EDCF-41CB-9B14-AB107B0E0840} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2183751426-3156833515-2721662838-1001UA => C:\Users\Kenneth\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-08] (Google Inc.)
Task: {68B808E5-6C03-4718-8D0E-5B969A9FE986} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-06] (Microsoft Corporation)
Task: {84520434-4292-4DC1-919A-25FEB2B46129} - System32\Tasks\Kenneth => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)
Task: {9CD7E2C1-37AE-49EA-87AA-8E1308650DBA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B327F634-E0BD-469E-9EEA-3DE43B80E568} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-k-astern@roadrunner.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {B6D0DC0C-67A1-4D69-B657-BBF375CD802F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {B7E1229D-17D0-40A4-974F-DA0114088932} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {BB327400-F243-4F28-AECD-1F64774EA0D5} - System32\Tasks\Kenneth Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)
Task: {C84760BA-67C6-4AB5-B88B-8668D731FACA} - System32\Tasks\Kenneth DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-05-30] (Seagate Technology LLC)
Task: {CB257A38-3BDD-444E-AF34-8480AE5F2250} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2183751426-3156833515-2721662838-1001Core => C:\Users\Kenneth\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-08] (Google Inc.)
Task: {E30D1E86-0490-4E74-B147-85A355861150} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {FC3C966C-B685-4761-9CE1-7AC3F0529393} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2183751426-3156833515-2721662838-1001Core.job => C:\Users\Kenneth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2183751426-3156833515-2721662838-1001UA.job => C:\Users\Kenneth\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-16 04:29 - 2013-10-10 18:01 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-06-13 08:30 - 2013-06-13 08:30 - 07430472 _____ () C:\Users\Kenneth\AppData\Roaming\Copy\overlay\Brt.dll
2013-05-20 23:36 - 2012-09-17 18:23 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-17 03:01 - 2013-08-17 03:01 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\26def6ab53d268e53635f2a61a1b2ed3\PSIClient.ni.dll
2013-05-20 21:20 - 2012-08-09 14:51 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-05-20 21:20 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-05-20 21:20 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2013-05-20 23:38 - 2012-08-01 17:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-09-13 03:25 - 2013-10-10 17:58 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-08-16 04:27 - 2013-10-10 17:58 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-1192705732
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-1947474297
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-686492811
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-994924902
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21259447457
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21378673161
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21594276246
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21692002130
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon22146447292
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2461091723
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2675562800
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2680339860
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_0favicon21845846049
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_1favicon2-422203874
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_2favicon21706920621
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_3favicon2-1174578848
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_4favicon2-1701187822
AlternateDataStreams: C:\Users\Kenneth\Documents\Press Release.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2013 07:16:40 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (10/21/2013 08:10:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (10/21/2013 08:10:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (10/21/2013 08:10:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2013 06:55:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (10/21/2013 00:12:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DELL2710)
Description: Activation of app Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/21/2013 06:51:19 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (10/20/2013 07:26:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (10/20/2013 07:26:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (10/20/2013 07:26:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (10/21/2013 07:00:12 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/21/2013 07:00:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/21/2013 06:59:09 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/21/2013 06:59:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\windows\system32\wbem\wmiprvse.exe -Embedding1455{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}

Error: (10/21/2013 03:53:50 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1058

Error: (10/21/2013 03:50:49 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:18:00 PM on ‎10/‎21/‎2013 was unexpected.

Error: (10/21/2013 00:41:47 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1058

Error: (10/21/2013 00:39:06 PM) (Source: DCOM) (User: DELL2710)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DELL2710KennethS-1-5-21-2183751426-3156833515-2721662838-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/21/2013 00:39:06 PM) (Source: DCOM) (User: DELL2710)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DELL2710KennethS-1-5-21-2183751426-3156833515-2721662838-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/21/2013 00:39:05 PM) (Source: DCOM) (User: DELL2710)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DELL2710KennethS-1-5-21-2183751426-3156833515-2721662838-1001LocalHost (Using LRPC)UnavailableUnavailable

Microsoft Office Sessions:
=========================
Error: (10/22/2013 07:16:40 AM) (Source: Windows Backup)(User: )
Description: H:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (10/21/2013 08:10:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (10/21/2013 08:10:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (10/21/2013 08:10:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2013 06:55:18 PM) (Source: SideBySide)(User: )
Description: C:\windows\system32\AUDIODG.EXEC:\windows\system32\AUDIODG.EXE0

Error: (10/21/2013 00:12:49 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DELL2710)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927142

Error: (10/21/2013 06:51:19 AM) (Source: Windows Backup)(User: )
Description: H:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (10/20/2013 07:26:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (10/20/2013 07:26:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (10/20/2013 07:26:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
  Date: 2013-06-10 14:35:57.353
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 16270.96 MB
Available physical RAM: 13672.13 MB
Total Pagefile: 53518.96 MB
Available Pagefile: 50857.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1852.88 GB) (Free:1360.42 GB) NTFS
Drive d: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.32 GB) NTFS
Drive e: (JAG_S3_D5) (CDROM) (Total:6.97 GB) (Free:0 GB) UDF
Drive f: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2245.02 GB) NTFS
Drive g: (DATAPART1) (Fixed) (Total:29.82 GB) (Free:29.72 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.53 GB) (Free:0.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 875886C8)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 30 GB) (Disk ID: 0E38744F)
Partition 1: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.

==================== End Of Log ============================

 

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:11 PM

Posted 22 October 2013 - 08:24 PM

Hi Ken,

Thanks for your patience. Please run these.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\ProgramData\Dell Click 2 Fix+-64-bit-V2545.exe
C:\Users\Kenneth\AppData\Local\Temp\AskSLib.dll
C:\Users\Kenneth\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Kenneth\AppData\Local\Temp\COMAP.EXE
C:\Users\Kenneth\AppData\Local\Temp\FastFreeConverter_Somoto2.exe
C:\Users\Kenneth\AppData\Local\Temp\helper.exe
C:\Users\Kenneth\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Kenneth\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Kenneth\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Kenneth\AppData\Local\Temp\pricepeep_130001_0101.exe
C:\Users\Kenneth\AppData\Local\Temp\readSTILog.dll
C:\Users\Kenneth\AppData\Local\Temp\setup.exe
C:\Users\Kenneth\AppData\Local\Temp\Setup.X86.en-US_HomeBusinessRetail_693051ce-e5a5-48b9-bd55-fb01cff50986_TX_PR_.exe
C:\Users\Kenneth\AppData\Local\Temp\SetupProPlusRetail.x86.en-us.exe
C:\Users\Kenneth\AppData\Local\Temp\sqlite3.exe
C:\Users\Kenneth\AppData\Local\Temp\_is15F5.exe
C:\Users\Kenneth\AppData\Local\Temp\_is2D94.exe
C:\Users\Kenneth\AppData\Local\Temp\_isBAF6.exe
C:\Users\Kenneth\AppData\Local\Temp\_isD78B.exe
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-1192705732
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-1947474297
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-686492811
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-994924902
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21259447457
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21378673161
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21594276246
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21692002130
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon22146447292
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2461091723
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2675562800
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2680339860
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_0favicon21845846049
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_1favicon2-422203874
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_2favicon21706920621
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_3favicon2-1174578848
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_4favicon2-1701187822
AlternateDataStreams: C:\Users\Kenneth\Documents\Press Release.eml:OECustomProperty
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 maineiac13

maineiac13
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 23 October 2013 - 07:56 AM

Gary....I am enclosing the logs you requested.

 

As far as performance, Task Manager continues to show 100%CPU.  Memory usage is not high at the moment....but it usually starts to climb gradually even if I am not doing anything.  I will be leaving for a few hours and will report back what the status is at that time.

 

***********************************************************

AdwCleaner log

 

# AdwCleaner v3.010 - Report created 23/10/2013 at 08:13:55
# Updated 20/10/2013 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Kenneth - DELL2710
# Running from : C:\Users\Kenneth\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Kenneth\AppData\Local\Temp\boost_interprocess
File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.FCTB000100987Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.FCTB000100987Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100987.JSOptionsImpl.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Google Chrome v

[ File : C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1979 octets] - [23/10/2013 08:12:21]
AdwCleaner[S0].txt - [1700 octets] - [23/10/2013 08:13:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1760 octets] ##########

 

******************************************

Junkware log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 8 Pro x64
Ran by Kenneth on Wed 10/23/2013 at  8:23:04.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\Users\Kenneth\AppData\LocalLow\FCTB000100987
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Kenneth\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/23/2013 at  8:31:04.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

*********************************************

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2013
Ran by Kenneth at 2013-10-23 08:35:41 Run:1
Running from C:\Users\Kenneth\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\Dell Click 2
Fix+-64-bit-V2545.exe
C:\Users\Kenneth\AppData\Local\Temp\AskSLib.dll
C:\Users\Kenneth\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Kenneth\AppData\Local\Temp\COMAP.EXE
C:\Users\Kenneth\AppData\Local\Temp\FastFreeConverter_Somoto2.exe
C:\Users\Kenneth\AppData\Local\Temp\helper.exe
C:\Users\Kenneth\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Kenneth\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Kenneth\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Kenneth\AppData\Local\Temp\pricepeep_130001_0101.exe
C:\Users\Kenneth\AppData\Local\Temp\readSTILog.dll
C:\Users\Kenneth\AppData\Local\Temp\setup.exe
C:\Users\Kenneth\AppData\Local\Temp\Setup.X86.en-US_HomeBusinessRetail_693051ce-e5a5-48b9-bd55-fb01cff50986_TX_PR_.exe
C:\Users\Kenneth\AppData\Local\Temp\SetupProPlusRetail.x86.en-us.exe
C:\Users\Kenneth\AppData\Local\Temp\sqlite3.exe
C:\Users\Kenneth\AppData\Local\Temp\_is15F5.exe
C:\Users\Kenneth\AppData\Local\Temp\_is2D94.exe
C:\Users\Kenneth\AppData\Local\Temp\_isBAF6.exe
C:\Users\Kenneth\AppData\Local\Temp\_isD78B.exe
AlternateDataStreams:
C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-1192705732
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-1947474297
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-686492811
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-994924902
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21259447457
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21378673161
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21594276246
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon21692002130
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon22146447292
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2461091723
AlternateDataStreams:
C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2675562800
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2680339860
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_0favicon21845846049
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_1favicon2-422203874
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_2favicon21706920621
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_3favicon2-1174578848
AlternateDataStreams: C:\Users\Kenneth\Desktop\weather.com.website:TASKICON_4favicon2-1701187822
AlternateDataStreams: C:\Users\Kenneth\Documents\Press Release.eml:OECustomProperty

*****************

"C:\ProgramData\Dell Click 2" => File/Directory not found.
C:\Users\Kenneth\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\bundlesweetimsetup.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\FastFreeConverter_Somoto2.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\helper.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\PreferencesJson.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\pricepeep_130001_0101.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\readSTILog.dll => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\Setup.X86.en-US_HomeBusinessRetail_693051ce-e5a5-48b9-bd55-fb01cff50986_TX_PR_.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\SetupProPlusRetail.x86.en-us.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\_is15F5.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\_is2D94.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\_isBAF6.exe => Moved successfully.
C:\Users\Kenneth\AppData\Local\Temp\_isD78B.exe => Moved successfully.
Could not move "C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-1192705732" => Scheduled to move on reboot.
C:\Users\Kenneth\Desktop\weather.com.website => ":DESTICON_favicon2-1947474297" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":DESTICON_favicon2-686492811" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":DESTICON_favicon2-994924902" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":DESTICON_favicon21259447457" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":DESTICON_favicon21378673161" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":DESTICON_favicon21594276246" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":DESTICON_favicon21692002130" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":DESTICON_favicon22146447292" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":DESTICON_favicon2461091723" ADS removed successfully.
Could not move "C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2675562800" => Scheduled to move on reboot.
C:\Users\Kenneth\Desktop\weather.com.website => ":DESTICON_favicon2680339860" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":TASKICON_0favicon21845846049" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":TASKICON_1favicon2-422203874" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":TASKICON_2favicon21706920621" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":TASKICON_3favicon2-1174578848" ADS removed successfully.
C:\Users\Kenneth\Desktop\weather.com.website => ":TASKICON_4favicon2-1701187822" ADS removed successfully.
C:\Users\Kenneth\Documents\Press Release.eml => ":OECustomProperty" ADS removed successfully.

=========== Result of Scheduled Files to move ===========

"C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2-1192705732" => File could not move.
"C:\Users\Kenneth\Desktop\weather.com.website:DESTICON_favicon2675562800" => File could not move.

==== End of Fixlog ====

 



#8 maineiac13

maineiac13
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 23 October 2013 - 08:00 AM

FYI - I just got a warning of high CPU usage by Services and Controller app.  The only app that I have running at this moment is IE 10.



#9 maineiac13

maineiac13
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 23 October 2013 - 11:43 AM

Hi Gary,

 

Just returned and as usual, the computer had very high CPU and 98-100% memory usage and is essentially unresponsive.  I checked in Task Manager to see where the high numbers are coming from. 

 

The high CPU comes primarily from Services and Controller App and System.

 

The high memory comes entirely (showing in excess of 14GB of my 16GB) from Service Host: Local System.  This shows some 13 processes within it...but does not break down the memory usage for each such process.  Here are the processes shown:

 

Application Information
Background Intelligent Transfer Service
Computer Browser
IKE and Auth IPsec Keying Modules
IP Helper
Server
Shell Hardware Detection
System Event Notification Service
System Events Broker
Task Scheduler
Themes
User Profile Service
Windows Management Instrumentation

 

I re-booted the computer and it immediately went to 100%CPU with memory an acceptable 29% as the latter usually takes some time to start creeping up to 100%.

 

I am aware that Windows 8.1 is now available.  I have held off downloading that....but wonder if I should go ahead and do so.

 

Ken



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:11 PM

Posted 23 October 2013 - 11:48 AM

Hi Ken,

 

Thanks for the additional information.  I did not anticipate the deletions were going to resolve the issue but we needed to address those first.  Please allow me some time to review our current state.  I am trying to stay up on my logs and remodel my house at the same time!

 

Please hold off on upgrading.  We need to address these things first.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:11 PM

Posted 23 October 2013 - 03:41 PM

Hi Ken,

Thanks for your patience. Please run this.

===================================================

Malwarebytes Anti-Rootkit - Scan Only

--------------------
  • Download Malwarebytes Anti-Rootkit (mbar) and save it to your desktop
  • Unzip the folder to your desktop
  • Double click the mbar icon and select Run
  • Click OK to install it on your desktop
  • If you receive a User Account Control prompt allow it to run
  • If you receive the following screen select Yes and your computer will be restarted

dda-driver-warning.png

  • Click Next on the following screen

start-screen.png

  • On the Update Database: screen click Update to download the latest definition updates then click Next

database-update.png

  • On the Scan System: screen place checkmarks in the Drivers, Sectors, and System boxes (should be checked by default) then click Scan. Please be patient and allow the process to complete

scan-system.png

  • Click the Exit button not Cleanup
  • A system-log report will be created in the mbar folder, please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MBAR report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 maineiac13

maineiac13
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 23 October 2013 - 06:36 PM

Hi Gary.....here is the new log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 17061343232, free: 13922095104

Downloaded database version: v2013.10.23.09
Downloaded database version: v2013.10.11.02
=======================================
------------ Kernel report ------------
     10/23/2013 17:08:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1501000.012\SYMDS64.SYS
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1501000.012\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1501000.012\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS
\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131022.001\IDSvia64.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\System32\drivers\TIxHCIlfilter.sys
\SystemRoot\System32\drivers\TIxHCIufilter.sys
\SystemRoot\system32\DRIVERS\NETwNe64.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\System32\drivers\fdc.sys
\SystemRoot\System32\drivers\FintekCIR.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\circlass.sys
\SystemRoot\System32\drivers\azvusb.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\AMPPAL.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\hidir.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\Drivers\dvb7700all.sys
\SystemRoot\System32\Drivers\BdaSup.SYS
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\Drivers\CW100.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dc3d.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\point64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\windows\system32\Drivers\rikvm_38F51D56.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\System32\drivers\WSDScan.sys
\SystemRoot\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131021.001\EX64.SYS
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131021.001\ENG64.SYS
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80127ea060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000005b\
Lower Device Object: 0xfffffa80127aa7f0
Lower Device Driver Name: \Driver\UASPStor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800f88f060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000041\
Lower Device Object: 0xfffffa800d780060
Lower Device Driver Name: \Driver\iaStorA\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800f890060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000040\
Lower Device Object: 0xfffffa800d7b37f0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800f890060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e9ba910, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f890060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800cbfd3c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800d7b37f0, DeviceName: \Device\00000040\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 875886C8

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 941811340
    GPT Header CurrentLba = 1 BackupLba 3907029167
    GPT Header FirstUsableLba 34  LastUsableLba 3907029134
    GPT Header Guid 9060767e-c9a-41bd-9e46-7fc1af734daf
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 941811340
    Backup GPT header CurrentLba = 3907029167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 3907029134
    Backup GPT header Guid 9060767e-c9a-41bd-9e46-7fc1af734daf
    Backup GPT header Contains 128 partition entries starting at LBA 3907029135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 4e13b9e0-9418-489f-b4eb-6e9530a26928
    FirstLBA 2048  Last LBA 4196351
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID e886756d-d28d-4491-86c3-1ebad96e5361
    FirstLBA 4196352  Last LBA 5220351
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7adabed8-b4-4dc1-9452-e18c87fff1f9
    FirstLBA 5220352  Last LBA 5482495
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID d00979cd-1186-4b7b-a48f-5923f1fa3228
    FirstLBA 5482496  Last LBA 3891245055
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID ad2e19c1-3494-42f3-bbf0-11275eac44c
    FirstLBA 3891245056  Last LBA 3907027119
    Attributes 1
    Partition Name         Microsoft recovery partition

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800f88f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800f88fb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f88f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800ca4e6f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800d780060, DeviceName: \Device\00000041\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E38744F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 62527488

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 32017047552 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 4096
Drive: 2, DevicePointer: 0xfffffa80127ea060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80127eab10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80127ea060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80127aa7f0, DeviceName: \Device\0000005b\, DriverName: \Driver\UASPStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 66F5DB47

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 732563456

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 3000592977920 bytes
Sector size: 4096 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_r.mbam...
Removal finished



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:11 PM

Posted 23 October 2013 - 08:57 PM

Greetings Ken,

I would like to gather some information please.

===================================================

Folder Contents Batch (.bat) File

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press enter
  • Copy and paste the following into the Notepad document:
cd  C:\Users\postgres
dir > print.txt
start print.txt
  • Click File, then Save As...
  • Click Desktop on the left
  • Under the Save as type dropdown, select All Files
  • In the box File Name, input folder.bat
  • Click Save
  • Close the Notepad
  • Locate and double-click folder.bat on the desktop
  • Notepad will open with some text in it. Copy and paste the contents in your next reply
===================================================

Process Explorer

--------------------
  • Please download Process Explorer.zip and save it to your desktop
  • Unzip the folder
  • Double click procexp.exe
  • Double click the precexp icon
  • Click File, Save As..., and save it as the default name
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Folder contents
  • Process Explorer log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 maineiac13

maineiac13
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 24 October 2013 - 11:09 AM

Hi Gary...here are the new logs:

 

In the Process Explorer file, I highlighted the process which shows the greatest amount of memory usage.  Before I sent this, I was watching the numbers and they simply were increasing slightly every second...even though I was not doing anything myself to cause such changes.  The memory usage went from about 3,000 MB to the present more than 9000 MB over a period of time...and will presumably keep climbing until it reaches virtually full use of my 16000 MB memory

 

 

***********************************

Print.txt

 

 Volume in drive C is OS
 Volume Serial Number is F665-3B8E

 Directory of C:\Users\postgres

10/24/2013  08:04 AM    <DIR>          .
10/24/2013  08:04 AM    <DIR>          ..
07/26/2012  04:12 AM    <DIR>          Desktop
08/01/2013  08:00 AM    <DIR>          Documents
07/26/2012  04:12 AM    <DIR>          Downloads
07/26/2012  04:12 AM    <DIR>          Favorites
06/07/2013  04:14 PM    <DIR>          Links
07/26/2012  04:12 AM    <DIR>          Music
07/26/2012  04:12 AM    <DIR>          Pictures
10/24/2013  08:07 AM                99 print.txt
10/08/2013  01:20 PM    <DIR>          Roaming
07/26/2012  04:12 AM    <DIR>          Saved Games
07/26/2012  04:12 AM    <DIR>          Videos
               1 File(s)             99 bytes
              12 Dir(s)  1,481,803,911,168 bytes free

 

**********************************

 

System Idle Process.txt

 

Process CPU Private Bytes Working Set PID Description Company Name
services.exe 20.18 7,540 K 10,288 K 760  
System 18.47 124 K 304 K 4  
spoolsv.exe 14.59 9,400 K 19,852 K 1708 Spooler SubSystem App Microsoft Corporation
System Idle Process 11.16 0 K 20 K 0  
svchost.exe 9.50 4,288 K 10,968 K 3376 Host Process for Windows Services Microsoft Corporation
svchost.exe 8.26 9,741,724 K 9,375,548 K 332 Host Process for Windows Services Microsoft Corporation
BTHSAmpPalService.exe 4.91 1,140 K 3,860 K 528 Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter Intel Corporation
explorer.exe 2.55 67,528 K 148,216 K 3236 Windows Explorer Microsoft Corporation
nvxdsync.exe 2.21 7,344 K 17,316 K 1144  
nvvsvc.exe 2.14 5,260 K 13,116 K 1152  
Interrupts 1.86 0 K 0 K n/a Hardware Interrupts and DPCs 
CarboniteService.exe 0.73 14,560 K 34,844 K 1240 Carbonite Secure Backup Engine Carbonite, Inc. (www.carbonite.com)
lsass.exe 0.64 6,516 K 14,076 K 768 Local Security Authority Process Microsoft Corporation
procexp64.exe 0.59 42,308 K 58,256 K 4076 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
DBAgent.exe 0.57 5,684 K 16,744 K 5976 Seagate Dashboard Seagate Technology LLC
IAStorDataMgrSvc.exe 0.45 34,368 K 41,872 K 6796 IAStorDataSvc Intel Corporation
nis.exe 0.44 50,552 K 21,276 K 2568 Norton Internet Security Symantec Corporation
svchost.exe 0.15 9,684 K 13,624 K 4732 Host Process for Windows Services Microsoft Corporation
Taskmgr.exe 0.11 14,040 K 26,836 K 3720  
dwm.exe 0.10 23,016 K 49,736 K 580  
svchost.exe 0.10 138,140 K 147,592 K 1168 Host Process for Windows Services Microsoft Corporation
csrss.exe 0.08 2,612 K 55,788 K 684  
svchost.exe 0.04 5,676 K 9,808 K 992 Host Process for Windows Services Microsoft Corporation
TabTip.exe 0.04 3,032 K 9,876 K 3244  
ipoint.exe 0.04 4,196 K 1,916 K 3116 IPoint.exe Microsoft Corporation
nis.exe 0.03 133,252 K 12,264 K 3132  
MediaButtons.exe 0.02 1,632 K 6,220 K 4208 DELL MFC Application 
svchost.exe 0.01 4,168 K 9,532 K 3572 Host Process for Windows Services Microsoft Corporation
svchost.exe 0.01 20,788 K 28,604 K 344 Host Process for Windows Services Microsoft Corporation
WmiPrvSE.exe 0.01 5,708 K 11,420 K 5540  
AppleMobileDeviceService.exe < 0.01 2,728 K 8,932 K 2024 MobileDeviceService Apple Inc.
svchost.exe < 0.01 21,192 K 26,132 K 1736 Host Process for Windows Services Microsoft Corporation
AnyDVDtray.exe < 0.01 21,204 K 29,000 K 5880 AnyDVD Application SlySoft, Inc.
Garmin.Cartography.MapUpdate.CoreService.exe < 0.01 20,192 K 29,960 K 2152 Garmin Core Update Service Garmin Ltd or its subsidiaries
rundll32.exe < 0.01 1,980 K 6,184 K 5680 Windows host process (Rundll32) Microsoft Corporation
DellOSDService.exe < 0.01 1,912 K 5,704 K 1960 DellOSDService for Princeville 
daemonu.exe < 0.01 5,216 K 8,272 K 4720 NVIDIA Settings Update Manager NVIDIA Corporation
notepad.exe < 0.01 1,576 K 7,880 K 10168 Notepad Microsoft Corporation
csrss.exe < 0.01 1,884 K 4,652 K 532  
PhotoshopElementsFileAgent.exe < 0.01 3,788 K 1,012 K 6288 Adobe Photoshop Elements 11.0 (component) Adobe Systems Incorporated
PhotoshopElementsFileAgent.exe < 0.01 3,756 K 1,196 K 1864  
ZeroConfigService.exe  4,028 K 12,704 K 3468 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation
WUDFHost.exe  1,412 K 5,448 K 4432  
WmiPrvSE.exe  3,388 K 10,044 K 5544  
wlanext.exe  4,936 K 14,172 K 1476  
winlogon.exe  1,612 K 7,828 K 748  
wininit.exe  872 K 3,612 K 668  
unsecapp.exe  1,356 K 4,472 K 5532  
Toaster.exe  40,072 K 49,080 K 988  
taskhostex.exe  26,072 K 31,648 K 3108 Host Process for Windows Tasks Microsoft Corporation
TabTip32.exe  720 K 2,748 K 3288  
svchost.exe  14,156 K 23,324 K 1092 Host Process for Windows Services Microsoft Corporation
svchost.exe  3,712 K 9,260 K 896 Host Process for Windows Services Microsoft Corporation
svchost.exe  13,652 K 16,744 K 1352 Host Process for Windows Services Microsoft Corporation
svchost.exe  1,376 K 4,516 K 4200 Host Process for Windows Services Microsoft Corporation
smss.exe  292 K 968 K 312  
SftService.exe  13,820 K 19,052 K 3148 SoftThinks Agent Service SoftThinks SAS
Seagate.Dashboard.Uploader.exe  28,520 K 39,388 K 5920 Seagate Dashboard Seagate Technology LLC
Seagate.Dashboard.DASWindowsService.exe  34,188 K 44,440 K 2800 Seagate Dashboard Seagate Technology LLC
RuntimeBroker.exe  8,012 K 17,944 K 6512 Runtime Broker Microsoft Corporation
RtkNGUI64.exe  4,364 K 9,672 K 5340 Realtek HD Audio Manager Realtek Semiconductor
RichVideo.exe  1,232 K 4,360 K 2776 RichVideo Module 
RegSrvc.exe  1,684 K 6,612 K 2752 Intel® PROSet/Wireless Registry Service Intel® Corporation
RAVBg64.exe  5,572 K 10,512 K 5412 HD Audio Background Process Realtek Semiconductor
PsiService_2.exe  944 K 3,484 K 2716 PsiService PsiService Protexis Inc.
procexp.exe  2,252 K 7,612 K 2964 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
ONENOTEM.EXE  2,444 K 2,084 K 3712 Send to OneNote Tool Microsoft Corporation
obexsrv.exe  2,700 K 6,520 K 6732 Bluetooth OBEX Service Motorola Solutions, Inc.
nvvsvc.exe  1,920 K 6,404 K 932 NVIDIA Driver Helper Service, Version 320.78 NVIDIA Corporation
nvtray.exe  3,940 K 10,496 K 3460 NVIDIA Settings NVIDIA Corporation
nvSCPAPISvr.exe  2,496 K 5,680 K 956 Stereo Vision Control Panel API Server NVIDIA Corporation
NASvc.exe  1,800 K 6,056 K 7060 NeroUpdate Nero AG
mDNSResponder.exe  1,440 K 4,800 K 1136 Bonjour Service Apple Inc.
LiveComm.exe Suspended 18,988 K 14,064 K 4524 Communications Service Microsoft Corporation
iviRegMgr.exe  1,020 K 4,116 K 2532 RegMgr Module InterVideo
itype.exe  4,260 K 1,732 K 884 IType.exe Microsoft Corporation
integratedoffice.exe  26,712 K 41,688 K 2636 Microsoft Office Click-to-Run Microsoft Corporation
igfxtray.exe  1,488 K 5,752 K 5712 igfxTray Module Intel Corporation
igfxpers.exe  2,068 K 8,088 K 5780 persistence Module Intel Corporation
IAStorIcon.exe  23,296 K 30,396 K 6180 IAStorIcon Intel Corporation
hkcmd.exe  1,396 K 5,592 K 5736 hkcmd Module Intel Corporation
FastUserSwitching.exe  1,500 K 6,956 K 6124 FastUserSwitching 
EvtEng.exe  4,928 K 11,832 K 2108 Intel® PROSet/Wireless Event Log Service Intel® Corporation
DymoPnpService.exe  24,808 K 18,012 K 920 DymoPnpService Sanford, L.P.
DLSService.exe  988 K 4,064 K 4164 DLSDervice Sanford, L.P.
dllhost.exe  1,860 K 6,568 K 5436  
dllhost.exe  1,108 K 4,416 K 6348 COM Surrogate Microsoft Corporation
devmonsrv.exe  2,764 K 6,672 K 1828 Bluetooth Device Monitor Motorola Solutions, Inc.
dasHost.exe  4,856 K 13,236 K 1284  
conhost.exe  564 K 2,428 K 1500  
conhost.exe  728 K 2,968 K 5896 Console Window Host Microsoft Corporation
BTHSSecurityMgr.exe  2,372 K 7,148 K 6756 Intel® BlueTooth® HS Security Manager Service Intel® Corporation
AutoHotkey.exe  2,704 K 7,620 K 6080 AutoHotkey 
armsvc.exe  1,108 K 3,892 K 1940 Adobe Acrobat Update Service Adobe Systems Incorporated
AERTSr64.exe  524 K 2,284 K 2004 Andrea filters APO access service (64-bit) Andrea Electronics Corporation
ADvdDiscHlp64.exe  1,480 K 3,880 K 3888 AnyDVD 64bit helper 
ACService.exe  1,072 K 3,736 K 1840 ArcSoft Connect Service ArcSoft Inc.

 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:11 PM

Posted 24 October 2013 - 02:14 PM

Greetings,

I would like you to run the .bat file again but with the following command so that we can look inside the sub-folders. Please attach the file.
 
@echo off
dir C:\Users\postgres /s > dir.txt
start dir.txt
----------

In addition, please do this.

===================================================

Clean Boot
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Selective Startup on the General tab
  • Click to clear the Load Startup Items check box
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart
  • Test the CPU and memory usage
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • File attachment
  • Results from Clean Boot

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users