Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Possible Malware/Adware, Scans Posted [Solved]


  • This topic is locked This topic is locked
42 replies to this topic

#1 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 02 November 2014 - 06:07 PM

Just noticed it also appears whatever is going on, I can't copy&paste into Mozilla, which is my preferred browser.  Here are my scans.  Thank you, Jeff.

 

 

aswMBR version 1.0.1.2172 Copyright© 2014 AVAST Software
Run date: 2014-11-02 16:38:23
-----------------------------
16:38:23.131    OS Version: Windows x64 6.1.7601 Service Pack 1
16:38:23.131    Number of processors: 8 586 0x1A05
16:38:23.132    ComputerName: BERRY-PC  UserName: Berry
16:38:24.750    Initialize success
16:38:24.752    VM: initialized successfully
16:38:24.753    VM: Intel CPU supported 
16:38:26.763    VM: supported disk I/O iaStor.sys
16:38:49.155    AVAST engine defs: 14110201
16:40:19.739    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:40:19.743    Disk 0 Vendor: WDC_WD10 19.0 Size: 953869MB BusType: 3
16:40:19.841    VM: Disk 0 MBR read successfully
16:40:19.846    Disk 0 MBR scan
16:40:19.853    Disk 0 Windows VISTA default MBR code
16:40:19.858    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
16:40:19.871    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        13566 MB offset 81920
16:40:19.892    Disk 0 Boot: NTFS     code=1
16:40:19.906    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       940262 MB offset 27865088
16:40:19.935    Disk 0 scanning C:\Windows\system32\drivers
16:40:26.711    Service scanning
16:40:28.316    Service BHDrvx64 C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\BASHDefs\20140821.007\BHDrvx64.sys **LOCKED** 5
16:40:30.145    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
16:40:30.366    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
16:40:32.078    Service IDSVia64 C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\IPSDefs\20140912.001\IDSvia64.sys **LOCKED** 5
16:40:34.235    Service NAVENG C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\VirusDefs\20140912.023\ENG64.SYS **LOCKED** 5
16:40:34.376    Service NAVEX15 C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\VirusDefs\20140912.023\EX64.SYS **LOCKED** 5
16:40:43.624    Modules scanning
16:40:43.635    Disk 0 trace - called modules:
16:40:43.649    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:40:43.657    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008a1a790]
16:40:43.664    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800873f050]
16:40:45.217    AVAST engine scan C:\Windows
16:40:48.284    AVAST engine scan C:\Windows\system32
16:43:09.998    AVAST engine scan C:\Windows\system32\drivers
16:43:47.600    AVAST engine scan C:\Users\Berry
16:58:13.894    File: C:\Users\Berry\AppData\Local\Temp\ScorpionSaverNew.exe  **INFECTED** Win64:Adware-A [Adw]
17:08:32.635    AVAST engine scan C:\ProgramData
17:13:45.700    Disk 0 statistics 6510106/0/22 @ 1.83 MB/s
17:13:45.711    Scan finished successfully
19:00:53.248    Disk 0 MBR has been saved successfully to "C:\Users\Berry\Desktop\MBR.dat"
19:00:53.252    The log file has been saved successfully to "C:\Users\Berry\Desktop\aswMBR.txt"
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Berry (administrator) on BERRY-PC on 02-11-2014 19:03:32
Running from C:\Users\Berry\Downloads
Loaded Profile: Berry (Available profiles: Berry)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPage15\OpAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPage15\OpWare15.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\RocketTab\Client.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [325512 2011-05-15] (BillP Studios)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Opware15] => C:\Program Files (x86)\ScanSoft\OmniPage15\Opware15.exe [79400 2007-05-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ScanSoft OmniPage 15-reminder] => C:\Program Files (x86)\ScanSoft\OmniPage15\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1447784 2012-03-22] (Garmin)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [606208 2009-12-09] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [RocketTab] => C:\Program Files (x86)\RocketTab\Client.exe [1420512 2014-09-08] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3784697061-4256742741-3112722118-1000\...\Run: [OpAgent] => C:\Program Files (x86)\ScanSoft\OmniPage15\OpAgent.exe [943656 2007-05-11] (Nuance Communications, Inc.)
HKU\S-1-5-21-3784697061-4256742741-3112722118-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3784697061-4256742741-3112722118-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_43_Plugin.exe [840072 2014-01-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-3784697061-4256742741-3112722118-1000\...\MountPoints2: {d6e244ce-f634-11e0-b5c7-b8ac6ffffa7b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3784697061-4256742741-3112722118-1000\...\MountPoints2: {d6e244d7-f634-11e0-b5c7-b8ac6ffffa7b} - E:\LaunchU3.exe -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49189;https=127.0.0.1:49189
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...47&ocid=U147DHP
SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKCU - {8B8DF03E-1554-4984-A2BA-669669BEA0E6} URL = https://search.yahoo...37,20028,0,31,0
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.247.15.53 24.217.0.5 66.189.0.100
 
FireFox:
========
FF ProfilePath: C:\Users\Berry\AppData\Roaming\Mozilla\Firefox\Profiles\9ciywvjq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Berry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin -> C:\Users\Berry\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: NoScript - C:\Users\Berry\AppData\Roaming\Mozilla\Firefox\Profiles\9ciywvjq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2014-10-02]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=U147&ocid=U147DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U147&ocid=U147DHP"
CHR DefaultSearchKeyword: Default -> bing.com_
CHR DefaultSearchURL: Default -> http://www.bing.com/...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/...=U147DF&PC=U147
CHR Profile: C:\Users\Berry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Berry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Berry\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-27]
CHR Extension: (Google Wallet) - C:\Users\Berry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Norton Security Toolbar) - C:\Users\Berry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-01-22]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\Exts\Chrome.crx [2014-08-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2014-05-07] (Microsoft Corporation) [File not signed]
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\NAV.exe [262968 2014-07-31] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [131072 2009-07-14] (Visioneer Inc.) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2014-05-07] (Microsoft Corporation) [File not signed]
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-05] (Samsung Electronics) [File not signed]
R2 Stereo Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [376216 2011-02-17] (NVIDIA Corporation) [File not signed]
S2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe -R _ipp._tcp,_universal -s [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\IPSDefs\20140912.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\VirusDefs\20140912.023\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\VirusDefs\20140912.023\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1505000.013\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1505000.013\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
U3 aswMBR; \??\C:\Users\Berry\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Berry\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 19:03 - 2014-11-02 19:04 - 00000000 ____D () C:\FRST
2014-11-02 19:03 - 2014-11-02 19:03 - 02114560 _____ (Farbar) C:\Users\Berry\Downloads\frst64.exe
2014-11-02 19:03 - 2014-11-02 19:03 - 00023584 _____ () C:\Users\Berry\Downloads\FRST.txt
2014-11-02 19:00 - 2014-11-02 19:00 - 00003132 _____ () C:\Users\Berry\Desktop\aswMBR.txt
2014-11-02 19:00 - 2014-11-02 19:00 - 00000512 _____ () C:\Users\Berry\Desktop\MBR.dat
2014-11-02 16:39 - 2014-11-02 16:39 - 05192704 _____ (AVAST Software) C:\Users\Berry\Downloads\aswMBR(2).exe
2014-11-02 16:38 - 2014-11-02 16:38 - 05192704 _____ (AVAST Software) C:\Users\Berry\Downloads\aswMBR(1).exe
2014-11-02 16:36 - 2014-11-02 16:36 - 05192704 _____ (AVAST Software) C:\Users\Berry\Downloads\aswMBR.exe
2014-11-02 15:18 - 2014-11-02 15:18 - 00000000 ____D () C:\Users\Berry\AppData\Local\{F6BCBF17-CA72-4E39-8F6E-911CC4DE6281}
2014-11-01 13:20 - 2014-11-01 13:20 - 00000000 ____D () C:\Users\Public\Documents\iWin
2014-11-01 13:00 - 2014-11-01 13:00 - 00002341 _____ () C:\Users\Public\Desktop\Jewel Quest Solitaire.lnk
2014-11-01 13:00 - 2014-11-01 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games Of The Month
2014-11-01 12:58 - 2014-11-01 12:58 - 00000000 ____D () C:\Program Files (x86)\Games Of The Month
2014-11-01 11:04 - 2014-11-01 11:04 - 00000000 ____D () C:\Users\Berry\AppData\Local\{B62B5DB9-DA13-4BD8-BCD2-EF6AC412233A}
2014-10-30 15:44 - 2014-10-30 15:44 - 00000000 ____D () C:\Users\Berry\AppData\Local\{DCF11317-4A7E-4286-B8DA-AAAFEDBE6D36}
2014-10-29 23:23 - 2014-10-29 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-27 20:39 - 2014-10-27 20:39 - 00000000 ____D () C:\Users\Berry\AppData\Local\{3D185210-DC94-4177-9FD5-E555CD2D6782}
2014-10-23 18:32 - 2014-10-23 18:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfef19a045dce1.job
2014-10-21 21:22 - 2014-10-21 21:22 - 00000000 ____D () C:\Users\Berry\AppData\Local\{949161EB-2005-4A8B-8A24-BA4377EC441E}
2014-10-19 18:42 - 2014-10-19 18:42 - 00000000 ____D () C:\Users\Berry\AppData\Local\{D524D685-F76F-4AC8-889E-C71103204659}
2014-10-19 07:04 - 2014-10-19 07:04 - 00000000 ____D () C:\Users\Berry\AppData\Local\{5B6EE6DD-4D3D-4620-95D1-7A11D0489590}
2014-10-18 22:32 - 2014-10-18 22:32 - 00000000 ____D () C:\Users\Berry\AppData\Local\{0D8BF64E-9591-4E55-A424-D1E9958D2CE6}
2014-10-16 16:03 - 2014-10-16 16:03 - 00000000 ____D () C:\Users\Berry\AppData\Local\{31964CB0-2887-484A-A6D9-305FDC6F5D53}
2014-10-14 20:41 - 2014-10-14 20:41 - 00000000 ____D () C:\Users\Berry\AppData\Local\{60E479B4-89B4-4BCE-8EA9-A6C2C83D8847}
2014-10-14 14:43 - 2014-10-14 14:43 - 00000000 ____D () C:\Users\Berry\AppData\Local\{87EF7605-B398-43DD-8D79-0DFA574DAB59}
2014-10-14 10:44 - 2014-10-14 10:44 - 00000000 ____D () C:\Users\Berry\AppData\Local\{B61D2140-7460-4AA8-9084-170509917FCD}
2014-10-12 20:46 - 2014-10-12 20:46 - 00000000 ____D () C:\Users\Berry\AppData\Local\{3C9AC552-F34D-4CBD-9F31-FFFA34705280}
2014-10-12 14:31 - 2014-10-12 14:31 - 00000000 ____D () C:\Users\Berry\AppData\Local\{44947F2C-DDC6-4E7A-A469-3762C3B77EDC}
2014-10-12 08:29 - 2014-10-12 08:29 - 00000000 ____D () C:\Users\Berry\AppData\Local\{AA15F766-9DB9-4140-ACC5-E603DB7EFCBA}
2014-10-11 22:26 - 2014-10-11 22:26 - 00000000 ____D () C:\Users\Berry\AppData\Local\{A3777AF0-CE47-4940-92F0-CDEC38E71D31}
2014-10-10 16:43 - 2014-10-10 16:43 - 00000000 ____D () C:\Users\Berry\AppData\Local\{7FA830C1-A821-42EB-AED8-2098B857CE09}
2014-10-09 18:58 - 2014-10-09 18:58 - 00000000 ____D () C:\Users\Berry\AppData\Local\{11C7F66B-2FCB-4DC1-AD35-444E79123FE6}
2014-10-07 18:46 - 2014-10-07 18:46 - 00000000 ____D () C:\Users\Berry\AppData\Local\{7775851C-3CFB-4B9A-AB96-720A0A18E73F}
2014-10-05 13:38 - 2014-10-05 13:38 - 00000000 ____D () C:\Users\Berry\AppData\Local\{55F4EF99-EBB9-4864-8F7A-83435642410B}
2014-10-04 18:57 - 2014-10-04 18:57 - 00000000 ____D () C:\Users\Berry\AppData\Local\{C9DFC60C-CAF7-4734-A8AE-405FFCAF3742}
2014-10-04 16:24 - 2014-10-04 16:24 - 00000000 ____D () C:\Users\Berry\AppData\Local\{C24656D7-943A-4576-9D1B-873A92638B54}
2014-10-04 14:45 - 2014-10-04 14:45 - 00000000 ____D () C:\Users\Berry\AppData\Local\{512F0ECA-23BA-4C38-A49E-4359DAF2BBE5}
2014-10-04 07:17 - 2014-10-04 07:17 - 00000000 ____D () C:\Users\Berry\AppData\Local\{50E74D6F-6FB1-4019-9D86-C95F248F3036}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 19:02 - 2011-09-20 21:10 - 00000000 ____D () C:\Users\Berry\AppData\Local\Nero
2014-11-01 13:02 - 2011-09-13 23:39 - 00421887 _____ () C:\Windows\DirectX.log
2014-10-31 22:15 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files (x86)\RocketTab
2014-10-31 22:15 - 2011-09-13 23:32 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-10-31 21:50 - 2011-09-14 01:16 - 01150412 _____ () C:\Windows\WindowsUpdate.log
2014-10-29 23:28 - 2014-09-13 21:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-28 18:53 - 2014-01-22 07:32 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-23 18:32 - 2014-06-16 19:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf89c177abcaf4.job
2014-10-14 20:41 - 2013-01-12 21:52 - 00000000 ____D () C:\Users\Berry\Documents\FSB Statements
2014-10-14 10:30 - 2012-01-19 19:24 - 00056320 _____ () C:\Users\Berry\Documents\Investments.xls
2014-10-09 19:18 - 2009-07-14 00:13 - 00794252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 18:51 - 2012-02-21 19:43 - 00015540 _____ () C:\Windows\setupact.log
 
Some content of TEMP:
====================
C:\Users\Berry\AppData\Local\Temp\BackupSetup.exe
C:\Users\Berry\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Berry\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Berry\AppData\Local\Temp\dsapi.exe
C:\Users\Berry\AppData\Local\Temp\install_flashplayer12x32axau_gtba_chra_dy_aaa_aih.exe
C:\Users\Berry\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Berry\AppData\Local\Temp\photostage_1.0.0.50_1.5.0.130_update_all.exe
C:\Users\Berry\AppData\Local\Temp\rt-installer.exe
C:\Users\Berry\AppData\Local\Temp\ScorpionSaverNew.exe
C:\Users\Berry\AppData\Local\Temp\SpOrder.dll
C:\Users\Berry\AppData\Local\Temp\SymCCIS.dll
C:\Users\Berry\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Berry\AppData\Local\Temp\System.Data.SQLite22847.dll
C:\Users\Berry\AppData\Local\Temp\System.Data.SQLite24540.dll
C:\Users\Berry\AppData\Local\Temp\System.Data.SQLite54261.dll
C:\Users\Berry\AppData\Local\Temp\System.Data.SQLite59796.dll
C:\Users\Berry\AppData\Local\Temp\tmp1150.exe
C:\Users\Berry\AppData\Local\Temp\tmp17BC.exe
C:\Users\Berry\AppData\Local\Temp\tmp187F.exe
C:\Users\Berry\AppData\Local\Temp\tmp1D3F.exe
C:\Users\Berry\AppData\Local\Temp\tmp1EEA.exe
C:\Users\Berry\AppData\Local\Temp\tmp2184.exe
C:\Users\Berry\AppData\Local\Temp\tmp2A23.exe
C:\Users\Berry\AppData\Local\Temp\tmp2C6A.exe
C:\Users\Berry\AppData\Local\Temp\tmp2F67.exe
C:\Users\Berry\AppData\Local\Temp\tmp3415.exe
C:\Users\Berry\AppData\Local\Temp\tmp3DD.exe
C:\Users\Berry\AppData\Local\Temp\tmp4E3D.exe
C:\Users\Berry\AppData\Local\Temp\tmp50DC.exe
C:\Users\Berry\AppData\Local\Temp\tmp5EAE.exe
C:\Users\Berry\AppData\Local\Temp\tmp6BC0.exe
C:\Users\Berry\AppData\Local\Temp\tmp6D1F.exe
C:\Users\Berry\AppData\Local\Temp\tmp70ED.exe
C:\Users\Berry\AppData\Local\Temp\tmp7B82.exe
C:\Users\Berry\AppData\Local\Temp\tmp8012.exe
C:\Users\Berry\AppData\Local\Temp\tmp8AB5.exe
C:\Users\Berry\AppData\Local\Temp\tmp90E9.exe
C:\Users\Berry\AppData\Local\Temp\tmp9D61.exe
C:\Users\Berry\AppData\Local\Temp\tmpB0F6.exe
C:\Users\Berry\AppData\Local\Temp\tmpC0A.exe
C:\Users\Berry\AppData\Local\Temp\tmpC128.exe
C:\Users\Berry\AppData\Local\Temp\tmpC486.exe
C:\Users\Berry\AppData\Local\Temp\tmpDC10.exe
C:\Users\Berry\AppData\Local\Temp\tmpECDC.exe
C:\Users\Berry\AppData\Local\Temp\tmpF0A8.exe
C:\Users\Berry\AppData\Local\Temp\tmpF307.exe
C:\Users\Berry\AppData\Local\Temp\tmpF6BC.exe
C:\Users\Berry\AppData\Local\Temp\tmpF865.exe
C:\Users\Berry\AppData\Local\Temp\tmpFBEE.exe
C:\Users\Berry\AppData\Local\Temp\tmpFC93.exe
C:\Users\Berry\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2014-05-07 17:52] - 0520192 ____A (Microsoft Corporation) E9568294E1B9CBFABD4FAEB8ECF20D92
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-01-21 18:52
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Berry at 2014-11-02 19:04:48
Running from C:\Users\Berry\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton AntiVirus (Enabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocX Viewer version 1.2 (HKLM-x32\...\DocX Viewer_is1) (Version: 1.2 - )
DriverRestore (HKLM\...\DriverRestore) (Version: 1.0 - 383 Media, Inc.)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Garmin Communicator Plugin x64 (HKLM\...\{837088F0-823E-40EE-9533-4CE3CFC834CE}) (Version: 4.0.2.2 - Garmin Ltd or its subsidiaries)
Garmin Lifetime Updater (HKLM-x32\...\{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}) (Version: 2.1.7 - Garmin)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
HP PrecisionScan LTX (HKLM-x32\...\HP PrecisionScan LTX) (Version:  - )
HP Share-to-Web (HKLM-x32\...\{748F4870-8350-11D3-B0BF-080009FB4A19}) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Jewel Quest Solitaire (HKLM-x32\...\Jewel Quest Solitaire_is1) (Version:  - Games Of The Month)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kofax VirtualReScan 4.10 (HKLM-x32\...\{6A35E74B-68AD-4054-B93A-FEB7B687114C}) (Version: 4.10.039 - Kofax Image Products)
Kofax VRS Update for Visioneer OneTouch OEM (HKLM-x32\...\{EF58D88F-4E62-4372-9DFA-E1CED7C34986}) (Version:  - )
Level Quality Watcher (HKLM\...\Level Quality Watcher) (Version: v1.01 - Level Quality Watcher) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MetaX for Windows (HKLM-x32\...\{58A08C2F-5B1E-4531-99D9-F4EF3214218B}) (Version: 2.36 - No Bull Software)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.5.0.19 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)
NVIDIA 3D Vision Driver 267.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.16 - NVIDIA Corporation)
NVIDIA Graphics Driver 267.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.16 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OneTouch 4.0 (HKLM\...\{FB3888EF-464F-489B-A2BF-456CAECA3DC2}) (Version: 4.1.0 - Visioneer)
OneTouch 4.0 ScanSoft OmniPage OCR Module (HKLM-x32\...\{34466787-FDAE-4B20-8DC0-72E97F39D237}) (Version: 1.1.0 - Visioneer)
PCO2001 (HKLM-x32\...\ST5UNST #1) (Version:  - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickScan 4.5.1 (HKLM-x32\...\{223F72BF-0DEB-4953-8D1F-870738804863}) (Version: 4.5.7768 - EMC Captiva)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Rockettab (HKCU\...\RocketTab) (Version:  - Rockettab) <==== ATTENTION
Rockettab (HKLM-x32\...\RocketTab) (Version:  - Rockettab) <==== ATTENTION
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung CLP-310 Series (HKLM-x32\...\Samsung CLP-310 Series) (Version:  - Samsung Electronics CO.,LTD)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.)
ScanSoft OmniPage 15 (HKLM-x32\...\{43ED550A-D813-43F7-B18E-9AD4785C9387}) (Version: 15.2.0001 - Nuance Communications, Inc.)
ScanSoft PaperPort 11 (HKLM-x32\...\{1F68C868-B5AF-4836-8A46-C030BBE1EDB3}) (Version: 11.1.0000 - Nuance Communications, Inc.)
ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Star Wars Math (HKLM-x32\...\Star Wars Math) (Version:  - )
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{007811BF-E310-4285-BFC6-55DB29B3EDDE}) (Version: 20.5.2011.0 - BillP Studios)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-08-2014 23:08:15 Installed Microsoft Office Word Viewer 2003
09-09-2014 00:30:18 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
09-09-2014 00:45:28 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
14-09-2014 01:13:19 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
14-09-2014 01:16:17 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
01-11-2014 18:00:18 Installed DirectX
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D2FF3D3-7C46-42FD-8C3C-C9E018F5BB91} - System32\Tasks\{1B569BE3-8C77-4AB4-8D7F-B162AE352A67} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {134305D9-4614-4BC4-B7F8-02E12AEC4A06} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\SymErr.exe
Task: {19C2D2F3-A428-4090-B906-85F3C2B66816} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated)
Task: {1F499013-2186-4D3A-9DBB-9756989F9110} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {2D6718CD-06E9-4B0B-92CC-0EBC4119A2A1} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {657A88F2-A155-44B2-ABEF-C1710B86A669} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {6F724EB9-34E7-4ABD-B16F-D0730E25E01C} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\SymErr.exe
Task: {707CCB40-0890-459D-BBAC-9BDC5BB7F570} - System32\Tasks\{BC037A48-5117-4315-8270-74AB1870077A} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {76EEEC8A-425C-4E61-AA5B-0290AADD06DD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-06] (PC-Doctor, Inc.)
Task: {8AB83EB3-3465-4019-9C1A-81E43506582E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8D74E7D6-50DD-418B-82EE-109D79C1DD86} - System32\Tasks\{EF351D07-825F-45B4-AF14-16E7B96834ED} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {C7A6D234-B860-4ED0-AD4F-595F82503508} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {CADF728A-5095-4DE4-88A3-C25C1A88B66A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\WSCStub.exe
Task: {DBB44A26-53A6-4C7F-A9AE-2ED21807CC4F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {ED75A509-DF76-4509-BB5B-287C55437E5F} - System32\Tasks\{17D2A0F7-522E-4A60-978F-69A8FA41E00E} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {EE42D6B3-B021-44E3-9DCD-0BB19AC1BDDB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EE8ABE14-3AB2-46FC-AEAD-122688483F10} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverRestore_ScheduledScan.job => C:\Program Files (x86)\DriverRestore\DriverRestore.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf89c177abcaf4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfef19a045dce1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\KeepMySettingsX.job => C:\Users\Berry\AppData\Roaming\KeepMySettingsX\keepmysettingsx.exe
Task: C:\Windows\Tasks\LaunchSignup.job => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\Windows\Tasks\RocketTab.job => C:\Program Files (x86)\RocketTab\Client.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{2A10E4CF-953C-4BE0-9EE5-3D5BA3798D56}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-22 15:18 - 2007-08-14 02:41 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll
2013-01-26 12:21 - 2011-04-11 00:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2013-01-26 12:21 - 2012-09-10 10:07 - 01212928 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\spd__du.dll
2011-09-13 23:32 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-02-01 10:50 - 2012-02-01 10:50 - 02195824 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-09-22 15:18 - 2009-12-09 15:01 - 00606208 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-09-08 18:50 - 2014-09-08 18:50 - 01420512 _____ () C:\Program Files (x86)\RocketTab\Client.exe
2011-09-22 15:18 - 2009-12-09 14:59 - 00327168 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2012-02-01 10:50 - 2012-02-01 10:50 - 01850224 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
2010-02-28 01:33 - 2010-02-28 01:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-09-22 15:52 - 2011-04-14 20:01 - 00548854 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-10-02 19:20 - 2014-10-02 19:20 - 00098816 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32api.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00110080 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\pywintypes27.dll
2014-10-02 19:20 - 2014-10-02 19:20 - 00364544 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\pythoncom27.dll
2014-10-02 19:20 - 2014-10-02 19:20 - 00045568 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\_socket.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 01160704 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\_ssl.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00320512 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32com.shell.shell.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00713216 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\_hashlib.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 01175040 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\wx._core_.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00805888 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\wx._gdi_.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00811008 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\wx._windows_.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 01062400 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\wx._controls_.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00735232 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\wx._misc_.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00128512 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\_elementtree.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00127488 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\pyexpat.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00557056 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\pysqlite2._sqlite.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00007168 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\hashobjs_ext.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00087552 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\_ctypes.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00119808 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32file.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00108544 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32security.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00018432 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32event.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00038912 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32inet.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00070656 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\wx._html2.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00167936 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32gui.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00011264 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32crypt.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00027136 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\_multiprocessing.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00686080 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\unicodedata.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00122368 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\wx._wizard.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00010240 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\select.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00024064 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32pipe.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00025600 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32pdh.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00525640 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\windows._lib_cacheinvalidation.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00035840 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32process.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00017408 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32profile.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00022528 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\win32ts.pyd
2014-10-02 19:20 - 2014-10-02 19:20 - 00078336 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI52602\wx._animate.pyd
2013-08-14 02:33 - 2013-08-14 02:33 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2011-09-13 23:28 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-07-07 17:13 - 2011-07-07 17:13 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2011-07-07 17:14 - 2011-07-07 17:14 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
2011-07-07 17:13 - 2011-07-07 17:13 - 00026408 _____ () C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll
2014-10-29 23:23 - 2014-10-29 23:23 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Berry\Documents\].eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3784697061-4256742741-3112722118-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3784697061-4256742741-3112722118-1004 - Limited - Enabled)
Berry (S-1-5-21-3784697061-4256742741-3112722118-1000 - Administrator - Enabled) => C:\Users\Berry
Guest (S-1-5-21-3784697061-4256742741-3112722118-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3784697061-4256742741-3112722118-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: ARRIS RNDIS Adapter
Description: ARRIS RNDIS Adapter
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/02/2014 01:45:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1593c
 
Start Time: 01cff6cd097ba17a
 
Termination Time: 60
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (11/02/2014 01:44:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 27884
 
Start Time: 01cff55d2466fc6b
 
Termination Time: 203
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (11/02/2014 01:29:36 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (11/01/2014 00:12:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 24454
 
Start Time: 01cff55c28752035
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (10/31/2014 05:46:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (10/29/2014 04:06:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a144
 
Start Time: 01cff35c2d06b89a
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (10/29/2014 01:36:47 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (10/27/2014 08:29:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (10/26/2014 09:15:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7048
 
Start Time: 01cfee6d04861206
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (10/26/2014 09:13:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1aaf4
 
Start Time: 01cff125cf20e474
 
Termination Time: 305
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
 
System errors:
=============
Error: (11/02/2014 06:37:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%1070
 
Error: (11/02/2014 06:37:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Peer Name Resolution Protocol service hung on starting.
 
Error: (11/02/2014 06:36:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bonjour Service service.
 
Error: (11/02/2014 06:36:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (11/02/2014 06:35:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%1070
 
Error: (11/02/2014 06:35:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Peer Name Resolution Protocol service hung on starting.
 
Error: (11/02/2014 06:35:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bonjour Service service.
 
Error: (11/02/2014 06:35:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (11/02/2014 06:35:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (11/02/2014 06:34:41 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
 
 
Microsoft Office Sessions:
=========================
Error: (11/02/2014 01:45:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.164281593c01cff6cd097ba17a60C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (11/02/2014 01:44:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.164282788401cff55d2466fc6b203C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (11/02/2014 01:29:36 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (11/01/2014 00:12:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.164282445401cff55c287520350C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (10/31/2014 05:46:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (10/29/2014 04:06:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.16428a14401cff35c2d06b89a0C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (10/29/2014 01:36:47 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (10/27/2014 08:29:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.
 
Error: (10/26/2014 09:15:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.16428704801cfee6d048612060C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (10/26/2014 09:13:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.164281aaf401cff125cf20e474305C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 29%
Total physical RAM: 9206.93 MB
Available physical RAM: 6445.96 MB
Total Pagefile: 18412.03 MB
Available Pagefile: 11193.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:918.22 GB) (Free:794.47 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:5.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 November 2014 - 03:37 PM

:welcome:

 

You have a lot going on.  Your winsock is infected and we need to remove the bad file, this is important, the chain of files are needed to access the internet so read the instructions clearly please as all the files in the Keep box are legit except for AdpeakProxy64.dll, if you remove one of the legit files you will lose internet access

 

 

 
  • Please download LSPFix to your Desktop
  • Disconnect from the internet.
  • Go to where you downloaded LSPFix and run the LSPFix.exe by right clicking on it and selecting RUN AS ADMINISTATOR
  • Check the I know what I'm doing box.
  • In the Keep box you should see one or more instances of AdpeakProxy64.dll
  • Select every instance of AdpeakProxy64.dll and move each one to the Remove box by clicking the >> button.
  • When you are done click Finish.
 

 

LSP Tutorial <-- If you need it.
 
 
 
 
 
====================================================================================
 
 

Please download MiniToolBox http://www.bleepingc...ad/minitoolbox/
save it to your desktop and run it.
 
Checkmark the following check-boxes:
 
Reset IE Proxy Settings
Flush DNS
 
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 03 November 2014 - 06:15 PM

I didn't delete anything or complete the 2nd step as these were the files what I got for the LSP-Fix:

 

NLAapi.dll     @%SystemRoot%\system32\...

napinsp.dll    @%SystemRoot%\system32\...

pnrpnsp.dll    @%SystemRoot%\system32\...

mswock.dll     @%SystemRoot%\system32\...

winrnr.dll        NTDS

mdnsNSP.dll   mdnsNSP

WLIDSNP....    WindowsLive NSP



#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 November 2014 - 07:05 PM

Ok, run Minitoolbox but with a different script

 

 
Please download MiniToolBox http://www.bleepingc...ad/minitoolbox/
save it to your desktop and run it.
 
Checkmark the following check-boxes:
 
List Winsock Entries
Reset IE Proxy Settings
 
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 03 November 2014 - 08:35 PM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Berry (administrator) on 03-11-2014 at 21:40:45
Running from "C:\Users\Berry\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
x64-Catalog9 02 C:\Windows\System32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
x64-Catalog9 03 C:\Windows\System32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
x64-Catalog9 04 C:\Windows\System32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)

**** End of log ****



#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 November 2014 - 04:13 AM

There are 5 instances of AdpeakProxy64.dll in the winsock, give LSP FIX another shot, you may need to scroll to see them



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 04 November 2014 - 05:25 AM

I'm not sure what I'm doing wrong as I do see the Adpeaks, but none come up in the LSP FIX.  When I run LSP FIX it provides the list instantly, should it be going through a scanning process?



#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 November 2014 - 06:23 AM

Found a work around, been at this malware removal for about 15 years and it never stops amazing me how things change, we will do just a basic fix and then run some other tools but lets do this first

 

 

 

Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
 
Start
CloseProcesses:
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
C:\Windows\system32\AdpeakProxy64.dll
Hosts:
EmptyTemp:
End
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 04 November 2014 - 08:11 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Berry at 2014-11-04 09:07:00 Run:1
Running from C:\Users\Berry\Desktop
Loaded Profile: Berry (Available profiles: Berry)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CloseProcesses:
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
C:\Windows\system32\AdpeakProxy64.dll
Hosts:
EmptyTemp:
End
*****************
 
Processes closed successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
C:\Windows\system32\AdpeakProxy64.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 6.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 November 2014 - 08:25 AM

Good, lets do after the rest, run these scans in order and post the log from each one, when your done with them all and not before, run a new scan with FRST, be sure to check Additions and post both logs

 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 jberry5

    jberry5

      Authentic Member

    • Authentic Member
    • PipPip
    • 73 posts

    Posted 04 November 2014 - 10:28 AM

    I did the ADWCleaner scan & clean, computer rebooted but now I get the following when trying to connect to the Internet. "The proxy server is refusing connections". I get this with Mozilla, and similar prompts with Chrome and Explorer.

    I'm doing this on my iPhone connected to my home's Wifi, so my internet provider is running.

    #12 jberry5

    jberry5

      Authentic Member

    • Authentic Member
    • PipPip
    • 73 posts

    Posted 04 November 2014 - 10:30 AM

    I did try rebooting my computer and it downloaded numerous updates at that point.

    #13 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 04 November 2014 - 10:45 AM

    Are you back on line now, all ok ?



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #14 jberry5

    jberry5

      Authentic Member

    • Authentic Member
    • PipPip
    • 73 posts

    Posted 04 November 2014 - 10:49 AM

    No, I am still getting those same messages.

    #15 jberry5

    jberry5

      Authentic Member

    • Authentic Member
    • PipPip
    • 73 posts

    Posted 04 November 2014 - 10:51 AM

    I'm going to try to call Charter to see if I can get connected on the PC again.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users