Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Possible Malware/Adware, Scans Posted [Solved]

Started by jberry5 , Nov 02 2014 06:07 PM

  • This topic is locked This topic is locked
42 replies to this topic

#31 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 November 2014 - 06:16 PM

After you run this fix post the fixlog , then run a new scan with FRST, checkmark additions and post both logs

 

Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
 
Start
CloseProcesses:
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
EmptyTemp:
End
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove

#32 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 04 November 2014 - 06:55 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Berry at 2014-11-04 19:48:37 Run:3
Running from C:\Users\Berry\Desktop
Loaded Profile: Berry (Available profiles: Berry)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CloseProcesses:
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
EmptyTemp:
End
*****************
 
Processes closed successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
EmptyTemp: => Removed 85.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
 
LastRegBack: 2014-11-04 13:17
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Berry at 2014-11-04 19:54:19
Running from C:\Users\Berry\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton AntiVirus (Enabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocX Viewer version 1.2 (HKLM-x32\...\DocX Viewer_is1) (Version: 1.2 - )
DriverRestore (HKLM\...\DriverRestore) (Version: 1.0 - 383 Media, Inc.)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Garmin Communicator Plugin x64 (HKLM\...\{837088F0-823E-40EE-9533-4CE3CFC834CE}) (Version: 4.0.2.2 - Garmin Ltd or its subsidiaries)
Garmin Lifetime Updater (HKLM-x32\...\{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}) (Version: 2.1.7 - Garmin)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
HP PrecisionScan LTX (HKLM-x32\...\HP PrecisionScan LTX) (Version:  - )
HP Share-to-Web (HKLM-x32\...\{748F4870-8350-11D3-B0BF-080009FB4A19}) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Jewel Quest Solitaire (HKLM-x32\...\Jewel Quest Solitaire_is1) (Version:  - Games Of The Month)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kofax VirtualReScan 4.10 (HKLM-x32\...\{6A35E74B-68AD-4054-B93A-FEB7B687114C}) (Version: 4.10.039 - Kofax Image Products)
Kofax VRS Update for Visioneer OneTouch OEM (HKLM-x32\...\{EF58D88F-4E62-4372-9DFA-E1CED7C34986}) (Version:  - )
Level Quality Watcher (HKLM\...\Level Quality Watcher) (Version: v1.01 - Level Quality Watcher) <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MetaX for Windows (HKLM-x32\...\{58A08C2F-5B1E-4531-99D9-F4EF3214218B}) (Version: 2.36 - No Bull Software)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.5.0.19 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)
NVIDIA 3D Vision Driver 267.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.16 - NVIDIA Corporation)
NVIDIA Graphics Driver 267.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.16 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OneTouch 4.0 (HKLM\...\{FB3888EF-464F-489B-A2BF-456CAECA3DC2}) (Version: 4.1.0 - Visioneer)
OneTouch 4.0 ScanSoft OmniPage OCR Module (HKLM-x32\...\{34466787-FDAE-4B20-8DC0-72E97F39D237}) (Version: 1.1.0 - Visioneer)
PCO2001 (HKLM-x32\...\ST5UNST #1) (Version:  - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickScan 4.5.1 (HKLM-x32\...\{223F72BF-0DEB-4953-8D1F-870738804863}) (Version: 4.5.7768 - EMC Captiva)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung CLP-310 Series (HKLM-x32\...\Samsung CLP-310 Series) (Version:  - Samsung Electronics CO.,LTD)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.)
ScanSoft OmniPage 15 (HKLM-x32\...\{43ED550A-D813-43F7-B18E-9AD4785C9387}) (Version: 15.2.0001 - Nuance Communications, Inc.)
ScanSoft PaperPort 11 (HKLM-x32\...\{1F68C868-B5AF-4836-8A46-C030BBE1EDB3}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Star Wars Math (HKLM-x32\...\Star Wars Math) (Version:  - )
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{007811BF-E310-4285-BFC6-55DB29B3EDDE}) (Version: 20.5.2011.0 - BillP Studios)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
04-11-2014 15:00:41 Windows Update
04-11-2014 20:40:36 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-11-04 15:13 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D2FF3D3-7C46-42FD-8C3C-C9E018F5BB91} - System32\Tasks\{1B569BE3-8C77-4AB4-8D7F-B162AE352A67} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {19C2D2F3-A428-4090-B906-85F3C2B66816} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-04] (Adobe Systems Incorporated)
Task: {1F499013-2186-4D3A-9DBB-9756989F9110} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {2325D9C7-DF9D-4F08-96E5-76537FF0B519} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {44175CF0-2D01-4175-823A-112E138BC772} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {657A88F2-A155-44B2-ABEF-C1710B86A669} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {707CCB40-0890-459D-BBAC-9BDC5BB7F570} - System32\Tasks\{BC037A48-5117-4315-8270-74AB1870077A} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {76EEEC8A-425C-4E61-AA5B-0290AADD06DD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {8AB83EB3-3465-4019-9C1A-81E43506582E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8D74E7D6-50DD-418B-82EE-109D79C1DD86} - System32\Tasks\{EF351D07-825F-45B4-AF14-16E7B96834ED} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {8F212C28-E608-45E4-8327-0208D4A9366D} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9C98DB08-F1F8-4ADB-A65C-44411464940E} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DBB44A26-53A6-4C7F-A9AE-2ED21807CC4F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {ED75A509-DF76-4509-BB5B-287C55437E5F} - System32\Tasks\{17D2A0F7-522E-4A60-978F-69A8FA41E00E} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {EE42D6B3-B021-44E3-9DCD-0BB19AC1BDDB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EE8ABE14-3AB2-46FC-AEAD-122688483F10} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {F7EEE5AD-9547-453E-A373-C2A54AD42EFB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf89c177abcaf4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfef19a045dce1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-22 15:18 - 2007-08-14 02:41 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll
2013-01-26 12:21 - 2011-04-11 00:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2013-01-26 12:21 - 2012-09-10 10:07 - 01212928 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\spd__du.dll
2012-02-01 10:50 - 2012-02-01 10:50 - 02195824 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
2011-09-13 23:32 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-08-21 13:20 - 2012-08-21 13:20 - 00067496 _____ () C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
2012-02-01 10:50 - 2012-02-01 10:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2011-09-22 15:18 - 2009-12-09 15:01 - 00606208 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2011-09-22 15:18 - 2009-12-09 14:59 - 00327168 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2012-02-01 10:50 - 2012-02-01 10:50 - 01850224 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-09-22 15:52 - 2011-04-14 20:01 - 00548854 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 10:44 - 2012-02-01 10:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2014-11-04 19:50 - 2014-11-04 19:50 - 00098816 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32api.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00110080 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\pywintypes27.dll
2014-11-04 19:50 - 2014-11-04 19:50 - 00364544 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\pythoncom27.dll
2014-11-04 19:50 - 2014-11-04 19:50 - 00045568 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\_socket.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 01160704 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\_ssl.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00320512 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32com.shell.shell.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00713216 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\_hashlib.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 01175040 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\wx._core_.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00805888 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\wx._gdi_.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00811008 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\wx._windows_.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 01062400 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\wx._controls_.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00735232 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\wx._misc_.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00128512 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\_elementtree.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00127488 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\pyexpat.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00557056 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\pysqlite2._sqlite.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00007168 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\hashobjs_ext.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00087552 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\_ctypes.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00119808 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32file.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00108544 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32security.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00018432 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32event.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00038912 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32inet.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00070656 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\wx._html2.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00167936 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32gui.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00011264 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32crypt.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00027136 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\_multiprocessing.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00686080 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\unicodedata.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00122368 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\wx._wizard.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00010240 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\select.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00024064 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32pipe.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00025600 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32pdh.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00525640 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\windows._lib_cacheinvalidation.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00035840 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32process.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00017408 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32profile.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00022528 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\win32ts.pyd
2014-11-04 19:50 - 2014-11-04 19:50 - 00078336 _____ () C:\Users\Berry\AppData\Local\Temp\_MEI44522\wx._animate.pyd
2014-10-28 18:53 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 18:53 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 18:53 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 18:53 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-11-04 11:44 - 2014-11-04 11:44 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-09-13 23:28 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Berry\Documents\].eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3784697061-4256742741-3112722118-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3784697061-4256742741-3112722118-1004 - Limited - Enabled)
Berry (S-1-5-21-3784697061-4256742741-3112722118-1000 - Administrator - Enabled) => C:\Users\Berry
Guest (S-1-5-21-3784697061-4256742741-3112722118-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3784697061-4256742741-3112722118-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/04/2014 07:51:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 03:56:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (11/04/2014 03:45:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 03:27:51 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (11/04/2014 03:16:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 02:28:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (11/04/2014 02:15:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/04/2014 07:50:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (11/04/2014 07:49:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AirPrint service failed to start due to the following error: 
%%2
 
Error: (11/04/2014 07:49:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
Error: (11/04/2014 07:48:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/04/2014 07:48:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/04/2014 07:48:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/04/2014 07:48:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (11/04/2014 07:48:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero Update service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/04/2014 07:48:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/04/2014 07:48:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (11/04/2014 07:51:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 03:56:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (11/04/2014 03:45:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 03:27:51 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (11/04/2014 03:16:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 02:28:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (11/04/2014 02:15:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 9206.93 MB
Available physical RAM: 5914.88 MB
Total Pagefile: 18412.03 MB
Available Pagefile: 14983.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:918.22 GB) (Free:800.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

#33 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 November 2014 - 07:14 PM

Waiting on the new FRST log, you already posted Additions



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#34 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 04 November 2014 - 07:39 PM

Sorry about that.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Berry (administrator) on BERRY-PC on 04-11-2014 20:37:46
Running from C:\Users\Berry\Desktop
Loaded Profile: Berry (Available profiles: Berry)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPage15\OpAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPage15\OpWare15.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [325512 2011-05-15] (BillP Studios)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Opware15] => C:\Program Files (x86)\ScanSoft\OmniPage15\Opware15.exe [79400 2007-05-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ScanSoft OmniPage 15-reminder] => C:\Program Files (x86)\ScanSoft\OmniPage15\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1447784 2012-03-22] (Garmin)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [606208 2009-12-09] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3784697061-4256742741-3112722118-1000\...\Run: [OpAgent] => C:\Program Files (x86)\ScanSoft\OmniPage15\OpAgent.exe [943656 2007-05-11] (Nuance Communications, Inc.)
HKU\S-1-5-21-3784697061-4256742741-3112722118-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3784697061-4256742741-3112722118-1000\...\MountPoints2: {d6e244ce-f634-11e0-b5c7-b8ac6ffffa7b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3784697061-4256742741-3112722118-1000\...\MountPoints2: {d6e244d7-f634-11e0-b5c7-b8ac6ffffa7b} - E:\LaunchU3.exe -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...47&ocid=U147DHP
SearchScopes: HKCU - {8B8DF03E-1554-4984-A2BA-669669BEA0E6} URL = https://search.yahoo...37,20028,0,31,0
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Berry\AppData\Roaming\Mozilla\Firefox\Profiles\9ciywvjq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Berry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin -> C:\Users\Berry\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: NoScript - C:\Users\Berry\AppData\Roaming\Mozilla\Firefox\Profiles\9ciywvjq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2014-11-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=U147&ocid=U147DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U147&ocid=U147DHP"
CHR DefaultSearchKeyword: Default -> bing.com_
CHR DefaultSearchURL: Default -> http://www.bing.com/...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/...=U147DF&PC=U147
CHR Profile: C:\Users\Berry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Berry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Berry\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-27]
CHR Extension: (Google Wallet) - C:\Users\Berry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\NAV.exe [262968 2014-07-31] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [131072 2009-07-14] (Visioneer Inc.) [File not signed]
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-05] (Samsung Electronics) [File not signed]
R2 Stereo Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [376216 2011-02-17] (NVIDIA Corporation) [File not signed]
S2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe -R _ipp._tcp,_universal -s [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\IPSDefs\20140912.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\VirusDefs\20140912.023\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\VirusDefs\20140912.023\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1505000.013\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1505000.013\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-04 19:54 - 2014-11-04 20:37 - 00022679 _____ () C:\Users\Berry\Desktop\FRST.txt
2014-11-04 19:54 - 2014-11-04 19:54 - 00032722 _____ () C:\Users\Berry\Desktop\Addition.txt
2014-11-04 12:29 - 2014-11-04 20:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 12:28 - 2014-11-04 12:28 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 12:28 - 2014-11-04 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 12:28 - 2014-11-04 12:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 12:28 - 2014-11-04 12:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 12:28 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-04 12:28 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-04 12:28 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-04 12:27 - 2014-11-04 12:27 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Berry\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-04 12:20 - 2014-11-04 12:20 - 00268348 _____ () C:\Users\Berry\Desktop\JRT.txt
2014-11-04 12:17 - 2014-11-04 12:17 - 00000000 ____D () C:\Windows\ERUNT
2014-11-04 12:16 - 2014-11-04 12:16 - 01706359 _____ (Thisisu) C:\Users\Berry\Desktop\JRT.exe
2014-11-04 12:11 - 2014-11-04 12:11 - 00000000 __SHD () C:\Users\Berry\AppData\Local\EmieUserList
2014-11-04 12:11 - 2014-11-04 12:11 - 00000000 __SHD () C:\Users\Berry\AppData\Local\EmieSiteList
2014-11-04 11:12 - 2014-11-04 11:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-04 10:05 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-11-04 10:05 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-11-04 10:02 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-04 10:02 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-04 10:02 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-11-04 10:02 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-11-04 10:01 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-04 10:01 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-11-04 10:01 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-04 10:01 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-04 09:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-04 09:40 - 2014-11-04 09:53 - 00000000 ____D () C:\AdwCleaner
2014-11-04 09:38 - 2014-11-04 09:38 - 01375089 _____ () C:\Users\Berry\Desktop\AdwCleaner.exe
2014-11-04 09:29 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-04 09:29 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-11-04 09:29 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-11-04 09:29 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-11-04 09:28 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-04 09:28 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-04 09:28 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-04 09:28 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-04 09:28 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-04 09:28 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-04 09:28 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-04 09:28 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-04 09:28 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-04 09:28 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-04 09:28 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-04 09:28 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-04 09:28 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-04 09:28 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-04 09:28 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-04 09:28 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-04 09:28 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-04 09:28 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-04 09:28 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-04 09:28 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-04 09:28 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-04 09:28 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-04 09:28 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-04 09:28 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-04 09:28 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-04 09:28 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-04 09:28 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-04 09:28 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-04 09:28 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-04 09:28 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-04 09:28 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-04 09:28 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-04 09:28 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-04 09:28 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-04 09:28 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-04 09:28 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-04 09:28 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-04 09:28 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-04 09:28 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-04 09:28 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-04 09:28 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-04 09:28 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-04 09:28 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-04 09:28 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-04 09:28 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-04 09:28 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-04 09:28 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-04 09:28 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-04 09:28 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-04 09:28 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-04 09:28 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-04 09:28 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-04 09:28 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-04 09:28 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-04 09:28 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-04 09:28 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-04 09:28 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-04 09:28 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-04 09:28 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-04 09:28 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-04 09:28 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-11-04 09:28 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-04 09:28 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-04 09:28 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-04 09:28 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-04 09:28 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-04 09:28 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-04 09:28 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-04 09:28 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-04 09:28 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-11-04 09:28 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-11-04 09:28 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-11-04 09:28 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-11-04 09:28 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-11-04 09:28 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-04 09:28 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-04 09:28 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-11-04 09:28 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-04 09:28 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-11-04 09:28 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-04 09:28 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-11-04 09:28 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-04 09:28 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-11-04 09:28 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-04 09:28 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-11-04 09:28 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-11-04 09:28 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-04 09:28 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-11-04 09:28 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-11-04 09:28 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-11-04 09:28 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-11-04 09:28 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-11-04 09:28 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-11-04 09:28 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-11-04 09:28 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-11-04 09:28 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-11-04 09:28 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-11-04 09:28 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-11-04 09:28 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-11-04 09:28 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-11-04 09:28 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-11-04 09:28 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-11-04 09:28 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-11-04 09:28 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-11-04 09:28 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-11-04 09:28 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-11-04 09:27 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-04 09:27 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-04 09:27 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-04 09:27 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-04 09:27 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-04 09:27 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-04 09:27 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-04 09:27 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-04 09:27 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-04 09:27 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-04 09:27 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-11-04 09:27 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-04 09:27 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-04 09:27 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-04 09:27 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-04 09:27 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-04 09:27 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-04 09:27 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-11-04 09:27 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-11-04 09:27 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-11-04 09:27 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-11-04 09:27 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-11-04 09:27 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-11-04 09:27 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-11-04 09:27 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-11-04 09:27 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-11-04 09:27 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-11-04 09:27 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-11-04 09:27 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-11-04 09:27 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-11-04 09:27 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-11-04 09:27 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-11-04 09:27 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-11-04 09:27 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-11-04 09:27 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-11-04 09:27 - 2014-02-03 21:37 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-11-04 09:27 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-11-04 09:27 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-11-04 09:27 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-11-04 09:27 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-11-04 09:27 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-11-04 09:27 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-11-04 09:26 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-04 09:26 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-04 09:26 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-04 09:26 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-04 09:26 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-04 09:26 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-04 09:26 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-04 09:26 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-04 09:26 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-04 09:26 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-04 09:26 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-04 09:26 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-11-04 09:26 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-04 09:26 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-04 09:26 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-04 09:26 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-04 09:26 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-04 09:26 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-04 09:26 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-04 09:26 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-04 09:26 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-04 09:26 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-04 09:26 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-04 09:26 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-04 09:26 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-04 09:26 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-04 09:26 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-04 09:26 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-04 09:26 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-04 09:26 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-11-04 09:26 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-11-04 09:26 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-11-04 09:26 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-11-04 09:26 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-11-04 09:26 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-11-04 09:26 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-11-04 09:26 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-11-04 09:26 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-11-04 09:26 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-11-04 09:26 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-11-04 09:26 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-11-04 09:25 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-04 09:25 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-04 09:25 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-11-04 09:25 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-11-04 09:25 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-11-04 09:25 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-11-04 09:25 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-04 09:25 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-11-04 09:25 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-11-04 09:25 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-11-04 09:25 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-11-04 09:25 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-11-04 09:25 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-11-04 09:25 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-11-04 09:16 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-04 09:16 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-04 09:16 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-04 09:16 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-04 09:16 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-04 09:16 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-04 09:16 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-04 09:16 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-04 09:16 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-04 09:16 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-04 09:15 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-04 09:15 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-04 09:15 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-04 09:15 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-04 09:04 - 2014-11-04 20:37 - 00000000 ____D () C:\FRST
2014-11-04 06:27 - 2014-11-04 06:28 - 00699016 _____ (CNET Download.com) C:\Users\Berry\Downloads\cbsidlm-cbsi213-LSPFix-ORG-10417026.exe
2014-11-04 06:23 - 2014-11-04 06:23 - 00186880 _____ (CEXX.ORG) C:\Users\Berry\Downloads\LSPFix (4).exe
2014-11-04 06:23 - 2014-11-04 06:23 - 00186880 _____ (CEXX.ORG) C:\Users\Berry\Desktop\LSPFix (5).exe
2014-11-03 21:40 - 2014-11-03 21:40 - 00401920 _____ (Farbar) C:\Users\Berry\Downloads\MiniToolBox(1).exe
2014-11-03 21:38 - 2014-11-03 21:40 - 00004026 _____ () C:\Users\Berry\Downloads\Result.txt
2014-11-03 21:38 - 2014-11-03 21:38 - 00401920 _____ (Farbar) C:\Users\Berry\Downloads\MiniToolBox.exe
2014-11-03 21:37 - 2014-11-03 21:37 - 00018188 _____ () C:\Users\Berry\Desktop\mUVeo_S9.htm
2014-11-03 19:03 - 2014-11-03 19:03 - 00186880 _____ (CEXX.ORG) C:\Users\Berry\Downloads\LSPFix (3).exe
2014-11-03 18:58 - 2014-11-03 18:59 - 00186880 _____ (CEXX.ORG) C:\Users\Berry\Downloads\LSPFix (2).exe
2014-11-03 18:58 - 2014-11-03 18:58 - 00186880 _____ (CEXX.ORG) C:\Users\Berry\Downloads\LSPFix (1).exe
2014-11-03 18:55 - 2014-11-03 18:55 - 00186880 _____ (CEXX.ORG) C:\Users\Berry\Downloads\LSPFix.exe
2014-11-02 19:04 - 2014-11-02 19:05 - 00035925 _____ () C:\Users\Berry\Downloads\Addition.txt
2014-11-02 19:03 - 2014-11-02 19:06 - 00033416 _____ () C:\Users\Berry\Downloads\FRST.txt
2014-11-02 19:03 - 2014-11-02 19:03 - 02114560 _____ (Farbar) C:\Users\Berry\Desktop\frst64.exe
2014-11-02 19:00 - 2014-11-02 19:00 - 00003132 _____ () C:\Users\Berry\Desktop\aswMBR.txt
2014-11-02 19:00 - 2014-11-02 19:00 - 00000512 _____ () C:\Users\Berry\Desktop\MBR.dat
2014-11-02 16:39 - 2014-11-02 16:39 - 05192704 _____ (AVAST Software) C:\Users\Berry\Downloads\aswMBR(2).exe
2014-11-02 16:38 - 2014-11-02 16:38 - 05192704 _____ (AVAST Software) C:\Users\Berry\Downloads\aswMBR(1).exe
2014-11-02 16:36 - 2014-11-02 16:36 - 05192704 _____ (AVAST Software) C:\Users\Berry\Downloads\aswMBR.exe
2014-11-01 13:00 - 2014-11-01 13:00 - 00002341 _____ () C:\Users\Public\Desktop\Jewel Quest Solitaire.lnk
2014-11-01 13:00 - 2014-11-01 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games Of The Month
2014-11-01 12:58 - 2014-11-01 12:58 - 00000000 ____D () C:\Program Files (x86)\Games Of The Month
2014-10-29 23:23 - 2014-10-29 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-23 18:32 - 2014-10-23 18:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfef19a045dce1.job
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-04 20:26 - 2011-12-24 10:58 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-04 20:06 - 2012-07-12 02:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 20:05 - 2011-09-20 21:10 - 00000000 ____D () C:\Users\Berry\AppData\Local\Nero
2014-11-04 19:57 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 19:57 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 19:54 - 2011-09-14 01:16 - 01921962 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 19:51 - 2011-09-13 23:32 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-04 19:50 - 2011-09-13 23:56 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-04 19:50 - 2011-09-13 23:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-04 19:50 - 2011-09-13 23:46 - 00000000 ____D () C:\ProgramData\Sonic
2014-11-04 19:49 - 2012-02-21 19:43 - 00016044 _____ () C:\Windows\setupact.log
2014-11-04 19:49 - 2011-09-14 01:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-04 19:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 15:51 - 2009-07-14 00:13 - 00797888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 15:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-04 15:35 - 2012-05-18 17:10 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2A10E4CF-953C-4BE0-9EE5-3D5BA3798D56}
2014-11-04 15:14 - 2009-07-14 00:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-04 14:14 - 2010-11-20 22:47 - 00253906 _____ () C:\Windows\PFRO.log
2014-11-04 14:03 - 2013-05-21 12:04 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-11-04 13:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-04 11:59 - 2013-09-26 17:14 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-11-04 11:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-04 11:14 - 2009-07-13 23:45 - 00321280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-04 11:12 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-04 11:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-04 11:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-04 11:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-04 11:10 - 2013-03-14 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-04 11:10 - 2013-03-14 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-04 10:47 - 2011-02-10 11:10 - 00790010 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-04 10:10 - 2013-03-14 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-04 10:06 - 2012-07-12 02:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-04 10:06 - 2012-04-02 21:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-04 10:06 - 2011-09-13 23:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-04 09:52 - 2013-05-21 12:04 - 00000000 ____D () C:\Program Files\My Dell
2014-11-04 09:52 - 2011-09-25 09:08 - 00000000 ____D () C:\ProgramData\PCDr
2014-11-04 09:49 - 2011-09-25 09:08 - 00000000 ____D () C:\Users\Berry\AppData\Roaming\PCDr
2014-11-04 09:17 - 2013-10-16 22:45 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-11-04 09:13 - 2011-09-22 15:44 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-11-03 12:16 - 2011-09-20 22:08 - 00000000 ____D () C:\Users\Berry\AppData\Roaming\SoftGrid Client
2014-11-02 19:30 - 2014-09-13 21:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-01 13:02 - 2011-09-13 23:39 - 00421887 _____ () C:\Windows\DirectX.log
2014-10-28 18:53 - 2014-01-22 07:32 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-23 18:32 - 2014-06-16 19:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf89c177abcaf4.job
2014-10-14 20:41 - 2013-01-12 21:52 - 00000000 ____D () C:\Users\Berry\Documents\FSB Statements
2014-10-14 10:30 - 2012-01-19 19:24 - 00056320 _____ () C:\Users\Berry\Documents\Investments.xls
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-04 13:17
 
==================== End Of Log ============================

#35 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 November 2014 - 08:05 PM

:thumbup:

 

All looks good, that file was replaced with a good clean one and looks like the proxy server has not returned

 

How is your system behaving now ?



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#36 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 04 November 2014 - 08:17 PM

Much faster, and my search results aren't cluttered with ad-related results like they were previously.  Thank you very much for your help and patience.


#37 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 04 November 2014 - 08:26 PM

Should I keep those programs you had me download and should I periodically run scans with any, I'm specifically wondering about the Malwarebites. Also, any ideas on how we may have picked up our problems?

#38 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 November 2014 - 04:48 AM

Good Morning,

 

Glad your back to normal, sometimes this stuff just slips in but without a good Antivirus a lot more would have. It may have been a link you clicked on or maybe a spam email you opened, dont ever open spam even just to look, almost 100% of that garbage has a payload.

 

You have Norton AV, keep it updated and run regular scans, as far as Anti Malware, I would keep Malwarebytes, if you upgrade to the Pro Version it has a protection module that will block a lot of this garbage from loading, the cost is minimal but this is totally up to you.

 

 

Double click on AdwCleaner.exe to run the tool again.
  •  
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
 
 
 
==========================================================
 
 
Please download DelFix and save the file to your Desktop.
 
  •  
  • Windows XP Double Click DelFix.exe to run the program. 
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
  • Place a checkmark next to the following items
 
  •  
  • Activate UAC
  • Remove Disinfection Tools
  • Create registry backup
  • Reset System Settings
 
 
Click the Run button
 
This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
 
 
 
==========================================================
 
 
 
  •  
How did I get infected in the first place ?    
Read these links and find out how to prevent getting infected again.
 
 
 
Safe Surfn
Ken


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#39 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 05 November 2014 - 06:53 AM

Thanks again Ken.  I will take care of these this evening, as I'm actually back at work after being out sick the last couple days.  Greatly appreciate all the help and expertise you provided.


#40 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 05 November 2014 - 07:24 AM

Thank You, your very generous. :)

 

I will keep this thread open for you for a few days, post back and let me know that all is still ok or if something returned and we need to look deeper

 

Take care my friend

 

Ken :)



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove

#41 jberry5

jberry5

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 11 November 2014 - 06:17 AM

Everything seems to be doing fine at this point.  Thank you again.


#42 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 November 2014 - 06:22 AM

:thumbup:        Your most welcome Jeff, I will close this thread, any problems in the future just start a new topic

 

 

Ken :)



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#43 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 November 2014 - 12:45 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·