Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC UTILITIES PRO VIRUS?


  • This topic is locked This topic is locked
11 replies to this topic

#1 ogebev

ogebev

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 01 September 2014 - 06:36 PM

Hi,

I was reading one of the forums online about the PUP virus, but unfortunately it was closed. I believe I have this virus also, so could you send me step-by-step instructions on how to remove this? Thanks!



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 02 September 2014 - 05:07 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 ogebev

ogebev
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 03 September 2014 - 02:21 PM

My computer is not allowing me to download to FRST tool. I keep getting a message that the file is harmful to my computer and has been deleted. What do I do?



#4 ogebev

ogebev
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 03 September 2014 - 02:31 PM

Okay, I was able to override block.

 

FRST log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Beverly (administrator) on THEBEVESTPC on 03-09-2014 14:27:20
Running from C:\Users\Beverly\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Smart Menu\WinStartMenuLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Driver Pro\DPTray.exe
() C:\Program Files\Smart Menu\Smart Menu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files (x86)\Samsung\Side Sync\adb.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64128 2013-05-30] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3965904 2013-06-05] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1285099745-1819373653-869331512-1001\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-1285099745-1819373653-869331512-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1285099745-1819373653-869331512-1001\...\Policies\Explorer: [NoSetTaskbar] 0
Startup: C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {F01BB58E-1997-4A63-97F1-16E6B57445BE} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {F01BB58E-1997-4A63-97F1-16E6B57445BE} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {070070C9-B6F8-483B-A86B-AF77BD5BCCF2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {070070C9-B6F8-483B-A86B-AF77BD5BCCF2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {070070C9-B6F8-483B-A86B-AF77BD5BCCF2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {070070C9-B6F8-483B-A86B-AF77BD5BCCF2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {070070C9-B6F8-483B-A86B-AF77BD5BCCF2} URL =
SearchScopes: HKCU - {070070C9-B6F8-483B-A86B-AF77BD5BCCF2} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-09-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [308736 2013-06-10] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-04-22] (Samsung Electronics CO., LTD.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-28] (WildTangent)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-06-24] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-06-24] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3017776 2013-07-12] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-24] (Microsoft Corporation)
R2 WinStartMenuLauncher; C:\Program Files\Smart Menu\WinStartMenuLauncher.exe [249472 2014-03-13] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-30] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-05-30] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140903.001\IDSvia64.sys [633560 2014-08-30] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.019\ENG64.SYS [129752 2014-08-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.019\EX64.SYS [2137304 2014-08-25] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-07-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1505000.013\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 14:27 - 2014-09-03 14:27 - 00019585 _____ () C:\Users\Beverly\Desktop\FRST.txt
2014-09-03 14:26 - 2014-09-03 14:27 - 00000000 ____D () C:\FRST
2014-09-03 14:25 - 2014-09-03 14:25 - 02104832 _____ (Farbar) C:\Users\Beverly\Desktop\FRST64.exe
2014-09-03 14:11 - 2014-09-03 14:11 - 00000000 ___RD () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-01 19:46 - 2014-09-01 19:46 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-09-01 17:22 - 2014-09-01 17:22 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-08-29 08:47 - 2014-08-29 08:48 - 00000000 ____D () C:\Users\Beverly\Downloads\Plants vs. Zombies
2014-08-29 08:47 - 2014-08-29 08:48 - 00000000 ____D () C:\Users\Beverly\Downloads\Plants vs Zombies - PC [Full Game]
2014-08-28 18:22 - 2014-08-28 18:22 - 00000000 ____D () C:\ProgramData\Wild Tangent
2014-08-28 06:57 - 2014-08-22 19:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-28 06:57 - 2014-08-06 21:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-28 06:57 - 2014-08-01 22:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-25 08:01 - 2014-08-25 08:01 - 00001214 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-08-25 08:00 - 2014-08-25 08:00 - 00001265 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
2014-08-25 06:32 - 2014-08-29 11:59 - 00002081 _____ () C:\Users\Beverly\Desktop\VV3 CHEATS.CT
2014-08-25 00:12 - 2014-08-25 00:12 - 00001097 _____ () C:\Users\Beverly\Desktop\Cheat Engine.lnk
2014-08-25 00:12 - 2014-08-25 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-08-25 00:06 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-25 00:06 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-25 00:06 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-25 00:06 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-25 00:06 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-25 00:06 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-25 00:06 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-25 00:06 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-25 00:05 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-25 00:05 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-25 00:05 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-25 00:05 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-25 00:05 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-25 00:05 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-25 00:05 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-25 00:05 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-25 00:05 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-25 00:05 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-25 00:05 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-25 00:05 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-25 00:05 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-25 00:05 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-25 00:05 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-25 00:05 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-25 00:05 - 2014-07-25 06:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-25 00:05 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-25 00:05 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-25 00:05 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-25 00:05 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-25 00:05 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-25 00:05 - 2014-07-25 06:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-25 00:05 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-25 00:05 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-25 00:05 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-25 00:05 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-25 00:03 - 2014-06-19 20:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-25 00:03 - 2014-06-19 18:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-25 00:03 - 2014-06-12 20:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-25 00:03 - 2014-06-12 20:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-25 00:03 - 2014-06-12 19:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-25 00:03 - 2014-06-06 06:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-25 00:02 - 2014-08-06 17:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-25 00:02 - 2014-08-02 00:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-25 00:02 - 2014-07-15 13:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-25 00:02 - 2014-07-15 03:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-25 00:02 - 2014-07-15 03:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-25 00:02 - 2014-07-15 03:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-25 00:02 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-25 00:02 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-25 00:01 - 2014-08-01 22:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-25 00:01 - 2014-07-11 23:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-25 00:01 - 2014-06-04 04:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-25 00:01 - 2014-06-04 00:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-25 00:01 - 2014-06-04 00:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-25 00:01 - 2014-06-03 23:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-25 00:01 - 2014-06-03 23:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-25 00:01 - 2014-06-03 21:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-25 00:01 - 2014-06-03 21:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-24 08:17 - 2014-09-03 13:15 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-24 08:16 - 2014-09-02 16:51 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers - The Secret City
2014-08-24 08:16 - 2014-08-24 08:16 - 00001441 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Virtual Villagers - The Secret City.lnk
2014-08-24 08:16 - 2014-08-24 08:16 - 00001417 _____ () C:\Users\Beverly\Desktop\Virtual Villagers - The Secret City.lnk
2014-08-08 03:12 - 2014-09-01 19:46 - 00002521 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-08 03:12 - 2014-08-08 03:12 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-08-08 03:12 - 2014-08-08 03:12 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-08-08 03:10 - 2014-09-01 19:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-08 03:10 - 2014-09-01 19:46 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-08-08 03:10 - 2014-08-08 03:10 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-08 00:57 - 2014-08-08 00:57 - 00003278 _____ () C:\WINDOWS\System32\Tasks\{B8B5743D-4A1C-4DAB-8583-EBDBD545DAF8}
2014-08-08 00:53 - 2014-08-08 00:53 - 699486709 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-08 00:53 - 2014-08-08 00:53 - 00285920 _____ () C:\WINDOWS\Minidump\080814-40140-01.dmp
2014-08-08 00:53 - 2014-08-08 00:53 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-08 00:48 - 2014-08-24 08:17 - 00000000 ____D () C:\Users\Beverly\Documents\LDW
2014-08-08 00:48 - 2014-08-22 15:11 - 00000000 ____D () C:\Program Files (x86)\VIRTUAL VILLAGERS 2 THE LOST CHILDREN
2014-08-08 00:48 - 2014-08-08 00:48 - 00002309 _____ () C:\Users\Public\Desktop\Virtual Villagers 2 The lost children.lnk
2014-08-08 00:48 - 2014-08-08 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Virtual Villagers 2
2014-08-07 17:31 - 2014-07-04 20:15 - 00000008 _____ () C:\WINDOWS\system32\Drivers\rtkhdaud.dat
2014-08-07 08:50 - 2014-08-30 12:17 - 00003236 _____ () C:\WINDOWS\System32\Tasks\Driver Pro Schedule
2014-08-07 08:50 - 2014-08-30 12:17 - 00000000 ____D () C:\Users\Beverly\AppData\Roaming\Driver Pro
2014-08-07 08:50 - 2014-08-07 08:50 - 00001038 _____ () C:\Users\Beverly\Desktop\Driver Pro.lnk
2014-08-07 08:50 - 2014-08-07 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
2014-08-07 08:50 - 2014-08-07 08:50 - 00000000 ____D () C:\Program Files (x86)\Driver Pro
2014-08-07 08:30 - 2014-07-09 23:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-07 08:30 - 2014-07-09 23:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-07 08:30 - 2014-07-09 22:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-07 08:21 - 2014-08-24 15:15 - 00003258 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2014-08-07 07:24 - 2014-08-07 07:24 - 00002034 _____ () C:\Users\Beverly\Desktop\Virtual Villagers.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00002034 _____ () C:\Users\Administrator\Desktop\Virtual Villagers.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00001210 _____ () C:\Users\Beverly\Desktop\More great games.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00001210 _____ () C:\Users\Administrator\Desktop\More great games.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Villagers
2014-08-07 07:24 - 2014-08-07 07:24 - 00000000 ____D () C:\Program Files (x86)\BFG
2014-08-07 06:23 - 2014-08-18 12:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 06:23 - 2014-08-07 06:23 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 06:23 - 2014-08-07 06:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 06:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-07 06:23 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-07 06:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-07 06:21 - 2014-08-07 06:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-07 06:20 - 2014-08-07 06:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-07 06:20 - 2014-08-07 06:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-07 06:20 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-08-07 06:19 - 2014-08-25 02:42 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-07 06:15 - 2014-05-13 02:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-07 06:15 - 2014-05-13 00:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-07 06:15 - 2014-05-12 23:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-07 06:15 - 2014-05-12 23:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-07 06:15 - 2014-05-12 22:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-07 06:15 - 2014-05-12 22:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-07 06:15 - 2014-05-03 06:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-07 06:15 - 2014-05-03 04:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-07 06:15 - 2014-05-03 00:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-07 06:15 - 2014-05-03 00:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-07 06:15 - 2014-05-03 00:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-07 06:15 - 2014-05-03 00:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-07 06:15 - 2014-05-02 23:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-07 06:15 - 2014-05-02 23:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-07 06:15 - 2014-05-02 23:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-07 06:15 - 2014-05-02 18:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-07 06:15 - 2014-05-01 00:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-07 06:15 - 2014-04-30 01:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-07 06:15 - 2014-04-30 01:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-07 06:15 - 2014-04-30 01:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-07 06:15 - 2014-04-30 01:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-07 06:15 - 2014-04-30 00:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-07 06:15 - 2014-04-29 23:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-07 06:15 - 2014-04-29 23:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-07 06:15 - 2014-04-29 23:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-07 06:15 - 2014-04-29 23:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-07 06:15 - 2014-04-29 23:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-07 06:15 - 2014-04-29 23:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-07 06:15 - 2014-04-29 22:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-07 06:15 - 2014-04-29 22:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-07 06:15 - 2014-04-29 22:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-07 06:15 - 2014-04-29 22:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-07 06:15 - 2014-04-29 22:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-07 06:15 - 2014-04-29 22:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-07 06:15 - 2014-04-28 17:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-07 06:15 - 2014-04-26 17:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-07 06:15 - 2014-04-26 15:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-07 06:15 - 2014-04-26 11:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-07 06:15 - 2014-04-14 04:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-07 06:15 - 2014-04-14 03:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-07 06:15 - 2014-04-14 00:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-07 06:15 - 2014-04-09 01:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-07 06:15 - 2014-04-09 00:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-07 06:11 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-08-07 06:11 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-08-07 06:10 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-08-07 06:10 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-08-07 06:10 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-08-07 06:10 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-08-07 06:10 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-08-07 06:10 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-08-07 06:10 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-08-07 06:09 - 2014-08-07 06:09 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-07 06:09 - 2014-05-31 01:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-07 06:08 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-08-07 06:08 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-08-07 06:08 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-08-07 06:08 - 2014-06-05 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-07 06:08 - 2014-06-05 08:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-07 06:08 - 2014-06-01 21:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-07 06:08 - 2014-05-31 05:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-07 06:08 - 2014-05-31 05:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-07 06:08 - 2014-05-31 05:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-07 06:08 - 2014-05-31 05:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-07 06:08 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-08-07 06:08 - 2014-05-31 05:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-07 06:08 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-08-07 06:08 - 2014-05-31 01:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-07 06:08 - 2014-05-31 01:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-07 06:08 - 2014-05-31 01:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-07 06:08 - 2014-05-30 23:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-07 06:08 - 2014-05-30 23:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-07 06:08 - 2014-05-30 23:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-07 06:08 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-08-07 06:08 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-08-07 06:08 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-07 06:08 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-08-07 06:08 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-08-07 06:08 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-07 06:08 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-08-07 06:08 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-08-07 06:08 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-08-07 06:08 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-08-07 06:08 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-08-07 06:08 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-08-07 06:08 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-08-07 06:08 - 2014-05-27 10:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-07 06:08 - 2014-05-27 04:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-07 06:08 - 2014-05-27 04:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-07 06:08 - 2014-05-16 23:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-07 06:08 - 2014-05-16 23:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-07 06:07 - 2014-08-07 06:07 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-07 00:52 - 2014-08-07 06:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 00:52 - 2014-08-07 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 14:27 - 2014-09-03 14:27 - 00019585 _____ () C:\Users\Beverly\Desktop\FRST.txt
2014-09-03 14:27 - 2014-09-03 14:26 - 00000000 ____D () C:\FRST
2014-09-03 14:25 - 2014-09-03 14:25 - 02104832 _____ (Farbar) C:\Users\Beverly\Desktop\FRST64.exe
2014-09-03 14:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-03 14:13 - 2014-06-19 22:39 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1285099745-1819373653-869331512-1001
2014-09-03 14:12 - 2014-06-24 19:43 - 00000000 ___DO () C:\Users\Beverly\OneDrive
2014-09-03 14:12 - 2013-07-24 12:17 - 00000000 ____D () C:\ProgramData\WinClon
2014-09-03 14:11 - 2014-09-03 14:11 - 00000000 ___RD () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-03 14:08 - 2014-06-24 19:04 - 00000000 ____D () C:\Users\Beverly
2014-09-03 14:07 - 2014-03-18 04:54 - 00114564 _____ () C:\WINDOWS\PFRO.log
2014-09-03 14:07 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-03 14:07 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-09-03 14:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-03 13:58 - 2014-06-24 17:28 - 00000000 ____D () C:\Users\Beverly\AppData\Roaming\BitTorrent
2014-09-03 13:19 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-03 13:17 - 2014-06-25 16:48 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D8B86E5B-480F-4472-9FB1-DCD057DDB86F}
2014-09-03 13:15 - 2014-08-24 08:17 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-02 17:30 - 2014-06-24 19:21 - 01843408 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-02 16:51 - 2014-08-24 08:16 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers - The Secret City
2014-09-01 19:47 - 2014-07-26 15:52 - 00000000 ____D () C:\Users\Beverly\Desktop\Docs
2014-09-01 19:46 - 2014-09-01 19:46 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-09-01 19:46 - 2014-08-08 03:12 - 00002521 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-09-01 19:46 - 2014-08-08 03:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-01 19:46 - 2014-08-08 03:10 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-09-01 19:46 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-01 19:46 - 2013-07-24 12:16 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-09-01 17:22 - 2014-09-01 17:22 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-08-30 12:17 - 2014-08-07 08:50 - 00003236 _____ () C:\WINDOWS\System32\Tasks\Driver Pro Schedule
2014-08-30 12:17 - 2014-08-07 08:50 - 00000000 ____D () C:\Users\Beverly\AppData\Roaming\Driver Pro
2014-08-29 11:59 - 2014-08-25 06:32 - 00002081 _____ () C:\Users\Beverly\Desktop\VV3 CHEATS.CT
2014-08-29 08:50 - 2013-07-24 12:26 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-08-29 08:48 - 2014-08-29 08:47 - 00000000 ____D () C:\Users\Beverly\Downloads\Plants vs. Zombies
2014-08-29 08:48 - 2014-08-29 08:47 - 00000000 ____D () C:\Users\Beverly\Downloads\Plants vs Zombies - PC [Full Game]
2014-08-29 03:58 - 2014-06-23 23:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-29 03:44 - 2013-08-22 09:44 - 00489832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-29 03:42 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-28 18:22 - 2014-08-28 18:22 - 00000000 ____D () C:\ProgramData\Wild Tangent
2014-08-28 18:20 - 2014-06-24 15:46 - 00002496 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - wildgames.lnk
2014-08-28 18:20 - 2014-06-24 15:46 - 00002480 ____N () C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2014-08-28 18:20 - 2014-06-24 15:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-28 18:20 - 2014-06-24 15:45 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-08-28 18:15 - 2014-07-26 17:03 - 00000000 ____D () C:\Users\Beverly\AppData\Local\CrashDumps
2014-08-28 15:46 - 2014-03-18 05:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-28 15:45 - 2013-08-22 09:46 - 00374813 _____ () C:\WINDOWS\setupact.log
2014-08-28 15:10 - 2014-05-23 23:49 - 00000000 ____D () C:\Users\Beverly\Desktop\music 2
2014-08-28 08:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-28 07:19 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-25 08:01 - 2014-08-25 08:01 - 00001214 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-08-25 08:00 - 2014-08-25 08:00 - 00001265 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
2014-08-25 07:52 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-25 07:51 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-25 02:44 - 2014-06-19 22:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-25 02:43 - 2014-06-19 22:53 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-25 02:42 - 2014-08-07 06:19 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-25 01:36 - 2014-07-14 16:53 - 00027648 ___SH () C:\Users\Beverly\Desktop\Thumbs.db
2014-08-25 00:23 - 2014-06-24 18:06 - 00000000 ____D () C:\Users\Beverly\AppData\Roaming\SmartMenuSoftware
2014-08-25 00:12 - 2014-08-25 00:12 - 00001097 _____ () C:\Users\Beverly\Desktop\Cheat Engine.lnk
2014-08-25 00:12 - 2014-08-25 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-08-25 00:12 - 2014-07-26 21:34 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-08-24 23:56 - 2014-03-18 05:13 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-24 23:56 - 2013-08-22 06:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-24 23:56 - 2013-08-22 06:44 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-24 23:56 - 2013-08-22 06:21 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-24 23:56 - 2013-08-22 06:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-24 23:56 - 2013-08-21 23:17 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-24 23:56 - 2013-08-21 22:55 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-24 23:56 - 2013-08-21 22:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-24 23:56 - 2013-08-21 22:40 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-24 23:56 - 2013-08-21 22:16 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-24 23:55 - 2014-03-18 05:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-24 23:55 - 2014-03-18 05:13 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-24 23:55 - 2013-08-22 06:22 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-24 23:55 - 2013-08-22 06:10 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-24 23:55 - 2013-08-22 05:32 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-24 23:55 - 2013-08-21 22:45 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-24 15:15 - 2014-08-07 08:21 - 00003258 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2014-08-24 08:17 - 2014-08-08 00:48 - 00000000 ____D () C:\Users\Beverly\Documents\LDW
2014-08-24 08:16 - 2014-08-24 08:16 - 00001441 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Virtual Villagers - The Secret City.lnk
2014-08-24 08:16 - 2014-08-24 08:16 - 00001417 _____ () C:\Users\Beverly\Desktop\Virtual Villagers - The Secret City.lnk
2014-08-22 19:42 - 2014-08-28 06:57 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 15:11 - 2014-08-08 00:48 - 00000000 ____D () C:\Program Files (x86)\VIRTUAL VILLAGERS 2 THE LOST CHILDREN
2014-08-18 12:25 - 2014-08-07 06:23 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 03:55 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-08 03:12 - 2014-08-08 03:12 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-08-08 03:12 - 2014-08-08 03:12 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-08-08 03:12 - 2013-07-24 12:16 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-08 03:10 - 2014-08-08 03:10 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-08 03:10 - 2013-07-24 12:15 - 00000000 ____D () C:\ProgramData\Norton
2014-08-08 00:57 - 2014-08-08 00:57 - 00003278 _____ () C:\WINDOWS\System32\Tasks\{B8B5743D-4A1C-4DAB-8583-EBDBD545DAF8}
2014-08-08 00:57 - 2014-06-19 22:30 - 00000000 ____D () C:\Users\Beverly\AppData\Local\VirtualStore
2014-08-08 00:55 - 2014-06-24 17:58 - 00000000 ____D () C:\Program Files\Smart Menu
2014-08-08 00:53 - 2014-08-08 00:53 - 699486709 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-08 00:53 - 2014-08-08 00:53 - 00285920 _____ () C:\WINDOWS\Minidump\080814-40140-01.dmp
2014-08-08 00:53 - 2014-08-08 00:53 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-08 00:48 - 2014-08-08 00:48 - 00002309 _____ () C:\Users\Public\Desktop\Virtual Villagers 2 The lost children.lnk
2014-08-08 00:48 - 2014-08-08 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Virtual Villagers 2
2014-08-07 17:30 - 2014-05-13 06:28 - 00000000 ____D () C:\Users\Beverly\Documents\Bluetooth Folder
2014-08-07 17:30 - 2013-08-22 09:46 - 00000440 _____ () C:\WINDOWS\setuperr.log
2014-08-07 08:50 - 2014-08-07 08:50 - 00001038 _____ () C:\Users\Beverly\Desktop\Driver Pro.lnk
2014-08-07 08:50 - 2014-08-07 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
2014-08-07 08:50 - 2014-08-07 08:50 - 00000000 ____D () C:\Program Files (x86)\Driver Pro
2014-08-07 08:31 - 2014-06-24 18:06 - 00000000 ____D () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Menu
2014-08-07 08:31 - 2014-06-24 17:42 - 00000000 ____D () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-07 08:13 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-08-07 07:24 - 2014-08-07 07:24 - 00002034 _____ () C:\Users\Beverly\Desktop\Virtual Villagers.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00002034 _____ () C:\Users\Administrator\Desktop\Virtual Villagers.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00001210 _____ () C:\Users\Beverly\Desktop\More great games.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00001210 _____ () C:\Users\Administrator\Desktop\More great games.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Villagers
2014-08-07 07:24 - 2014-08-07 07:24 - 00000000 ____D () C:\Program Files (x86)\BFG
2014-08-07 07:24 - 2014-07-31 04:41 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers
2014-08-07 07:24 - 2014-07-26 15:55 - 00000000 ____D () C:\Users\Beverly\Downloads\Virtual Villagers 1,2,3&4
2014-08-07 07:12 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-07 07:12 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-07 07:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-07 07:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-08-07 07:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-07 07:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-07 06:23 - 2014-08-07 06:23 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 06:23 - 2014-08-07 06:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 06:23 - 2014-08-07 00:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 06:21 - 2014-08-07 06:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-07 06:20 - 2014-08-07 06:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-07 06:20 - 2014-08-07 06:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-07 06:19 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-07 06:09 - 2014-08-07 06:09 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-07 06:07 - 2014-08-07 06:07 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-07 02:57 - 2014-06-24 19:04 - 00000000 ____D () C:\Users\Administrator
2014-08-07 02:57 - 2014-06-23 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-07 02:57 - 2014-03-18 04:45 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-08-07 02:57 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-08-07 02:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-08-07 02:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-08-07 02:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-08-07 02:56 - 2014-06-24 15:45 - 00000000 ____D () C:\ProgramData\WildTangent
2014-08-07 02:56 - 2014-06-23 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-07 02:56 - 2014-06-23 20:03 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-07 02:56 - 2014-06-23 20:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-07 02:55 - 2014-07-28 03:33 - 00000000 ____D () C:\Program Files (x86)\Browsersafeguard
2014-08-07 02:55 - 2014-07-17 23:50 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-08-07 02:55 - 2014-06-24 16:22 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-08-07 02:55 - 2014-06-23 20:03 - 00000000 ____D () C:\Program Files\iTunes
2014-08-07 02:55 - 2014-06-23 20:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-07 02:55 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-07 02:55 - 2013-07-24 12:05 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-08-07 02:53 - 2014-07-27 03:33 - 00000000 ____D () C:\Users\Beverly\Desktop\Virtual Villagers A New Home
2014-08-07 02:53 - 2014-07-14 17:21 - 00000000 ____D () C:\Users\Beverly\Google Drive
2014-08-07 02:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2014-08-07 02:38 - 2014-05-13 06:21 - 00000000 ____D () C:\Users\Beverly\AppData\Local\Packages
2014-08-07 02:32 - 2014-06-23 20:03 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 02:31 - 2014-05-13 08:18 - 00000000 __RHD () C:\MSOCache
2014-08-07 00:52 - 2014-08-07 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 21:12 - 2014-08-28 06:57 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-06 17:38 - 2014-08-25 00:02 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-02 03:12

==================== End Of Log ============================



#5 ogebev

ogebev
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 03 September 2014 - 02:32 PM

ADDITION LOG

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Beverly at 2014-09-03 14:28:00
Running from C:\Users\Beverly\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bitcasa version 1.0.1.5011 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 1.0.1.5011 - Bitcasa Inc.)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32128 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Pro version 3.2 (HKLM-x32\...\Driver Pro_is1) (Version: 3.2 - )
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.7 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{9CC96FC2-692B-4C60-8859-1610B3A2FF6B}) (Version: 1.0.92 - Samsung Electronics CO., LTD.)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Jo's Dream - Organic Coffee (HKLM-x32\...\Jo's Dream - Organic CoffeeFinal) (Version: Final - AllSmartGames)
Jo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Jos Dream Organic Coffee 2 1.00 (HKLM-x32\...\Jos Dream Organic Coffee 2 1.00) (Version: 1.00 - Games)
Jo's Dream: Organic Coffee (x32 Version: 3.0.2.51 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Mother Nature (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 1.3.0.1 - RSUPPORT)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.228 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.10 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.42 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Side Sync (HKLM-x32\...\{C6DA306C-B288-452A-B85C-01265DBFF0DA}) (Version: 1.1.12 - Samsung Electronics CO., LTD.)
Smart Menu (HKCU\...\Smart Menu) (Version: 4.3 - Smart Menu)
Support Center (HKLM\...\{5C20C1A9-75F9-4B6B-AAC3-9065C2AFB918}) (Version: 2.1.1106 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.11 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{44C11432-BA0D-4A02-B092-78AA7A6056A0}) (Version: 2.1.17 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
User Guide (HKLM-x32\...\{7536A888-2F1E-4B3B-AEF1-BC08C822C5F1}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
Virtual Villagers - The Secret CityJust For Fun Games (HKLM-x32\...\Virtual Villagers - The Secret CityJust For Fun Games) (Version:  - )
Virtual Villagers (remove only) (HKLM-x32\...\Virtual Villagers) (Version:  - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1285099745-1819373653-869331512-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Beverly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285099745-1819373653-869331512-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Beverly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285099745-1819373653-869331512-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Beverly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285099745-1819373653-869331512-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Beverly\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

19-08-2014 16:09:10 Scheduled Checkpoint
25-08-2014 07:40:59 Windows Update
28-08-2014 12:18:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01AD3985-55EB-47AA-8C63-4A499A448C5E} - System32\Tasks\SecTimeSync => C:\Windows\SecTimeSync.exe [2013-07-03] (Samsung Electronics CO., LTD.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07F4C041-4727-4A9E-8A86-636226B29B4B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1A7EBEA5-CE55-4892-95EC-4B55B43DF85A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2152E2D5-5491-45ED-95B1-529422343070} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2F7FAF87-AEB8-4639-9581-246836DAAA4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4AFEF8BB-B5B9-4101-94D9-5AFBC088309E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-29] (Microsoft Corporation)
Task: {4F9BFA7A-70CE-49C3-8C8C-45B517A83EEF} - System32\Tasks\SideSyncAutoRun => C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe [2013-06-04] (Samsung Electronics CO., LTD.)
Task: {5C4E36E7-34A0-4F3C-B441-E7B596814D72} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-04-22] (Samsung Electronics CO., LTD.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {76677EB2-EB14-4A3B-A556-EF655F2849FD} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {84C00835-BD43-453A-85C7-A31A37AE955C} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-06-19] (SEC)
Task: {86F04090-9CCD-40FC-AB8B-04A106B8F2EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-25] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {955EB0D4-2BC4-4B38-B9F4-87900BD048F5} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {963A343D-EB6C-45E7-B7CB-3550BB6B9D45} - System32\Tasks\Driver Pro Schedule => C:\Program Files (x86)\Driver Pro\DPTray.exe [2014-07-07] (PC Utilities Software Limited)
Task: {9CB2B3CB-D046-441C-B5F7-EEC7DB81C3FD} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AED86D1F-7521-4E2F-B592-F8ABEDF73B7D} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-06-04] (Samsung Electronics CO., LTD.)
Task: {BBED6E1E-F1CF-4AB2-B6D6-BD816EC596B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C07974D5-4D88-4781-A45B-76D0F2172448} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-06-25] (Realtek Semiconductor)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD2377BA-801B-427B-8622-E4CAD729772F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EAB55B1C-6075-4C0D-BEA4-873BB5444FED} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-06-05] (Realtek Semiconductor)
Task: {F4396303-F422-4F8A-A529-42BC67EFBB22} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {F582C27D-7C81-44B4-BD0A-CB3587D2E4D5} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {FA92F43A-88DD-4DC0-B1E1-A9D6F98FB19C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-06-24 15:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-13 03:30 - 2014-03-13 03:30 - 00249472 _____ () C:\Program Files\Smart Menu\WinStartMenuLauncher.exe
2013-04-22 20:44 - 2013-04-22 20:44 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-08-29 03:57 - 2014-08-29 03:57 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-07-24 12:33 - 2013-06-05 23:15 - 00288720 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
2013-07-24 12:33 - 2013-06-05 23:23 - 01645056 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2014-08-05 08:59 - 2014-08-05 08:59 - 00035840 _____ () C:\Program Files\Smart Menu\ShowStartBtnHook.dll
2014-08-06 04:38 - 2014-08-06 04:38 - 02364504 _____ () C:\Program Files\Smart Menu\Smart Menu.exe
2014-07-09 05:25 - 2014-07-09 05:25 - 00860160 _____ () C:\Program Files\Smart Menu\libGLESv2.dll
2014-07-09 05:25 - 2014-07-09 05:25 - 00052736 _____ () C:\Program Files\Smart Menu\libEGL.dll
2014-07-09 04:31 - 2014-07-09 04:31 - 01043968 _____ () C:\Program Files\Smart Menu\platforms\qwindows.dll
2014-07-09 04:28 - 2014-07-09 04:28 - 00030208 _____ () C:\Program Files\Smart Menu\imageformats\qgif.dll
2014-07-09 04:28 - 2014-07-09 04:28 - 00236032 _____ () C:\Program Files\Smart Menu\imageformats\qjpeg.dll
2013-01-15 23:27 - 2013-05-28 00:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-04 17:28 - 2013-06-04 17:28 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2013-05-30 11:23 - 2013-05-30 11:23 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-05-30 11:19 - 2013-05-30 11:19 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-05-30 11:53 - 2013-05-30 11:53 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-06-04 03:52 - 2013-06-04 03:52 - 00815104 _____ () C:\Program Files (x86)\Samsung\Side Sync\adb.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-22 20:44 - 2013-04-22 20:44 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-04-22 20:45 - 2013-04-22 20:45 - 01121328 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-04-22 20:44 - 2013-04-22 20:44 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-04-22 20:44 - 2013-04-22 20:44 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-04-22 20:44 - 2013-04-22 20:44 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-04-22 20:44 - 2013-04-22 20:44 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2013-04-22 20:45 - 2013-04-22 20:45 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2013-04-22 20:44 - 2013-04-22 20:44 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2013-04-22 20:44 - 2013-04-22 20:44 - 00103984 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-06-04 03:52 - 2013-06-04 03:52 - 01679408 _____ () C:\Program Files (x86)\Samsung\Side Sync\SideSyncNetworkFramework.dll
2013-07-24 10:07 - 2013-01-14 13:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:60C897F3
AlternateDataStreams: C:\Users\Beverly\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKCU\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 04:12:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140

Error: (09/03/2014 04:12:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1140

Error: (09/03/2014 04:12:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/02/2014 04:06:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/02/2014 04:02:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/02/2014 03:12:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/01/2014 08:34:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (08/31/2014 00:19:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11969

Error: (08/31/2014 00:19:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11969

Error: (08/31/2014 00:19:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (09/03/2014 02:07:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:04:30 PM on ‎9/‎3/‎2014 was unexpected.

Error: (09/01/2014 07:37:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (09/01/2014 07:37:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/25/2014 07:53:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (08/25/2014 01:48:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/25/2014 01:48:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/25/2014 01:38:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/25/2014 01:38:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/25/2014 01:27:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (08/25/2014 01:27:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Microsoft Office Sessions:
=========================
Error: (09/03/2014 04:12:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140

Error: (09/03/2014 04:12:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1140

Error: (09/03/2014 04:12:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/02/2014 04:06:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Samsung\Side Sync\SideSync.exe

Error: (09/02/2014 04:02:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Samsung\Side Sync\SideSync.exe

Error: (09/02/2014 03:12:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Samsung\Side Sync\SideSync.exe

Error: (09/01/2014 08:34:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Samsung\Side Sync\SideSync.exe

Error: (08/31/2014 00:19:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11969

Error: (08/31/2014 00:19:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11969

Error: (08/31/2014 00:19:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 26%
Total physical RAM: 7893.53 MB
Available physical RAM: 5764.76 MB
Total Pagefile: 15829.54 MB
Available Pagefile: 13731.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:679.01 GB) (Free:599.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1A6C1D8F)

Partition: GPT Partition Type.

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 03 September 2014 - 02:49 PM

Ok.


Step 1

Please uninstall some programs:
  • Open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Driver Pro version 3.2

  • Reboot your computer.


Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 ogebev

ogebev
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 03 September 2014 - 06:00 PM

AD CLEANER LOG

 

# AdwCleaner v3.309 - Report created 03/09/2014 at 17:56:46
# Updated 02/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Beverly - THEBEVESTPC
# Running from : C:\Users\Beverly\AppData\Local\Microsoft\Windows\INetCache\IE\6BL8Y8S9\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Browsersafeguard
Folder Deleted : C:\Program Files (x86)\predm
File Deleted : C:\Users\Beverly\AppData\Roaming\aps.uninstall.scan.results

***** [ Scheduled Tasks ] *****

Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Driver Pro
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

*************************

AdwCleaner[R0].txt - [2381 octets] - [03/09/2014 17:54:32]
AdwCleaner[S0].txt - [2128 octets] - [03/09/2014 17:56:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2188 octets] ##########



#8 ogebev

ogebev
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 03 September 2014 - 06:02 PM

FRST LOG

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Beverly (administrator) on THEBEVESTPC on 03-09-2014 18:01:17
Running from C:\Users\Beverly\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
() C:\Program Files\Smart Menu\WinStartMenuLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Smart Menu\Smart Menu.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Samsung\Side Sync\adb.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64128 2013-05-30] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3965904 2013-06-05] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1285099745-1819373653-869331512-1001\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-1285099745-1819373653-869331512-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1285099745-1819373653-869331512-1001\...\Policies\Explorer: [NoSetTaskbar] 0
Startup: C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {F01BB58E-1997-4A63-97F1-16E6B57445BE} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {F01BB58E-1997-4A63-97F1-16E6B57445BE} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - {070070C9-B6F8-483B-A86B-AF77BD5BCCF2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {070070C9-B6F8-483B-A86B-AF77BD5BCCF2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {070070C9-B6F8-483B-A86B-AF77BD5BCCF2} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-09-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [308736 2013-06-10] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-04-22] (Samsung Electronics CO., LTD.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-28] (WildTangent)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-06-24] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-06-24] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3017776 2013-07-12] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-24] (Microsoft Corporation)
R2 WinStartMenuLauncher; C:\Program Files\Smart Menu\WinStartMenuLauncher.exe [249472 2014-03-13] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-30] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-05-30] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140903.001\IDSvia64.sys [633560 2014-08-30] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.019\ENG64.SYS [129752 2014-08-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.019\EX64.SYS [2137304 2014-08-25] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-07-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1505000.013\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 18:01 - 2014-09-03 18:01 - 00000000 ___RD () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-03 17:54 - 2014-09-03 17:56 - 00000000 ____D () C:\AdwCleaner
2014-09-03 17:53 - 2014-09-03 17:53 - 01370467 _____ () C:\Users\Beverly\Desktop\adwcleaner.exe
2014-09-03 14:28 - 2014-09-03 14:28 - 00035585 _____ () C:\Users\Beverly\Desktop\Addition.txt
2014-09-03 14:27 - 2014-09-03 18:01 - 00018966 _____ () C:\Users\Beverly\Desktop\FRST.txt
2014-09-03 14:26 - 2014-09-03 18:01 - 00000000 ____D () C:\FRST
2014-09-03 14:25 - 2014-09-03 14:25 - 02104832 _____ (Farbar) C:\Users\Beverly\Desktop\FRST64.exe
2014-09-01 19:46 - 2014-09-01 19:46 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-09-01 17:22 - 2014-09-01 17:22 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-08-29 08:47 - 2014-08-29 08:48 - 00000000 ____D () C:\Users\Beverly\Downloads\Plants vs. Zombies
2014-08-29 08:47 - 2014-08-29 08:48 - 00000000 ____D () C:\Users\Beverly\Downloads\Plants vs Zombies - PC [Full Game]
2014-08-28 18:22 - 2014-08-28 18:22 - 00000000 ____D () C:\ProgramData\Wild Tangent
2014-08-28 06:57 - 2014-08-22 19:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-28 06:57 - 2014-08-06 21:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-28 06:57 - 2014-08-01 22:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-25 08:01 - 2014-08-25 08:01 - 00001214 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-08-25 08:00 - 2014-08-25 08:00 - 00001265 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
2014-08-25 06:32 - 2014-08-29 11:59 - 00002081 _____ () C:\Users\Beverly\Desktop\VV3 CHEATS.CT
2014-08-25 00:12 - 2014-08-25 00:12 - 00001097 _____ () C:\Users\Beverly\Desktop\Cheat Engine.lnk
2014-08-25 00:12 - 2014-08-25 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-08-25 00:06 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-25 00:06 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-25 00:06 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-25 00:06 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-25 00:06 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-25 00:06 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-25 00:06 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-25 00:06 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-25 00:05 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-25 00:05 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-25 00:05 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-25 00:05 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-25 00:05 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-25 00:05 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-25 00:05 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-25 00:05 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-25 00:05 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-25 00:05 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-25 00:05 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-25 00:05 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-25 00:05 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-25 00:05 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-25 00:05 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-25 00:05 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-25 00:05 - 2014-07-25 06:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-25 00:05 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-25 00:05 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-25 00:05 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-25 00:05 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-25 00:05 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-25 00:05 - 2014-07-25 06:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-25 00:05 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-25 00:05 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-25 00:05 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-25 00:05 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-25 00:03 - 2014-06-19 20:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-25 00:03 - 2014-06-19 18:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-25 00:03 - 2014-06-12 20:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-25 00:03 - 2014-06-12 20:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-25 00:03 - 2014-06-12 19:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-25 00:03 - 2014-06-06 06:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-25 00:02 - 2014-08-06 17:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-25 00:02 - 2014-08-02 00:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-25 00:02 - 2014-07-15 13:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-25 00:02 - 2014-07-15 03:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-25 00:02 - 2014-07-15 03:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-25 00:02 - 2014-07-15 03:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-25 00:02 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-25 00:02 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-25 00:01 - 2014-08-01 22:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-25 00:01 - 2014-07-11 23:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-25 00:01 - 2014-06-04 04:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-25 00:01 - 2014-06-04 00:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-25 00:01 - 2014-06-04 00:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-25 00:01 - 2014-06-03 23:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-25 00:01 - 2014-06-03 23:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-25 00:01 - 2014-06-03 21:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-25 00:01 - 2014-06-03 21:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-24 08:17 - 2014-09-03 13:15 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-24 08:16 - 2014-09-02 16:51 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers - The Secret City
2014-08-24 08:16 - 2014-08-24 08:16 - 00001441 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Virtual Villagers - The Secret City.lnk
2014-08-24 08:16 - 2014-08-24 08:16 - 00001417 _____ () C:\Users\Beverly\Desktop\Virtual Villagers - The Secret City.lnk
2014-08-08 03:12 - 2014-09-01 19:46 - 00002521 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-08 03:12 - 2014-08-08 03:12 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-08-08 03:12 - 2014-08-08 03:12 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-08-08 03:10 - 2014-09-01 19:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-08 03:10 - 2014-09-01 19:46 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-08-08 03:10 - 2014-08-08 03:10 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-08 00:57 - 2014-08-08 00:57 - 00003278 _____ () C:\WINDOWS\System32\Tasks\{B8B5743D-4A1C-4DAB-8583-EBDBD545DAF8}
2014-08-08 00:53 - 2014-08-08 00:53 - 699486709 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-08 00:53 - 2014-08-08 00:53 - 00285920 _____ () C:\WINDOWS\Minidump\080814-40140-01.dmp
2014-08-08 00:53 - 2014-08-08 00:53 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-08 00:48 - 2014-08-24 08:17 - 00000000 ____D () C:\Users\Beverly\Documents\LDW
2014-08-08 00:48 - 2014-08-22 15:11 - 00000000 ____D () C:\Program Files (x86)\VIRTUAL VILLAGERS 2 THE LOST CHILDREN
2014-08-08 00:48 - 2014-08-08 00:48 - 00002309 _____ () C:\Users\Public\Desktop\Virtual Villagers 2 The lost children.lnk
2014-08-08 00:48 - 2014-08-08 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Virtual Villagers 2
2014-08-07 17:31 - 2014-07-04 20:15 - 00000008 _____ () C:\WINDOWS\system32\Drivers\rtkhdaud.dat
2014-08-07 08:30 - 2014-07-09 23:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-07 08:30 - 2014-07-09 23:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-07 08:30 - 2014-07-09 22:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-07 07:24 - 2014-08-07 07:24 - 00002034 _____ () C:\Users\Beverly\Desktop\Virtual Villagers.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00002034 _____ () C:\Users\Administrator\Desktop\Virtual Villagers.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00001210 _____ () C:\Users\Beverly\Desktop\More great games.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00001210 _____ () C:\Users\Administrator\Desktop\More great games.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Villagers
2014-08-07 07:24 - 2014-08-07 07:24 - 00000000 ____D () C:\Program Files (x86)\BFG
2014-08-07 06:23 - 2014-08-18 12:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 06:23 - 2014-08-07 06:23 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 06:23 - 2014-08-07 06:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 06:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-07 06:23 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-07 06:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-07 06:21 - 2014-08-07 06:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-07 06:20 - 2014-08-07 06:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-07 06:20 - 2014-08-07 06:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-07 06:20 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-08-07 06:19 - 2014-08-25 02:42 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-07 06:15 - 2014-05-13 02:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-07 06:15 - 2014-05-13 00:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-07 06:15 - 2014-05-12 23:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-07 06:15 - 2014-05-12 23:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-07 06:15 - 2014-05-12 22:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-07 06:15 - 2014-05-12 22:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-07 06:15 - 2014-05-03 06:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-07 06:15 - 2014-05-03 04:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-07 06:15 - 2014-05-03 00:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-07 06:15 - 2014-05-03 00:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-07 06:15 - 2014-05-03 00:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-07 06:15 - 2014-05-03 00:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-07 06:15 - 2014-05-02 23:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-07 06:15 - 2014-05-02 23:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-07 06:15 - 2014-05-02 23:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-07 06:15 - 2014-05-02 18:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-07 06:15 - 2014-05-01 00:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-07 06:15 - 2014-04-30 01:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-07 06:15 - 2014-04-30 01:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-07 06:15 - 2014-04-30 01:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-07 06:15 - 2014-04-30 01:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-07 06:15 - 2014-04-30 00:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-07 06:15 - 2014-04-29 23:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-07 06:15 - 2014-04-29 23:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-07 06:15 - 2014-04-29 23:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-07 06:15 - 2014-04-29 23:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-07 06:15 - 2014-04-29 23:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-07 06:15 - 2014-04-29 23:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-07 06:15 - 2014-04-29 22:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-07 06:15 - 2014-04-29 22:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-07 06:15 - 2014-04-29 22:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-07 06:15 - 2014-04-29 22:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-07 06:15 - 2014-04-29 22:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-07 06:15 - 2014-04-29 22:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-07 06:15 - 2014-04-28 17:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-07 06:15 - 2014-04-26 17:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-07 06:15 - 2014-04-26 15:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-07 06:15 - 2014-04-26 11:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-07 06:15 - 2014-04-14 04:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-07 06:15 - 2014-04-14 03:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-07 06:15 - 2014-04-14 00:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-07 06:15 - 2014-04-09 01:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-07 06:15 - 2014-04-09 00:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-07 06:11 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-08-07 06:11 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-08-07 06:10 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-08-07 06:10 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-08-07 06:10 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-08-07 06:10 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-08-07 06:10 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-08-07 06:10 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-08-07 06:10 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-08-07 06:09 - 2014-08-07 06:09 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-07 06:09 - 2014-05-31 01:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-07 06:08 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-08-07 06:08 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-08-07 06:08 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-08-07 06:08 - 2014-06-05 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-07 06:08 - 2014-06-05 08:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-07 06:08 - 2014-06-01 21:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-07 06:08 - 2014-05-31 05:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-07 06:08 - 2014-05-31 05:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-07 06:08 - 2014-05-31 05:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-07 06:08 - 2014-05-31 05:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-07 06:08 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-08-07 06:08 - 2014-05-31 05:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-07 06:08 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-08-07 06:08 - 2014-05-31 01:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-07 06:08 - 2014-05-31 01:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-07 06:08 - 2014-05-31 01:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-07 06:08 - 2014-05-30 23:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-07 06:08 - 2014-05-30 23:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-07 06:08 - 2014-05-30 23:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-07 06:08 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-08-07 06:08 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-08-07 06:08 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-07 06:08 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-08-07 06:08 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-08-07 06:08 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-07 06:08 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-08-07 06:08 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-08-07 06:08 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-08-07 06:08 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-08-07 06:08 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-08-07 06:08 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-08-07 06:08 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-08-07 06:08 - 2014-05-27 10:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-07 06:08 - 2014-05-27 04:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-07 06:08 - 2014-05-27 04:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-07 06:08 - 2014-05-16 23:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-07 06:08 - 2014-05-16 23:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-07 06:07 - 2014-08-07 06:07 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-07 00:52 - 2014-08-07 06:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 00:52 - 2014-08-07 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 18:01 - 2014-09-03 18:01 - 00000000 ___RD () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-03 18:01 - 2014-09-03 14:27 - 00018966 _____ () C:\Users\Beverly\Desktop\FRST.txt
2014-09-03 18:01 - 2014-09-03 14:26 - 00000000 ____D () C:\FRST
2014-09-03 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-03 17:59 - 2014-06-24 19:43 - 00000000 ___DO () C:\Users\Beverly\OneDrive
2014-09-03 17:57 - 2014-03-18 04:54 - 00116906 _____ () C:\WINDOWS\PFRO.log
2014-09-03 17:57 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-03 17:56 - 2014-09-03 17:54 - 00000000 ____D () C:\AdwCleaner
2014-09-03 17:53 - 2014-09-03 17:53 - 01370467 _____ () C:\Users\Beverly\Desktop\adwcleaner.exe
2014-09-03 17:53 - 2014-06-19 22:39 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1285099745-1819373653-869331512-1001
2014-09-03 17:51 - 2013-07-24 12:17 - 00000000 ____D () C:\ProgramData\WinClon
2014-09-03 17:47 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-03 17:46 - 2014-06-24 19:04 - 00000000 ____D () C:\Users\Beverly
2014-09-03 17:32 - 2014-05-23 23:49 - 00000000 ____D () C:\Users\Beverly\Desktop\music 2
2014-09-03 17:29 - 2014-06-24 19:21 - 01875414 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-03 15:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-03 14:28 - 2014-09-03 14:28 - 00035585 _____ () C:\Users\Beverly\Desktop\Addition.txt
2014-09-03 14:25 - 2014-09-03 14:25 - 02104832 _____ (Farbar) C:\Users\Beverly\Desktop\FRST64.exe
2014-09-03 14:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-03 14:07 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-09-03 13:58 - 2014-06-24 17:28 - 00000000 ____D () C:\Users\Beverly\AppData\Roaming\BitTorrent
2014-09-03 13:17 - 2014-06-25 16:48 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D8B86E5B-480F-4472-9FB1-DCD057DDB86F}
2014-09-03 13:15 - 2014-08-24 08:17 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-02 16:51 - 2014-08-24 08:16 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers - The Secret City
2014-09-01 19:47 - 2014-07-26 15:52 - 00000000 ____D () C:\Users\Beverly\Desktop\Docs
2014-09-01 19:46 - 2014-09-01 19:46 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-09-01 19:46 - 2014-08-08 03:12 - 00002521 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-09-01 19:46 - 2014-08-08 03:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-01 19:46 - 2014-08-08 03:10 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-09-01 19:46 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-01 19:46 - 2013-07-24 12:16 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-09-01 17:22 - 2014-09-01 17:22 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-08-29 11:59 - 2014-08-25 06:32 - 00002081 _____ () C:\Users\Beverly\Desktop\VV3 CHEATS.CT
2014-08-29 08:50 - 2013-07-24 12:26 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-08-29 08:48 - 2014-08-29 08:47 - 00000000 ____D () C:\Users\Beverly\Downloads\Plants vs. Zombies
2014-08-29 08:48 - 2014-08-29 08:47 - 00000000 ____D () C:\Users\Beverly\Downloads\Plants vs Zombies - PC [Full Game]
2014-08-29 03:58 - 2014-06-23 23:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-29 03:44 - 2013-08-22 09:44 - 00489832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 18:22 - 2014-08-28 18:22 - 00000000 ____D () C:\ProgramData\Wild Tangent
2014-08-28 18:20 - 2014-06-24 15:46 - 00002496 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - wildgames.lnk
2014-08-28 18:20 - 2014-06-24 15:46 - 00002480 ____N () C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2014-08-28 18:20 - 2014-06-24 15:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-28 18:20 - 2014-06-24 15:45 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-08-28 18:15 - 2014-07-26 17:03 - 00000000 ____D () C:\Users\Beverly\AppData\Local\CrashDumps
2014-08-28 15:46 - 2014-03-18 05:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-28 15:45 - 2013-08-22 09:46 - 00374813 _____ () C:\WINDOWS\setupact.log
2014-08-28 08:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-28 07:19 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-25 08:01 - 2014-08-25 08:01 - 00001214 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-08-25 08:00 - 2014-08-25 08:00 - 00001265 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
2014-08-25 07:52 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-25 07:51 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-25 02:44 - 2014-06-19 22:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-25 02:43 - 2014-06-19 22:53 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-25 02:42 - 2014-08-07 06:19 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-25 01:36 - 2014-07-14 16:53 - 00027648 ___SH () C:\Users\Beverly\Desktop\Thumbs.db
2014-08-25 00:23 - 2014-06-24 18:06 - 00000000 ____D () C:\Users\Beverly\AppData\Roaming\SmartMenuSoftware
2014-08-25 00:12 - 2014-08-25 00:12 - 00001097 _____ () C:\Users\Beverly\Desktop\Cheat Engine.lnk
2014-08-25 00:12 - 2014-08-25 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-08-25 00:12 - 2014-07-26 21:34 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-08-24 23:56 - 2014-03-18 05:13 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-24 23:56 - 2013-08-22 06:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-24 23:56 - 2013-08-22 06:44 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-24 23:56 - 2013-08-22 06:21 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-24 23:56 - 2013-08-22 06:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-24 23:56 - 2013-08-21 23:17 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-24 23:56 - 2013-08-21 22:55 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-24 23:56 - 2013-08-21 22:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-24 23:56 - 2013-08-21 22:40 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-24 23:56 - 2013-08-21 22:16 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-24 23:55 - 2014-03-18 05:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-24 23:55 - 2014-03-18 05:13 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-24 23:55 - 2013-08-22 06:22 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-24 23:55 - 2013-08-22 06:10 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-24 23:55 - 2013-08-22 05:32 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-24 23:55 - 2013-08-21 22:45 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-24 08:17 - 2014-08-08 00:48 - 00000000 ____D () C:\Users\Beverly\Documents\LDW
2014-08-24 08:16 - 2014-08-24 08:16 - 00001441 _____ () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Virtual Villagers - The Secret City.lnk
2014-08-24 08:16 - 2014-08-24 08:16 - 00001417 _____ () C:\Users\Beverly\Desktop\Virtual Villagers - The Secret City.lnk
2014-08-22 19:42 - 2014-08-28 06:57 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 15:11 - 2014-08-08 00:48 - 00000000 ____D () C:\Program Files (x86)\VIRTUAL VILLAGERS 2 THE LOST CHILDREN
2014-08-18 12:25 - 2014-08-07 06:23 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 03:55 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-08 03:12 - 2014-08-08 03:12 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-08-08 03:12 - 2014-08-08 03:12 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-08-08 03:12 - 2013-07-24 12:16 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-08 03:10 - 2014-08-08 03:10 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-08 03:10 - 2013-07-24 12:15 - 00000000 ____D () C:\ProgramData\Norton
2014-08-08 00:57 - 2014-08-08 00:57 - 00003278 _____ () C:\WINDOWS\System32\Tasks\{B8B5743D-4A1C-4DAB-8583-EBDBD545DAF8}
2014-08-08 00:57 - 2014-06-19 22:30 - 00000000 ____D () C:\Users\Beverly\AppData\Local\VirtualStore
2014-08-08 00:55 - 2014-06-24 17:58 - 00000000 ____D () C:\Program Files\Smart Menu
2014-08-08 00:53 - 2014-08-08 00:53 - 699486709 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-08 00:53 - 2014-08-08 00:53 - 00285920 _____ () C:\WINDOWS\Minidump\080814-40140-01.dmp
2014-08-08 00:53 - 2014-08-08 00:53 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-08 00:48 - 2014-08-08 00:48 - 00002309 _____ () C:\Users\Public\Desktop\Virtual Villagers 2 The lost children.lnk
2014-08-08 00:48 - 2014-08-08 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Virtual Villagers 2
2014-08-07 17:30 - 2014-05-13 06:28 - 00000000 ____D () C:\Users\Beverly\Documents\Bluetooth Folder
2014-08-07 17:30 - 2013-08-22 09:46 - 00000440 _____ () C:\WINDOWS\setuperr.log
2014-08-07 08:31 - 2014-06-24 18:06 - 00000000 ____D () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Menu
2014-08-07 08:31 - 2014-06-24 17:42 - 00000000 ____D () C:\Users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-07 08:13 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-08-07 07:24 - 2014-08-07 07:24 - 00002034 _____ () C:\Users\Beverly\Desktop\Virtual Villagers.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00002034 _____ () C:\Users\Administrator\Desktop\Virtual Villagers.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00001210 _____ () C:\Users\Beverly\Desktop\More great games.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00001210 _____ () C:\Users\Administrator\Desktop\More great games.lnk
2014-08-07 07:24 - 2014-08-07 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Villagers
2014-08-07 07:24 - 2014-08-07 07:24 - 00000000 ____D () C:\Program Files (x86)\BFG
2014-08-07 07:24 - 2014-07-31 04:41 - 00000000 ____D () C:\Program Files (x86)\Virtual Villagers
2014-08-07 07:24 - 2014-07-26 15:55 - 00000000 ____D () C:\Users\Beverly\Downloads\Virtual Villagers 1,2,3&4
2014-08-07 07:12 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-07 07:12 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-07 07:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-07 07:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-08-07 07:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-07 07:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-07 06:23 - 2014-08-07 06:23 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 06:23 - 2014-08-07 06:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 06:23 - 2014-08-07 00:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 06:21 - 2014-08-07 06:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-07 06:20 - 2014-08-07 06:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-07 06:20 - 2014-08-07 06:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-07 06:19 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-07 06:09 - 2014-08-07 06:09 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-07 06:07 - 2014-08-07 06:07 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-07 02:57 - 2014-06-24 19:04 - 00000000 ____D () C:\Users\Administrator
2014-08-07 02:57 - 2014-06-23 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-07 02:57 - 2014-03-18 04:45 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-08-07 02:57 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-08-07 02:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-08-07 02:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-08-07 02:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-08-07 02:56 - 2014-06-24 15:45 - 00000000 ____D () C:\ProgramData\WildTangent
2014-08-07 02:56 - 2014-06-23 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-07 02:56 - 2014-06-23 20:03 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-07 02:56 - 2014-06-23 20:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-07 02:55 - 2014-07-17 23:50 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-08-07 02:55 - 2014-06-24 16:22 - 00000000 ____D () C:\Program Files (x86)\WildGames
2014-08-07 02:55 - 2014-06-23 20:03 - 00000000 ____D () C:\Program Files\iTunes
2014-08-07 02:55 - 2014-06-23 20:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-07 02:55 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-07 02:55 - 2013-07-24 12:05 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-08-07 02:53 - 2014-07-27 03:33 - 00000000 ____D () C:\Users\Beverly\Desktop\Virtual Villagers A New Home
2014-08-07 02:53 - 2014-07-14 17:21 - 00000000 ____D () C:\Users\Beverly\Google Drive
2014-08-07 02:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2014-08-07 02:38 - 2014-05-13 06:21 - 00000000 ____D () C:\Users\Beverly\AppData\Local\Packages
2014-08-07 02:32 - 2014-06-23 20:03 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 02:31 - 2014-05-13 08:18 - 00000000 __RHD () C:\MSOCache
2014-08-07 00:52 - 2014-08-07 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 21:12 - 2014-08-28 06:57 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-06 17:38 - 2014-08-25 00:02 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

Some content of TEMP:
====================
C:\Users\Beverly\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-02 03:12

==================== End Of Log ============================



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 03 September 2014 - 06:05 PM

How is your computer running now? Are there any problems left?


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#10 ogebev

ogebev
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 04 September 2014 - 11:46 AM

My computer is fine. I haven't been getting the pc utilities pro message since I uninstalled the driver pro.

 

ESET LOG

 

C:\$Recycle.Bin\S-1-5-21-1285099745-1819373653-869331512-1001\$R4KSGXC.partial Win32/OutBrowse.X potentially unwanted application
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\Beverly\AppData\Local\Microsoft\Windows\INetCache\IE\6RD5DNC0\aaa8d547a29596a53248008724c478448931e5cd[1].htm HTML/Iframe.B.Gen virus
 



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 04 September 2014 - 12:01 PM

Very good.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader X (10.1.11) MUI




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 19 September 2014 - 02:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users