Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hi Ken...this is Alice [Solved]

Hi Ken...this is Alice

  • This topic is locked This topic is locked
17 replies to this topic

#1 alifitz

alifitz

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 12 November 2014 - 08:03 PM

Thank you Ken!


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 12 November 2014 - 08:12 PM

Hi Alice,

 

Glad you made it, you will find this will be so much easier, so lets see what going on.  Sometimes a lot of popups are caused by a rootkit type of infection, running aswMBR will check

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
    Then I will need you to run FRST, with windows 7 I am sure you will need to 64bit version
     

     
    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  •  
     
     
    All of the scans we run will give you a log, it will open up in Notepad, when the log opens just go to the top left of notepad and click on EDIT > Select All............EDIT>Copy and then come back to the forum, reply to the topic ( do not start a new topic, just reply to this one) and paste the logs for me to see
     
     
    So, run aswMBR and post the log, then run FRST, there will be a main log and also an Additions log, post them both


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 12 November 2014 - 08:35 PM

    Save all the logs to your desktop, Alice, reply to this topic by clicking on More Reply Options and attach the file then post



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #4 alifitz

    alifitz

      New Member

    • Authentic Member
    • Pip
    • 7 posts

    Posted 12 November 2014 - 08:43 PM

    Attached File  aswMBR.txt   1.21KB   63 downloads



    #5 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 12 November 2014 - 08:44 PM

    OK, do the same thing with FRST64



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #6 alifitz

    alifitz

      New Member

    • Authentic Member
    • Pip
    • 7 posts

    Posted 12 November 2014 - 09:05 PM

    Attached File  FRST.txt   56.67KB   150 downloads

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
    Ran by Alice (administrator) on ALICE-PC on 12-11-2014 21:56:22
    Running from C:\Users\Alice\Downloads
    Loaded Profile: Alice (Available profiles: Alice)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    (Google Inc.) C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
    () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe
    (Google Inc.) C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\Users\Alice\Downloads\aswMBR.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-17] (Symantec Corporation)
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-04] (Dell)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1014477673-2926293493-1085533744-1001\...\Run: [Google Update] => C:\Users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
    HKU\S-1-5-21-1014477673-2926293493-1085533744-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\5.2.0.13\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\5.2.0.13\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\5.2.0.13\buShell.dll (Symantec Corporation)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.co...=1054828859&ir=
    URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
    URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=
    SearchScopes: HKCU - {C57C4727-6270-4D5B-B78C-2BE7BBB43726} URL = http://asksearch.ask...={searchTerms}
    BHO: No Name -> {41534932-2D56-3600-76A7-7A786E7484D7} ->  No File
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-1014477673-2926293493-1085533744-1001 -> No Name - {41534932-2D56-3600-76A7-7A786E7484D7} -  No File
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://portal.ocfl....COL /relayp.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default
    FF DefaultSearchEngine: Ask Search
    FF SearchEngineOrder.1: Ask Search
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
    FF Plugin-x32: @renlearn.com/RLPrintPlugin,version=1.3.13.0 -> C:\Program Files (x86)\Renaissance Learning\RLPrintPlugin\npRLPrint.dll (Renaissance Learning Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alice\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alice\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: electronicarts.com/GameFacePlugin -> C:\Users\Alice\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
    FF user.js: detected! => C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default\user.js
    FF SearchPlugin: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default\searchplugins\ask-search.xml
    FF SearchPlugin: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default\searchplugins\Astromenda.xml
    FF Extension: Firefox Old Version Update Hotfix - C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-20]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn
    FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn [2011-06-09]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3 [2012-04-03]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-22]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ggfc_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBtA0F0DyEyEyDzzyC0DyEtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FzztD0F0FyC0EtGyEzyyCyEtGzzyE0AtBtGtD0DtDzztGyBtD0DyC0F0AyE0Czz0FyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyByD0BzyyDtAtGyC0E0A0AtGyEyBzy0FtGzz0CyB0CtGyC0EyCzz0C0FtB0DyB0AyByE2Q&cr=1054828859&ir=
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ggfc_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBtA0F0DyEyEyDzzyC0DyEtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FzztD0F0FyC0EtGyEzyyCyEtGzzyE0AtBtGtD0DtDzztGyBtD0DyC0F0AyE0Czz0FyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyByD0BzyyDtAtGyC0E0A0AtGyEyBzy0FtGzz0CyB0CtGyC0EyCzz0C0FtB0DyB0AyByE2Q&cr=1054828859&ir="
    CHR Profile: C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
    CHR Extension: (EnterDigital) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpoomjocjelojiflbhbplglmkggfcjgd [2014-11-10]
    CHR Extension: (Google Wallet) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR StartMenuInternet: Google Chrome - chrome.exe
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
    R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
    S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation)
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 MaintainerSvc6.37.565328; C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [123632 2014-11-12] ()
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
    S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [1156216 2011-11-14] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-09] (Symantec Corporation)
    R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111129.030\IDSvia64.sys [488568 2011-08-22] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111129.033\ENG64.SYS [117880 2011-08-03] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111129.033\EX64.SYS [2048632 2011-08-03] (Symantec Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\0502010.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
    R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-09] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
    S3 SymNetS; C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
    R1 {dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w64; C:\Windows\System32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w64.sys [48784 2014-11-09] (StdLib)
    U3 aswMBR; \??\C:\Users\Alice\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Users\Alice\AppData\Local\Temp\aswVmm.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-12 21:56 - 2014-11-12 21:59 - 00029472 _____ () C:\Users\Alice\Downloads\FRST.txt
    2014-11-12 21:55 - 2014-11-12 21:57 - 00000000 ____D () C:\FRST
    2014-11-12 21:54 - 2014-11-12 21:54 - 02116096 _____ (Farbar) C:\Users\Alice\Downloads\FRST64.exe
    2014-11-12 21:32 - 2014-11-12 21:32 - 00000791 _____ () C:\Users\Alice\Downloads\aswMBR.txt
    2014-11-12 21:25 - 2014-11-12 21:27 - 00001242 _____ () C:\Users\Alice\Desktop\aswMBR.txt
    2014-11-12 21:19 - 2014-11-12 21:19 - 05194752 _____ (AVAST Software) C:\Users\Alice\Downloads\aswMBR.exe
    2014-11-12 19:17 - 2014-11-12 19:17 - 00013126 _____ () C:\ProgramData\SMRResults430.dat
    2014-11-12 19:04 - 2014-11-12 19:04 - 00000000 ____D () C:\NPE
    2014-11-12 19:02 - 2014-11-12 19:02 - 00000000 _____ () C:\windows\SysWOW64\shoB2AC.tmp
    2014-11-12 19:01 - 2014-11-12 19:16 - 00000000 ____D () C:\Users\Alice\AppData\Local\NPE
    2014-11-12 19:01 - 2014-11-12 19:01 - 03060320 ____N (Symantec Corporation) C:\Users\Alice\Downloads\NPE.exe
    2014-11-12 18:50 - 2014-11-12 18:50 - 00230200 _____ (Fusion Install ) C:\Users\Alice\Downloads\flashplayerpro_Setup.exe
    2014-11-11 20:02 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-11 20:02 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-11 20:02 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-11-11 20:02 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-11 20:02 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-11-11 20:02 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-11 20:02 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-11 20:02 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-11 20:02 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-11 20:02 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-11 20:02 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-11 20:02 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-11 20:02 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-11 20:02 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-11 20:02 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-11 20:02 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-11 20:02 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-11-11 20:02 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-11 20:02 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-11 20:02 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-11 20:02 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-11 20:02 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-11 20:02 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-11 20:02 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-11 20:02 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-11 20:02 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-11 20:02 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-11 20:02 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-11 20:02 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-11 20:02 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-11 20:02 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-11 20:02 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-11 20:02 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-11 20:02 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-11 20:02 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-11 20:02 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-11 20:02 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-11 20:02 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-11 20:02 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-11 20:02 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-11-11 20:02 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-11 20:02 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-11 20:02 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-11 20:02 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-11 20:02 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-11 20:02 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-11 20:02 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-11 20:02 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-11 20:02 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-11-11 20:02 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-11 20:02 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-11 20:02 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-11 20:02 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-11 20:02 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-11 20:02 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-11 20:02 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-11 20:02 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-11 20:02 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-11 20:02 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-11 20:02 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-11 20:02 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
    2014-11-11 20:02 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-11 20:02 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-11 20:02 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-11 20:02 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-11-11 20:02 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-11-11 20:02 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-11 20:02 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-11 20:00 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-11 20:00 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-11 20:00 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-11 20:00 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-11 20:00 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-11 20:00 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-11 20:00 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-11 20:00 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2014-11-11 20:00 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-11 20:00 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-11-11 20:00 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-11 20:00 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-11-11 20:00 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
    2014-11-11 20:00 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
    2014-11-11 19:59 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-11 19:59 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-11 19:59 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-11 19:59 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-11 19:59 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-11 19:59 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-11 19:59 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-11 19:49 - 2014-11-11 19:49 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Norton Utilities 16
    2014-11-10 19:00 - 2014-11-12 19:00 - 00000274 _____ () C:\windows\SysWOW64\AppLog.log
    2014-11-10 18:28 - 2014-11-12 19:18 - 00000288 _____ () C:\windows\Tasks\NUAutoUpdate.job
    2014-11-10 18:28 - 2014-11-12 19:02 - 00000280 _____ () C:\windows\Tasks\NUSchedule.job
    2014-11-10 18:28 - 2014-11-10 18:28 - 00002856 _____ () C:\windows\System32\Tasks\NUSchedule
    2014-11-10 18:28 - 2014-11-10 18:28 - 00002524 _____ () C:\windows\System32\Tasks\NUAutoUpdate
    2014-11-10 18:28 - 2014-11-10 18:28 - 00000000 ____D () C:\Users\Alice\Documents\Norton Utilities 16
    2014-11-10 18:24 - 2014-11-10 18:24 - 00001225 _____ () C:\Users\Public\Desktop\Norton Utilities 16.lnk
    2014-11-10 18:24 - 2014-11-10 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
    2014-11-10 18:24 - 2014-11-10 18:24 - 00000000 ____D () C:\Program Files (x86)\Symantec
    2014-11-10 18:24 - 2014-01-17 05:13 - 00042624 _____ () C:\windows\system32\CleanMFT64.exe
    2014-11-10 18:24 - 2014-01-17 04:35 - 01101824 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBox210.ocx
    2014-11-10 18:24 - 2014-01-17 04:35 - 00880640 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBox10.ocx
    2014-11-10 18:24 - 2014-01-17 04:35 - 00506368 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml.dll
    2014-11-10 18:24 - 2014-01-17 04:35 - 00212992 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBoxVB12.ocx
    2014-11-10 18:24 - 2014-01-17 04:35 - 00044544 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml4a.dll
    2014-11-10 18:23 - 2014-11-10 18:24 - 00000000 ____D () C:\ProgramData\Symantec
    2014-11-10 18:23 - 2014-11-10 18:23 - 20120192 _____ (Symantec) C:\Users\Alice\Documents\nu-TW-16.0.2.14-SMUI.exe
    2014-11-10 18:23 - 2014-11-10 18:23 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Product_NU16
    2014-11-10 18:22 - 2014-11-10 18:23 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Download Manager
    2014-11-10 18:20 - 2014-11-10 18:20 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Tific
    2014-11-10 18:20 - 2014-11-10 18:20 - 00000000 ____D () C:\Users\Alice\AppData\Local\Symantec
    2014-11-10 18:18 - 2014-11-10 18:18 - 00000000 ____D () C:\Users\Alice\AppData\Local\Origin
    2014-11-10 18:10 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-11-10 18:10 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
    2014-11-10 18:10 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2014-11-10 18:10 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2014-11-10 18:09 - 2014-11-10 18:10 - 00005682 _____ () C:\windows\SysWOW64\jupdate-1.7.0_71-b14.log
    2014-11-10 17:59 - 2014-11-10 17:59 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-11-10 17:22 - 2014-11-04 14:30 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-11-09 11:38 - 2014-11-09 11:38 - 00022528 _____ () C:\Users\Alice\AppData\Local\316383646dsisetup3163856742.exe
    2014-11-09 11:38 - 2014-11-09 11:38 - 00000001 _____ () C:\Users\Alice\AppData\Local\DSI.DAT
    2014-11-09 09:47 - 2014-11-09 05:26 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w64.sys
    2014-11-07 22:15 - 2014-11-12 20:49 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
    2014-11-07 21:41 - 2014-11-10 16:30 - 00000130 _____ () C:\Users\Alice\AppData\Roaming\WB.CFG
    2014-11-07 20:41 - 2014-11-10 17:42 - 00000292 _____ () C:\windows\Tasks\Digital Sites.job
    2014-11-07 20:41 - 2014-11-07 20:42 - 00003232 _____ () C:\windows\System32\Tasks\Digital Sites
    2014-11-07 20:41 - 2014-11-07 20:41 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\DigitalSites
    2014-10-17 02:45 - 2014-10-17 02:45 - 00000000 _____ () C:\windows\SysWOW64\sho56DF.tmp
    2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
    2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
    2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
    2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
    2014-10-16 05:54 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
    2014-10-16 05:54 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
    2014-10-16 05:54 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
    2014-10-16 05:54 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
    2014-10-16 05:54 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
    2014-10-16 05:54 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
    2014-10-16 05:54 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls
    2014-10-16 05:54 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
    2014-10-16 05:54 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
    2014-10-16 05:54 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
    2014-10-16 05:54 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
    2014-10-16 05:54 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
    2014-10-16 05:54 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
    2014-10-16 05:54 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
    2014-10-16 05:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
    2014-10-16 05:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
    2014-10-16 05:52 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
    2014-10-16 05:52 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2014-10-16 05:52 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
    2014-10-16 05:52 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
    2014-10-16 05:52 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
    2014-10-16 05:52 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
    2014-10-16 05:52 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
    2014-10-16 05:52 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
    2014-10-16 05:52 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
    2014-10-16 05:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
    2014-10-16 05:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
    2014-10-16 05:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
    2014-10-16 05:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
    2014-10-16 05:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
    2014-10-16 05:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-12 21:48 - 2011-06-11 13:35 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-12 21:43 - 2012-06-13 09:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-11-12 21:21 - 2011-09-03 18:05 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001UA.job
    2014-11-12 21:17 - 2011-04-18 14:16 - 01422665 _____ () C:\windows\WindowsUpdate.log
    2014-11-12 21:08 - 2009-07-13 23:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-12 21:08 - 2009-07-13 23:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-12 19:23 - 2009-07-14 00:13 - 00789658 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-11-12 19:20 - 2011-09-03 17:45 - 00000420 _____ () C:\windows\Tasks\PC Health Advisor Startup.job
    2014-11-12 19:19 - 2013-02-13 15:28 - 00028277 _____ () C:\windows\AutoKMS.log
    2014-11-12 19:19 - 2013-02-13 09:04 - 00000200 _____ () C:\windows\Tasks\AutoKMS.job
    2014-11-12 19:19 - 2011-06-03 15:37 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
    2014-11-12 19:19 - 2011-06-03 15:37 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
    2014-11-12 19:19 - 2011-04-18 15:10 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-11-12 19:18 - 2012-07-20 05:57 - 00000494 _____ () C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
    2014-11-12 19:18 - 2011-09-09 20:38 - 00026856 _____ () C:\windows\setupact.log
    2014-11-12 19:18 - 2011-06-11 13:35 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-12 19:18 - 2011-04-18 14:43 - 00000000 ____D () C:\ProgramData\Temp
    2014-11-12 19:18 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-11-12 19:01 - 2011-06-05 13:30 - 00000000 ____D () C:\ProgramData\Norton
    2014-11-12 18:00 - 2011-09-03 17:45 - 00000468 _____ () C:\windows\Tasks\ParetoLogic Registration3.job
    2014-11-12 06:35 - 2011-06-03 14:36 - 00127208 _____ () C:\Users\Alice\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-12 06:35 - 2011-04-18 14:48 - 00000000 ____D () C:\ProgramData\Sonic
    2014-11-12 03:41 - 2009-07-13 23:45 - 00463888 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-12 03:38 - 2014-05-07 02:01 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-12 03:37 - 2011-09-03 17:45 - 00000400 _____ () C:\windows\Tasks\PC Health Advisor Defrag.job
    2014-11-12 03:21 - 2013-02-13 08:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-12 03:14 - 2013-07-14 02:01 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-12 03:06 - 2011-07-12 23:42 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-12 01:34 - 2011-09-03 18:05 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001Core.job
    2014-11-11 20:43 - 2012-06-13 09:36 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-11 20:43 - 2012-06-13 09:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-11 20:43 - 2011-07-12 23:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-10 18:18 - 2011-06-07 18:47 - 00000000 ____D () C:\ProgramData\Origin
    2014-11-10 18:10 - 2013-11-02 20:24 - 00000000 ____D () C:\ProgramData\Oracle
    2014-11-10 18:10 - 2012-08-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-11-10 18:05 - 2011-06-11 13:38 - 00000000 ____D () C:\Users\Alice\AppData\Local\Adobe
    2014-11-10 17:59 - 2011-04-18 14:30 - 00365234 _____ () C:\windows\PFRO.log
    2014-11-10 17:56 - 2013-06-12 17:26 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
    2014-11-10 16:36 - 2009-07-13 21:34 - 00000647 _____ () C:\windows\win.ini
    2014-11-10 16:31 - 2012-07-20 05:57 - 00000382 _____ () C:\windows\Tasks\PC Health Advisor.job
    2014-11-08 23:56 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\GroupPolicy
    2014-11-08 19:47 - 2012-01-18 07:07 - 00000346 _____ () C:\windows\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445.job
    2014-11-07 20:41 - 2013-06-25 19:57 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-11-07 20:41 - 2011-09-03 18:06 - 00002372 _____ () C:\Users\Alice\Desktop\Google Chrome.lnk
    2014-11-07 06:40 - 2011-09-03 17:45 - 00000442 _____ () C:\windows\Tasks\ParetoLogic Update Version3.job
    2014-11-06 06:48 - 2011-06-07 19:35 - 00000000 ____D () C:\Users\Alice\AppData\Local\CrashDumps
    2014-10-23 14:42 - 2011-06-11 13:35 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-23 14:42 - 2011-06-11 13:35 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-17 21:18 - 2011-06-11 13:37 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
    2014-10-17 21:18 - 2011-04-18 15:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-10-17 21:16 - 2011-09-03 18:05 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001UA
    2014-10-17 21:16 - 2011-09-03 18:05 - 00003482 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001Core
    2014-10-17 02:48 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
     
    Files to move or delete:
    ====================
    C:\ProgramData\SMRResults430.dat
     
     
    Some content of TEMP:
    ====================
    C:\Users\Alice\AppData\Local\Temp\drm_dyndata_7330014.dll
    C:\Users\Alice\AppData\Local\Temp\eauninstall.exe
    C:\Users\Alice\AppData\Local\Temp\First15.exe
    C:\Users\Alice\AppData\Local\Temp\jigsawboom2-510007622-setup.s510007622.c110268333.len.u.dl.exe
    C:\Users\Alice\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
    C:\Users\Alice\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\Alice\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Alice\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Alice\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
    C:\Users\Alice\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Alice\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
    C:\Users\Alice\AppData\Local\Temp\Relay.dll
    C:\Users\Alice\AppData\Local\Temp\RelayL.dll
    C:\Users\Alice\AppData\Local\Temp\rootsupd.exe
    C:\Users\Alice\AppData\Local\Temp\The Sims 2_uninst.exe
    C:\Users\Alice\AppData\Local\Temp\Update.exe
    C:\Users\Alice\AppData\Local\Temp\VP6Install.exe
    C:\Users\Alice\AppData\Local\Temp\VP6VFW.dll
    C:\Users\Alice\AppData\Local\Temp\{9611D4C6-014D-4877-92B8-A53FCD55BE0D}-GoogleUpdateB6998767.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-10-01 02:36
     
    ==================== End Of Log ============================


    #7 alifitz

    alifitz

      New Member

    • Authentic Member
    • Pip
    • 7 posts

    Posted 12 November 2014 - 09:07 PM



    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 12 November 2014 - 09:12 PM

    Alice, your infected with Astromenda , hang off on the Additions log for now, I need you to run three programs, run them in the order listed, if the first one wont run the skip to the next one.  

     

     


     
    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
     
    Do not click on any links in the top Advertisment.
     
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 14 November 2014 - 05:44 AM

    When you can, post the logs from AdwCleaner, Junkware Removal and Malwarebytes

     

    AdwCleaner and Junkware should be on your desktop

     

    Here is how to find the log from Malwarebytes if you didn't save it

     

     

    1. Open up Malwarebytes 
    2. Go to the History Tab
    3. Click on Application Logs
    4. Click on the last Scan Log you just ran
    5. Click on View
    6. Then on the Bottom click on Copy to Clipboard
    7. Then paste it into this thread


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 14 November 2014 - 07:51 PM

    Alice, I  need you to run a new scan with FRST, be sure to checkmark Additions and post both logs and I will work up a fix for you

     

    You can run this tool, it wont remove the infection but will calm it down so we can run other scans and tools

     

     
    • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.
  •  
     
     
    Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
     
    Run rkill repeatedly until it's able to do it's job. This may take a few tries.
     
    You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 alifitz

    alifitz

      New Member

    • Authentic Member
    • Pip
    • 7 posts

    Posted 15 November 2014 - 08:13 AM

    Attached File  FRST.txt   56.13KB   69 downloads

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
    Ran by Alice (administrator) on ALICE-PC on 15-11-2014 09:08:11
    Running from C:\Users\Alice\Downloads
    Loaded Profile: Alice (Available profiles: Alice)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\wbengine.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\EACoreServer.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-17] (Symantec Corporation)
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-04] (Dell)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1014477673-2926293493-1085533744-1001\...\Run: [Google Update] => C:\Users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
    HKU\S-1-5-21-1014477673-2926293493-1085533744-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\5.2.0.13\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\5.2.0.13\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\5.2.0.13\buShell.dll (Symantec Corporation)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
    URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
    BHO: No Name -> {41534932-2D56-3600-76A7-7A786E7484D7} ->  No File
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-1014477673-2926293493-1085533744-1001 -> No Name - {41534932-2D56-3600-76A7-7A786E7484D7} -  No File
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://portal.ocfl....COL /relayp.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default
    FF DefaultSearchEngine: Ask Search
    FF SearchEngineOrder.1: Ask Search
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
    FF Plugin-x32: @renlearn.com/RLPrintPlugin,version=1.3.13.0 -> C:\Program Files (x86)\Renaissance Learning\RLPrintPlugin\npRLPrint.dll (Renaissance Learning Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alice\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alice\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: electronicarts.com/GameFacePlugin -> C:\Users\Alice\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
    FF Extension: Firefox Old Version Update Hotfix - C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-20]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn
    FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn [2011-06-09]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3 [2012-04-03]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-22]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ggfc_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBtA0F0DyEyEyDzzyC0DyEtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FzztD0F0FyC0EtGyEzyyCyEtGzzyE0AtBtGtD0DtDzztGyBtD0DyC0F0AyE0Czz0FyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyByD0BzyyDtAtGyC0E0A0AtGyEyBzy0FtGzz0CyB0CtGyC0EyCzz0C0FtB0DyB0AyByE2Q&cr=1054828859&ir=
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ggfc_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBtA0F0DyEyEyDzzyC0DyEtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FzztD0F0FyC0EtGyEzyyCyEtGzzyE0AtBtGtD0DtDzztGyBtD0DyC0F0AyE0Czz0FyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyByD0BzyyDtAtGyC0E0A0AtGyEyBzy0FtGzz0CyB0CtGyC0EyCzz0C0FtB0DyB0AyByE2Q&cr=1054828859&ir="
    CHR Profile: C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
    CHR Extension: (EnterDigital) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpoomjocjelojiflbhbplglmkggfcjgd [2014-11-10]
    CHR Extension: (Google Wallet) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR StartMenuInternet: Google Chrome - chrome.exe
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
    R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
    S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation)
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
    S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools)
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [1156216 2011-11-14] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-09] (Symantec Corporation)
    R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111129.030\IDSvia64.sys [488568 2011-08-22] (Symantec Corporation)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-15] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111129.033\ENG64.SYS [117880 2011-08-03] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111129.033\EX64.SYS [2048632 2011-08-03] (Symantec Corporation)
    U0 rvfgmgl; C:\Windows\System32\drivers\rrnjubqj.sys [79064 2014-11-14] (Malwarebytes Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\0502010.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
    R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-09] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
    S3 SymNetS; C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
    U3 aswMBR; \??\C:\Users\Alice\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Users\Alice\AppData\Local\Temp\aswVmm.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-15 09:08 - 2014-11-15 09:08 - 00000000 ____D () C:\Users\Alice\Downloads\FRST-OlderVersion
    2014-11-14 19:11 - 2014-11-14 19:11 - 00148992 _____ () C:\Users\Alice\Desktop\Mal.txt
    2014-11-14 19:09 - 2014-11-14 19:09 - 00009132 _____ () C:\Users\Alice\Desktop\AdwCleaner[R2].txt
    2014-11-14 19:05 - 2014-11-14 19:05 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\rrnjubqj.sys
    2014-11-14 19:05 - 2014-11-14 19:05 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\DriverCure
    2014-11-13 16:31 - 2014-11-15 08:45 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-13 16:30 - 2014-11-13 16:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-13 16:30 - 2014-11-13 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-13 16:30 - 2014-11-13 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-13 16:30 - 2014-11-13 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-13 16:30 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-11-13 16:30 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-11-13 16:30 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-11-13 16:27 - 2014-11-13 16:28 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Alice\Downloads\mbam-setup-2.0.3.1025 (2).exe
    2014-11-13 16:27 - 2014-11-13 16:28 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Alice\Downloads\mbam-setup-2.0.3.1025 (1).exe
    2014-11-13 16:27 - 2014-11-13 16:27 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Alice\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-13 16:26 - 2014-11-13 16:26 - 01178944 _____ (Kromtech) C:\Users\Alice\Downloads\PCKeeper Installer.exe
    2014-11-13 16:24 - 2014-11-13 16:25 - 00003262 _____ () C:\Users\Alice\Desktop\JRT.txt
    2014-11-13 16:19 - 2014-11-13 16:19 - 01706808 _____ (Thisisu) C:\Users\Alice\Downloads\JRT.exe
    2014-11-13 16:19 - 2014-11-13 16:19 - 00000000 ____D () C:\windows\ERUNT
    2014-11-13 16:12 - 2014-11-13 16:13 - 00001172 _____ () C:\Users\Alice\Desktop\AdwCleaner - Shortcut.lnk
    2014-11-13 16:09 - 2014-11-14 19:08 - 00000000 ____D () C:\AdwCleaner
    2014-11-13 16:08 - 2014-11-13 16:09 - 02140160 _____ () C:\Users\Alice\Downloads\AdwCleaner.exe
    2014-11-12 22:00 - 2014-11-12 22:01 - 00040088 _____ () C:\Users\Alice\Downloads\Addition.txt
    2014-11-12 21:56 - 2014-11-15 09:08 - 00027810 _____ () C:\Users\Alice\Downloads\FRST.txt
    2014-11-12 21:55 - 2014-11-15 09:08 - 00000000 ____D () C:\FRST
    2014-11-12 21:54 - 2014-11-15 09:08 - 02116608 _____ (Farbar) C:\Users\Alice\Downloads\FRST64.exe
    2014-11-12 21:32 - 2014-11-12 21:32 - 00000791 _____ () C:\Users\Alice\Downloads\aswMBR.txt
    2014-11-12 21:25 - 2014-11-12 21:27 - 00001242 _____ () C:\Users\Alice\Desktop\aswMBR.txt
    2014-11-12 21:19 - 2014-11-12 21:19 - 05194752 _____ (AVAST Software) C:\Users\Alice\Downloads\aswMBR.exe
    2014-11-12 19:17 - 2014-11-12 19:17 - 00013126 _____ () C:\ProgramData\SMRResults430.dat
    2014-11-12 19:04 - 2014-11-12 19:04 - 00000000 ____D () C:\NPE
    2014-11-12 19:02 - 2014-11-12 19:02 - 00000000 _____ () C:\windows\SysWOW64\shoB2AC.tmp
    2014-11-12 19:01 - 2014-11-12 19:16 - 00000000 ____D () C:\Users\Alice\AppData\Local\NPE
    2014-11-12 19:01 - 2014-11-12 19:01 - 03060320 ____N (Symantec Corporation) C:\Users\Alice\Downloads\NPE.exe
    2014-11-11 20:02 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-11 20:02 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-11 20:02 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-11-11 20:02 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-11 20:02 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-11-11 20:02 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-11 20:02 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-11 20:02 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-11 20:02 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-11 20:02 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-11 20:02 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-11 20:02 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-11 20:02 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-11 20:02 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-11 20:02 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-11 20:02 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-11 20:02 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-11-11 20:02 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-11 20:02 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-11 20:02 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-11 20:02 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-11 20:02 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-11 20:02 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-11 20:02 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-11 20:02 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-11 20:02 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-11 20:02 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-11 20:02 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-11 20:02 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-11 20:02 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-11 20:02 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-11 20:02 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-11 20:02 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-11 20:02 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-11 20:02 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-11 20:02 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-11 20:02 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-11 20:02 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-11 20:02 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-11 20:02 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-11-11 20:02 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-11 20:02 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-11 20:02 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-11 20:02 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-11 20:02 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-11 20:02 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-11 20:02 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-11 20:02 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-11 20:02 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-11-11 20:02 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-11 20:02 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-11 20:02 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-11 20:02 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-11 20:02 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-11 20:02 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-11 20:02 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-11 20:02 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-11 20:02 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-11 20:02 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-11 20:02 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-11 20:02 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
    2014-11-11 20:02 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-11 20:02 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-11 20:02 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-11 20:02 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-11-11 20:02 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-11-11 20:02 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-11 20:02 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-11 20:00 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-11 20:00 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-11 20:00 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-11 20:00 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-11 20:00 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-11 20:00 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-11 20:00 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-11 20:00 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-11-11 20:00 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2014-11-11 20:00 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2014-11-11 20:00 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-11 20:00 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-11-11 20:00 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-11 20:00 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-11-11 20:00 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
    2014-11-11 20:00 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
    2014-11-11 19:59 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-11 19:59 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-11 19:59 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-11 19:59 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-11 19:59 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-11 19:59 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-11 19:59 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-11 19:49 - 2014-11-11 19:49 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Norton Utilities 16
    2014-11-10 19:00 - 2014-11-14 19:07 - 00000406 _____ () C:\windows\SysWOW64\AppLog.log
    2014-11-10 18:28 - 2014-11-14 19:07 - 00000280 _____ () C:\windows\Tasks\NUSchedule.job
    2014-11-10 18:28 - 2014-11-12 19:18 - 00000288 _____ () C:\windows\Tasks\NUAutoUpdate.job
    2014-11-10 18:28 - 2014-11-10 18:28 - 00002856 _____ () C:\windows\System32\Tasks\NUSchedule
    2014-11-10 18:28 - 2014-11-10 18:28 - 00002524 _____ () C:\windows\System32\Tasks\NUAutoUpdate
    2014-11-10 18:28 - 2014-11-10 18:28 - 00000000 ____D () C:\Users\Alice\Documents\Norton Utilities 16
    2014-11-10 18:24 - 2014-11-10 18:24 - 00001225 _____ () C:\Users\Public\Desktop\Norton Utilities 16.lnk
    2014-11-10 18:24 - 2014-11-10 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16
    2014-11-10 18:24 - 2014-11-10 18:24 - 00000000 ____D () C:\Program Files (x86)\Symantec
    2014-11-10 18:24 - 2014-01-17 05:13 - 00042624 _____ () C:\windows\system32\CleanMFT64.exe
    2014-11-10 18:24 - 2014-01-17 04:35 - 01101824 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBox210.ocx
    2014-11-10 18:24 - 2014-01-17 04:35 - 00880640 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBox10.ocx
    2014-11-10 18:24 - 2014-01-17 04:35 - 00506368 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml.dll
    2014-11-10 18:24 - 2014-01-17 04:35 - 00212992 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBoxVB12.ocx
    2014-11-10 18:24 - 2014-01-17 04:35 - 00044544 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml4a.dll
    2014-11-10 18:23 - 2014-11-10 18:24 - 00000000 ____D () C:\ProgramData\Symantec
    2014-11-10 18:23 - 2014-11-10 18:23 - 20120192 _____ (Symantec) C:\Users\Alice\Documents\nu-TW-16.0.2.14-SMUI.exe
    2014-11-10 18:23 - 2014-11-10 18:23 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Product_NU16
    2014-11-10 18:22 - 2014-11-10 18:23 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Download Manager
    2014-11-10 18:20 - 2014-11-10 18:20 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Tific
    2014-11-10 18:20 - 2014-11-10 18:20 - 00000000 ____D () C:\Users\Alice\AppData\Local\Symantec
    2014-11-10 18:18 - 2014-11-10 18:18 - 00000000 ____D () C:\Users\Alice\AppData\Local\Origin
    2014-11-10 18:10 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-11-10 18:10 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
    2014-11-10 18:10 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2014-11-10 18:10 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2014-11-10 18:09 - 2014-11-10 18:10 - 00005682 _____ () C:\windows\SysWOW64\jupdate-1.7.0_71-b14.log
    2014-11-10 17:59 - 2014-11-10 17:59 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-11-10 17:22 - 2014-11-04 14:30 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-11-09 11:38 - 2014-11-09 11:38 - 00022528 _____ () C:\Users\Alice\AppData\Local\316383646dsisetup3163856742.exe
    2014-11-09 11:38 - 2014-11-09 11:38 - 00000001 _____ () C:\Users\Alice\AppData\Local\DSI.DAT
    2014-11-07 22:15 - 2014-11-13 16:21 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
    2014-11-07 21:41 - 2014-11-10 16:30 - 00000130 _____ () C:\Users\Alice\AppData\Roaming\WB.CFG
    2014-11-07 20:41 - 2014-11-14 19:05 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\DigitalSites
    2014-11-07 20:41 - 2014-11-10 17:42 - 00000292 _____ () C:\windows\Tasks\Digital Sites.job
    2014-11-07 20:41 - 2014-11-07 20:42 - 00003232 _____ () C:\windows\System32\Tasks\Digital Sites
    2014-10-17 02:45 - 2014-10-17 02:45 - 00000000 _____ () C:\windows\SysWOW64\sho56DF.tmp
    2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
    2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
    2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
    2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
    2014-10-16 05:54 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
    2014-10-16 05:54 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
    2014-10-16 05:54 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
    2014-10-16 05:54 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
    2014-10-16 05:54 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
    2014-10-16 05:54 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
    2014-10-16 05:54 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls
    2014-10-16 05:54 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
    2014-10-16 05:54 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
    2014-10-16 05:54 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
    2014-10-16 05:54 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
    2014-10-16 05:54 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
    2014-10-16 05:54 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
    2014-10-16 05:54 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
    2014-10-16 05:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
    2014-10-16 05:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
    2014-10-16 05:52 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
    2014-10-16 05:52 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2014-10-16 05:52 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
    2014-10-16 05:52 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
    2014-10-16 05:52 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
    2014-10-16 05:52 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
    2014-10-16 05:52 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
    2014-10-16 05:52 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
    2014-10-16 05:52 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
    2014-10-16 05:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
    2014-10-16 05:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
    2014-10-16 05:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
    2014-10-16 05:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
    2014-10-16 05:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
    2014-10-16 05:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-15 08:56 - 2011-09-03 18:05 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001UA.job
    2014-11-15 08:56 - 2011-09-03 18:05 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001Core.job
    2014-11-15 08:51 - 2012-01-18 07:07 - 00000346 _____ () C:\windows\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445.job
    2014-11-15 08:51 - 2011-09-03 18:05 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001UA
    2014-11-15 08:51 - 2011-09-03 18:05 - 00003482 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001Core
    2014-11-15 08:47 - 2011-06-11 13:35 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-15 08:45 - 2012-06-13 09:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-11-15 08:45 - 2011-04-18 14:16 - 01471307 _____ () C:\windows\WindowsUpdate.log
    2014-11-14 19:12 - 2011-06-11 13:35 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-14 19:07 - 2011-04-18 14:43 - 00000000 ____D () C:\ProgramData\Temp
    2014-11-14 19:06 - 2012-07-20 05:57 - 00000382 _____ () C:\windows\Tasks\PC Health Advisor.job
    2014-11-14 19:06 - 2011-09-03 17:45 - 00000442 _____ () C:\windows\Tasks\ParetoLogic Update Version3.job
    2014-11-14 19:05 - 2011-09-03 17:45 - 00000468 _____ () C:\windows\Tasks\ParetoLogic Registration3.job
    2014-11-14 19:05 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Branding
    2014-11-13 06:56 - 2009-07-13 23:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-13 06:56 - 2009-07-13 23:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-13 06:46 - 2009-07-14 00:13 - 00789658 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-11-12 19:20 - 2011-09-03 17:45 - 00000420 _____ () C:\windows\Tasks\PC Health Advisor Startup.job
    2014-11-12 19:19 - 2013-02-13 15:28 - 00028277 _____ () C:\windows\AutoKMS.log
    2014-11-12 19:19 - 2013-02-13 09:04 - 00000200 _____ () C:\windows\Tasks\AutoKMS.job
    2014-11-12 19:19 - 2011-06-03 15:37 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
    2014-11-12 19:19 - 2011-06-03 15:37 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
    2014-11-12 19:19 - 2011-04-18 15:10 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-11-12 19:18 - 2012-07-20 05:57 - 00000494 _____ () C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
    2014-11-12 19:18 - 2011-09-09 20:38 - 00026856 _____ () C:\windows\setupact.log
    2014-11-12 19:18 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-11-12 19:01 - 2011-06-05 13:30 - 00000000 ____D () C:\ProgramData\Norton
    2014-11-12 06:35 - 2011-06-03 14:36 - 00127208 _____ () C:\Users\Alice\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-12 06:35 - 2011-04-18 14:48 - 00000000 ____D () C:\ProgramData\Sonic
    2014-11-12 03:41 - 2009-07-13 23:45 - 00463888 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-12 03:38 - 2014-05-07 02:01 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-12 03:37 - 2011-09-03 17:45 - 00000400 _____ () C:\windows\Tasks\PC Health Advisor Defrag.job
    2014-11-12 03:21 - 2013-02-13 08:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-12 03:14 - 2013-07-14 02:01 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-12 03:06 - 2011-07-12 23:42 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-11 20:43 - 2012-06-13 09:36 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-11 20:43 - 2012-06-13 09:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-11 20:43 - 2011-07-12 23:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-10 18:18 - 2011-06-07 18:47 - 00000000 ____D () C:\ProgramData\Origin
    2014-11-10 18:10 - 2013-11-02 20:24 - 00000000 ____D () C:\ProgramData\Oracle
    2014-11-10 18:10 - 2012-08-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-11-10 18:05 - 2011-06-11 13:38 - 00000000 ____D () C:\Users\Alice\AppData\Local\Adobe
    2014-11-10 17:59 - 2011-04-18 14:30 - 00365234 _____ () C:\windows\PFRO.log
    2014-11-10 16:36 - 2009-07-13 21:34 - 00000647 _____ () C:\windows\win.ini
    2014-11-08 23:56 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\GroupPolicy
    2014-11-07 20:41 - 2013-06-25 19:57 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-11-07 20:41 - 2011-09-03 18:06 - 00002372 _____ () C:\Users\Alice\Desktop\Google Chrome.lnk
    2014-11-06 06:48 - 2011-06-07 19:35 - 00000000 ____D () C:\Users\Alice\AppData\Local\CrashDumps
    2014-10-23 14:42 - 2011-06-11 13:35 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-23 14:42 - 2011-06-11 13:35 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-17 21:18 - 2011-06-11 13:37 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
    2014-10-17 21:18 - 2011-04-18 15:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-10-17 02:48 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
     
    Files to move or delete:
    ====================
    C:\ProgramData\SMRResults430.dat
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-10-01 02:36
     
    ==================== End Of Log ============================


    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 15 November 2014 - 08:18 AM

    Disregard the fix in my prior post, waiting for the additions log, it should be on your desktop



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 alifitz

    alifitz

      New Member

    • Authentic Member
    • Pip
    • 7 posts

    Posted 15 November 2014 - 08:31 AM

    Attached File  Addition.txt   33.74KB   106 downloads

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
    Ran by Alice at 2014-11-15 09:29:15
    Running from C:\Users\Alice\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Norton 360 (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton 360 (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04059 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059 - Cisco Systems, Inc.) Hidden
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
    Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
    Dell MusicStage (HKLM-x32\...\{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}) (Version: 1.3.31.0 - Fingertapps)
    Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.19 - ArcSoft)
    Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
    Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.219 - ALPS ELECTRIC CO., LTD.)
    Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1011 - CyberLink Corp.)
    Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.) Hidden
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    DJ_AIO_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
    DJ_AIO_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
    DJ_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
    EA SPORTS Game Face Browser Plugin 1.5.3.0 (HKU\S-1-5-21-1014477673-2926293493-1085533744-1001\...\EA SPORTS Game Face Browser Plugin) (Version: 1.5.3.0 - Electronic Arts)
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    Elevated Installer (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
    F4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
    F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
    Garmin Express (HKLM-x32\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Google Chrome (HKU\S-1-5-21-1014477673-2926293493-1085533744-1001\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation)
    Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
    Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
    Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
    Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
    Java™ 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
    Jigsaw Boom2 (HKLM-x32\...\510007622) (Version:  - Oberon Media)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Norton 360 (HKLM-x32\...\N360) (Version: 5.2.0.13 - Symantec Corporation)
    Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 8.1.0.1556 - Electronic Arts, Inc.)
    ParetoLogic PC Health Advisor (HKLM-x32\...\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}) (Version: 3.1.6.0 - ParetoLogic, Inc.)
    PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
    RLPrintPlugin (HKLM-x32\...\{083F59BD-164C-42BE-B800-F113BD1F0E95}) (Version: 1.3.14 - Renaissance Learning)
    Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
    Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
    Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
    Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.26.89 - Electronic Arts)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
    The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
    The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
    TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
    Unity Web Player (HKU\S-1-5-21-1014477673-2926293493-1085533744-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
    UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-1014477673-2926293493-1085533744-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Alice\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1014477673-2926293493-1085533744-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alice\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
     
    ==================== Restore Points  =========================
     
    12-11-2014 08:02:39 Windows Update
    13-11-2014 00:14:11 Norton_Power_Eraser_20141112191410974
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {249AFC54-103C-4F28-8592-8653B936B9CB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {37EEF4E4-20C9-48CB-B445-88E083EFCFBA} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
    Task: {3CD400CB-A6B2-4BB9-9A5E-273977C7AB6A} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
    Task: {40E58B42-8857-4D81-AD54-3CF5AAFA34C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
    Task: {4A0FE597-C424-494C-8417-CADD589BA8F7} - System32\Tasks\Symantec\Norton Error Analyzer 5.2.0.13 => C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\SymErr.exe [2012-01-27] (Symantec Corporation)
    Task: {600D8CE0-F137-4B59-90F2-39F8FDE6A3AC} - System32\Tasks\PC Health Advisor Startup => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25] (ParetoLogic, Inc.)
    Task: {67D47B89-6A1B-4C48-8A3C-EA048E3AA8AD} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2014-01-17] (Symantec)
    Task: {6E97D24D-B6E9-4AA8-BDCD-C834C0E2E198} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
    Task: {827DB2AE-8E44-40B0-8A7E-30794CC23648} - System32\Tasks\PC Health Advisor Defrag => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25] (ParetoLogic, Inc.)
    Task: {8AE4AD89-1FF3-4219-8052-D7A1EC801DB0} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2014-01-17] (Symantec)
    Task: {8EF8A429-02A2-42DC-B71C-C38FF66C574A} - System32\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445 => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25] (ParetoLogic, Inc.)
    Task: {8FF66D4B-88B3-4B72-8D09-865BF5128D8B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001Core => C:\Users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
    Task: {990172CC-D074-4433-8ADD-00F3660DFEF3} - System32\Tasks\Digital Sites => C:\Users\Alice\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {9C480892-0AF0-4BAF-926A-B9A1037C3F01} - System32\Tasks\PC Health Advisor => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25] (ParetoLogic, Inc.)
    Task: {B6B788CB-3DB6-4877-A391-9200C7A89AD1} - System32\Tasks\Symantec\Norton Error Processor 5.2.0.13 => C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\SymErr.exe [2012-01-27] (Symantec Corporation)
    Task: {B8369989-52F0-4542-A8DF-DD2280088317} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
    Task: {F1E140C9-C74B-4D7A-A815-A77FD2BB0AFE} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
    Task: {F5D45740-26AF-4D0E-9422-D9BEEE383E4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
    Task: {FE60F8A9-08D5-4B03-9F9E-F882EEBE39D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001UA => C:\Users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
    Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Alice\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001Core.job => C:\Users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001UA.job => C:\Users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe
    Task: C:\windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe
    Task: C:\windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
    Task: C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    Task: C:\windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    Task: C:\windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
    Task: C:\windows\Tasks\PC Health Advisor Startup.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
    Task: C:\windows\Tasks\PC Health Advisor.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
    Task: C:\windows\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2011-04-18 15:10 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2011-04-18 16:54 - 2011-01-07 19:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-06-19 10:00 - 2013-06-19 10:00 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
    2014-10-17 03:06 - 2014-10-17 03:06 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
    2011-04-18 14:32 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Users\Alice\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Alice\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Alice\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Alice\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Alice\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Alice\Desktop\3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Alice\Desktop\4.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Alice\Desktop\4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\ProgramData\Temp:2BBEE393
    AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1014477673-2926293493-1085533744-500 - Administrator - Disabled)
    Alice (S-1-5-21-1014477673-2926293493-1085533744-1001 - Administrator - Enabled) => C:\Users\Alice
    Guest (S-1-5-21-1014477673-2926293493-1085533744-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1014477673-2926293493-1085533744-1002 - Limited - Enabled)
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (11/15/2014 08:55:17 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    Error: (11/15/2014 08:55:17 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    Error: (11/15/2014 08:47:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: maintainer.exe, version: 0.0.0.0, time stamp: 0x00000000
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x000401b8
    Faulting process id: 0x25ac
    Faulting application start time: 0xmaintainer.exe0
    Faulting application path: maintainer.exe1
    Faulting module path: maintainer.exe2
    Report Id: maintainer.exe3
     
    Error: (11/14/2014 07:05:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    Error: HTTP status 404: The requested URL does not exist on the server.
     ErrorCode: 14007(0x36b7).
     
     
    System errors:
    =============
    Error: (11/15/2014 08:47:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MaintainerSvc6.37.565328 service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (11/15/2014 00:18:47 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
     
    Error: (11/13/2014 10:22:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 10. The internal error state is 10.
     
    Error: (11/13/2014 09:52:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 10. The internal error state is 10.
     
    Error: (11/13/2014 09:50:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
     
    Error: (11/13/2014 09:31:33 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
     
    Error: (11/13/2014 09:31:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 10. The internal error state is 10.
     
    Error: (11/13/2014 09:30:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (11/15/2014 08:55:17 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
     
    Error: (11/15/2014 08:55:17 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
     
    Error: (11/15/2014 08:47:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: maintainer.exe0.0.0.000000000ntdll.dll6.1.7601.18247521ea8e7c0000005000401b825ac01cfff87d51c1c4cC:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exeC:\windows\SysWOW64\ntdll.dlle3e85a1f-6ccd-11e4-8999-bc77373fd445
     
    Error: (11/14/2014 07:05:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Error: HTTP status 404: The requested URL does not exist on the server.
     ErrorCode: 14007(0x36b7).
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
    Percentage of memory in use: 43%
    Total physical RAM: 2979.18 MB
    Available physical RAM: 1686.36 MB
    Total Pagefile: 5956.53 MB
    Available Pagefile: 3756.3 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:202.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5042F317)
    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================


    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 15 November 2014 - 09:22 AM

    Alice,
     
     
    C:\Users\Alice\Downloads <-- This where you have FRST64 , I am attaching a file, save it to the same directory as where you have FRST64 or the fix wont work
     
    After you download Fixlist.txt to your download folder, then open up FRST64 and click on FIX, it will reboot your computer and then on the desktop you should have a Fixlog.txt log, post it for me to see

    Attached Files



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 alifitz

    alifitz

      New Member

    • Authentic Member
    • Pip
    • 7 posts

    Posted 15 November 2014 - 10:34 AM

    Attached File  Fixlog.txt   11.36KB   123 downloads

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
    Ran by Alice at 2014-11-15 11:20:29 Run:1
    Running from C:\Users\Alice\Downloads
    Loaded Profile: Alice (Available profiles: Alice)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=
    BHO: No Name -> {41534932-2D56-3600-76A7-7A786E7484D7} ->  No File
    FF DefaultSearchEngine: Ask Search
    FF SearchEngineOrder.1: Ask Search
    CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ggfc_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBtA0F0DyEyEyDzzyC0DyEtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FzztD0F0FyC0EtGyEzyyCyEtGzzyE0AtBtGtD0DtDzztGyBtD0DyC0F0AyE0Czz0FyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyByD0BzyyDtAtGyC0E0A0AtGyEyBzy0FtGzz0CyB0CtGyC0EyCzz0C0FtB0DyB0AyByE2Q&cr=1054828859&ir=
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ggfc_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBtA0F0DyEyEyDzzyC0DyEtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FzztD0F0FyC0EtGyEzyyCyEtGzzyE0AtBtGtD0DtDzztGyBtD0DyC0F0AyE0Czz0FyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyByD0BzyyDtAtGyC0E0A0AtGyEyBzy0FtGzz0CyB0CtGyC0EyCzz0C0FtB0DyB0AyByE2Q&cr=1054828859&ir="
    2014-11-14 19:05 - 2014-11-14 19:05 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\DriverCure
    2014-11-13 16:26 - 2014-11-13 16:26 - 01178944 _____ (Kromtech) C:\Users\Alice\Downloads\PCKeeper Installer.exe
    2014-11-15 08:51 - 2012-01-18 07:07 - 00000346 _____ () C:\windows\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445.job
    2014-11-14 19:06 - 2012-07-20 05:57 - 00000382 _____ () C:\windows\Tasks\PC Health Advisor.job
    2014-11-14 19:06 - 2011-09-03 17:45 - 00000442 _____ () C:\windows\Tasks\ParetoLogic Update Version3.job
    2014-11-14 19:05 - 2011-09-03 17:45 - 00000468 _____ () C:\windows\Tasks\ParetoLogic Registration3.job
    2014-11-12 19:18 - 2012-07-20 05:57 - 00000494 _____ () C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
    C:\ProgramData\SMRResults430.dat
    Task: {37EEF4E4-20C9-48CB-B445-88E083EFCFBA} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
    Task: {600D8CE0-F137-4B59-90F2-39F8FDE6A3AC} - System32\Tasks\PC Health Advisor Startup => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25] (ParetoLogic, Inc.)
    Task: {827DB2AE-8E44-40B0-8A7E-30794CC23648} - System32\Tasks\PC Health Advisor Defrag => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25] (ParetoLogic, Inc.)
    Task: {8EF8A429-02A2-42DC-B71C-C38FF66C574A} - System32\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445 => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25] (ParetoLogic, Inc.)
    Task: {990172CC-D074-4433-8ADD-00F3660DFEF3} - System32\Tasks\Digital Sites => C:\Users\Alice\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {9C480892-0AF0-4BAF-926A-B9A1037C3F01} - System32\Tasks\PC Health Advisor => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25] (ParetoLogic, Inc.)
    Task: {B8369989-52F0-4542-A8DF-DD2280088317} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
    Task: {F1E140C9-C74B-4D7A-A815-A77FD2BB0AFE} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
    Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
    Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Alice\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
    Task: C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    Task: C:\windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    Task: C:\windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
    Task: C:\windows\Tasks\PC Health Advisor Startup.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
    Task: C:\windows\Tasks\PC Health Advisor.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
    Task: C:\windows\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
    C:\Program Files (x86)\ParetoLogic
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
     
     
     
    *****************
     
    Processes closed successfully.
    C:\windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41534932-2D56-3600-76A7-7A786E7484D7}" => Key deleted successfully.
    "HKCR\CLSID\{41534932-2D56-3600-76A7-7A786E7484D7}" => Key not found.
    Firefox DefaultSearchEngine deleted successfully.
    Firefox SearchEngineOrder.1 deleted successfully.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    C:\Users\Alice\AppData\Roaming\DriverCure => Moved successfully.
    C:\Users\Alice\Downloads\PCKeeper Installer.exe => Moved successfully.
    C:\windows\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445.job => Moved successfully.
    C:\windows\Tasks\PC Health Advisor.job => Moved successfully.
    C:\windows\Tasks\ParetoLogic Update Version3.job => Moved successfully.
    C:\windows\Tasks\ParetoLogic Registration3.job => Moved successfully.
    C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job => Moved successfully.
    C:\ProgramData\SMRResults430.dat => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37EEF4E4-20C9-48CB-B445-88E083EFCFBA}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37EEF4E4-20C9-48CB-B445-88E083EFCFBA}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ParetoLogic Update Version3 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{600D8CE0-F137-4B59-90F2-39F8FDE6A3AC}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{600D8CE0-F137-4B59-90F2-39F8FDE6A3AC}" => Key deleted successfully.
    C:\Windows\System32\Tasks\PC Health Advisor Startup => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Advisor Startup" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{827DB2AE-8E44-40B0-8A7E-30794CC23648}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{827DB2AE-8E44-40B0-8A7E-30794CC23648}" => Key deleted successfully.
    C:\Windows\System32\Tasks\PC Health Advisor Defrag => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Advisor Defrag" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EF8A429-02A2-42DC-B71C-C38FF66C574A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EF8A429-02A2-42DC-B71C-C38FF66C574A}" => Key deleted successfully.
    C:\Windows\System32\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{990172CC-D074-4433-8ADD-00F3660DFEF3}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{990172CC-D074-4433-8ADD-00F3660DFEF3}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Digital Sites => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C480892-0AF0-4BAF-926A-B9A1037C3F01}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C480892-0AF0-4BAF-926A-B9A1037C3F01}" => Key deleted successfully.
    C:\Windows\System32\Tasks\PC Health Advisor => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Advisor" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8369989-52F0-4542-A8DF-DD2280088317}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8369989-52F0-4542-A8DF-DD2280088317}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ParetoLogic Registration3 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Registration3" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F1E140C9-C74B-4D7A-A815-A77FD2BB0AFE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1E140C9-C74B-4D7A-A815-A77FD2BB0AFE}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3 Startup Task" => Key deleted successfully.
    C:\windows\Tasks\AutoKMS.job => Moved successfully.
    C:\windows\Tasks\Digital Sites.job => Moved successfully.
    C:\windows\Tasks\ParetoLogic Registration3.job not found.
    C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job not found.
    C:\windows\Tasks\ParetoLogic Update Version3.job not found.
    C:\windows\Tasks\PC Health Advisor Defrag.job => Moved successfully.
    C:\windows\Tasks\PC Health Advisor Startup.job => Moved successfully.
    C:\windows\Tasks\PC Health Advisor.job not found.
    C:\windows\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445.job not found.
    C:\Program Files (x86)\ParetoLogic => Moved successfully.
     
    =========  ipconfig /flushdns =========
     
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========= End of CMD: =========
     
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 426.3 MB temporary data.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog ====

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users