WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hi Ken...this is Alice [Solved]

Started by alifitz , Nov 12 2014 08:03 PM

Hi Ken...this is Alice

This topic is locked

17 replies to this topic

#1 alifitz

New Member

Authentic Member
7 posts

Posted 12 November 2014 - 08:03 PM

Thank you Ken!

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 November 2014 - 08:12 PM

Hi Alice,

Glad you made it, you will find this will be so much easier, so lets see what going on. Sometimes a lot of popups are caused by a rootkit type of infection, running aswMBR will check

Please download aswMBR to your desktop.

Double click the aswMBR icon to run it.

Click the Scan button to start scan.

If you are asked to update the Avast Virus database please allow it to do so.

When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

I just want to see the report....Please Do Not Fix Anything

============================================================================

Then I will need you to run FRST, with windows 7 I am sure you will need to 64bit version

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

A simple way to check your system: Start --> Computer (right click) --> Properties

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Please make sure All Users is checked

Just keep the defaults as in the picture checkmarked

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

All of the scans we run will give you a log, it will open up in Notepad, when the log opens just go to the top left of notepad and click on EDIT > Select All............EDIT>Copy and then come back to the forum, reply to the topic ( do not start a new topic, just reply to this one) and paste the logs for me to see

So, run aswMBR and post the log, then run FRST, there will be a main log and also an Additions log, post them both

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 November 2014 - 08:35 PM

Save all the logs to your desktop, Alice, reply to this topic by clicking on More Reply Options and attach the file then post

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#4 alifitz

New Member

Authentic Member
7 posts

Posted 12 November 2014 - 08:43 PM

aswMBR.txt 1.21KB 148 downloads

#5 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 November 2014 - 08:44 PM

OK, do the same thing with FRST64

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#6 alifitz

New Member

Authentic Member
7 posts

Posted 12 November 2014 - 09:05 PM

FRST.txt 56.67KB 354 downloads

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014

Ran by Alice (administrator) on ALICE-PC on 12-11-2014 21:56:22

Running from C:\Users\Alice\Downloads

Loaded Profile: Alice (Available profiles: Alice)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

(PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

(Google Inc.) C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe

(Google Inc.) C:\Users\Alice\AppData\Local\Google\Chrome\Application\chrome.exe

(AVAST Software) C:\Users\Alice\Downloads\aswMBR.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()

HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-17] (Symantec Corporation)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-04] (Dell)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1014477673-2926293493-1085533744-1001\...\Run: [Google Update] => C:\Users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)

HKU\S-1-5-21-1014477673-2926293493-1085533744-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\5.2.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\5.2.0.13\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\5.2.0.13\buShell.dll (Symantec Corporation)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.co...=1054828859&ir=

URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File

URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1054828859&ir=

SearchScopes: HKCU - {C57C4727-6270-4D5B-B78C-2BE7BBB43726} URL = http://asksearch.ask...={searchTerms}

BHO: No Name -> {41534932-2D56-3600-76A7-7A786E7484D7} -> No File

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation)

BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-1014477673-2926293493-1085533744-1001 -> No Name - {41534932-2D56-3600-76A7-7A786E7484D7} - No File

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab

DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://portal.ocfl....COL /relayp.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:

========

FF ProfilePath: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default

FF DefaultSearchEngine: Ask Search

FF SearchEngineOrder.1: Ask Search

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )

FF Plugin-x32: @renlearn.com/RLPrintPlugin,version=1.3.13.0 -> C:\Program Files (x86)\Renaissance Learning\RLPrintPlugin\npRLPrint.dll (Renaissance Learning Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alice\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alice\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-1014477673-2926293493-1085533744-1001: electronicarts.com/GameFacePlugin -> C:\Users\Alice\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF user.js: detected! => C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default\user.js

FF SearchPlugin: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default\searchplugins\ask-search.xml

FF SearchPlugin: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default\searchplugins\Astromenda.xml

FF Extension: Firefox Old Version Update Hotfix - C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\k7tzjtyv.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-20]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn

FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn [2011-06-09]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3 [2012-04-03]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-22]

Chrome:

=======

CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ggfc_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBtA0F0DyEyEyDzzyC0DyEtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FzztD0F0FyC0EtGyEzyyCyEtGzzyE0AtBtGtD0DtDzztGyBtD0DyC0F0AyE0Czz0FyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyByD0BzyyDtAtGyC0E0A0AtGyEyBzy0FtGzz0CyB0CtGyC0EyCzz0C0FtB0DyB0AyByE2Q&cr=1054828859&ir=

CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ggfc_14_45_ch&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBtA0F0DyEyEyDzzyC0DyEtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FzztD0F0FyC0EtGyEzyyCyEtGzzyE0AtBtGtD0DtDzztGyBtD0DyC0F0AyE0Czz0FyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyByD0BzyyDtAtGyC0E0A0AtGyEyBzy0FtGzz0CyB0CtGyC0EyCzz0C0FtB0DyB0AyByE2Q&cr=1054828859&ir="

CHR Profile: C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (EnterDigital) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpoomjocjelojiflbhbplglmkggfcjgd [2014-11-10]

CHR Extension: (Google Wallet) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]

R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]

S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]

R2 MaintainerSvc6.37.565328; C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [123632 2014-11-12] ()

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]

R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]

S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [1156216 2011-11-14] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-09] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111129.030\IDSvia64.sys [488568 2011-08-22] (Symantec Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111129.033\ENG64.SYS [117880 2011-08-03] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111129.033\EX64.SYS [2048632 2011-08-03] (Symantec Corporation)

S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\0502010.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-09] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)

S3 SymNetS; C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)

R1 {dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w64; C:\Windows\System32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w64.sys [48784 2014-11-09] (StdLib)

U3 aswMBR; \??\C:\Users\Alice\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\Alice\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 21:56 - 2014-11-12 21:59 - 00029472 _____ () C:\Users\Alice\Downloads\FRST.txt

2014-11-12 21:55 - 2014-11-12 21:57 - 00000000 ____D () C:\FRST

2014-11-12 21:54 - 2014-11-12 21:54 - 02116096 _____ (Farbar) C:\Users\Alice\Downloads\FRST64.exe

2014-11-12 21:32 - 2014-11-12 21:32 - 00000791 _____ () C:\Users\Alice\Downloads\aswMBR.txt

2014-11-12 21:25 - 2014-11-12 21:27 - 00001242 _____ () C:\Users\Alice\Desktop\aswMBR.txt

2014-11-12 21:19 - 2014-11-12 21:19 - 05194752 _____ (AVAST Software) C:\Users\Alice\Downloads\aswMBR.exe

2014-11-12 19:17 - 2014-11-12 19:17 - 00013126 _____ () C:\ProgramData\SMRResults430.dat

2014-11-12 19:04 - 2014-11-12 19:04 - 00000000 ____D () C:\NPE

2014-11-12 19:02 - 2014-11-12 19:02 - 00000000 _____ () C:\windows\SysWOW64\shoB2AC.tmp

2014-11-12 19:01 - 2014-11-12 19:16 - 00000000 ____D () C:\Users\Alice\AppData\Local\NPE

2014-11-12 19:01 - 2014-11-12 19:01 - 03060320 ____N (Symantec Corporation) C:\Users\Alice\Downloads\NPE.exe

2014-11-12 18:50 - 2014-11-12 18:50 - 00230200 _____ (Fusion Install ) C:\Users\Alice\Downloads\flashplayerpro_Setup.exe

2014-11-11 20:02 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-11-11 20:02 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-11-11 20:02 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-11-11 20:02 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-11-11 20:02 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-11-11 20:02 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-11-11 20:02 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-11-11 20:02 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-11-11 20:02 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-11-11 20:02 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-11-11 20:02 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-11-11 20:02 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-11-11 20:02 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-11-11 20:02 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-11-11 20:02 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-11-11 20:02 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-11-11 20:02 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-11-11 20:02 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-11-11 20:02 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-11-11 20:02 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-11-11 20:02 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-11-11 20:02 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-11-11 20:02 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-11-11 20:02 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-11-11 20:02 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-11-11 20:02 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-11-11 20:02 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-11-11 20:02 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-11-11 20:02 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-11-11 20:02 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-11-11 20:02 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-11-11 20:02 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-11-11 20:02 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-11-11 20:02 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-11-11 20:02 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-11-11 20:02 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-11-11 20:02 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-11-11 20:02 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-11-11 20:02 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-11-11 20:02 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-11-11 20:02 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-11-11 20:02 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-11-11 20:02 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-11-11 20:02 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-11-11 20:02 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-11-11 20:02 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-11-11 20:02 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-11-11 20:02 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-11-11 20:02 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-11-11 20:02 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-11-11 20:02 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-11-11 20:02 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-11-11 20:02 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-11-11 20:02 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-11-11 20:02 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-11-11 20:02 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-11-11 20:02 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll

2014-11-11 20:02 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-11-11 20:02 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-11-11 20:02 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2014-11-11 20:02 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll

2014-11-11 20:02 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2014-11-11 20:02 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2014-11-11 20:02 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2014-11-11 20:02 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2014-11-11 20:02 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2014-11-11 20:02 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll

2014-11-11 20:02 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2014-11-11 20:00 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll

2014-11-11 20:00 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll

2014-11-11 20:00 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll

2014-11-11 20:00 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll

2014-11-11 20:00 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll

2014-11-11 20:00 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll

2014-11-11 20:00 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll

2014-11-11 20:00 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll

2014-11-11 20:00 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-11-11 20:00 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2014-11-11 20:00 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2014-11-11 20:00 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2014-11-11 20:00 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2014-11-11 20:00 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2014-11-11 20:00 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2014-11-11 20:00 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-11-11 20:00 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2014-11-11 20:00 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2014-11-11 20:00 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2014-11-11 20:00 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2014-11-11 20:00 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2014-11-11 20:00 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2014-11-11 20:00 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2014-11-11 20:00 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll

2014-11-11 20:00 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

2014-11-11 20:00 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll

2014-11-11 20:00 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL

2014-11-11 20:00 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL

2014-11-11 19:59 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll

2014-11-11 19:59 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll

2014-11-11 19:59 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll

2014-11-11 19:59 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll

2014-11-11 19:59 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2014-11-11 19:59 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll

2014-11-11 19:59 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2014-11-11 19:49 - 2014-11-11 19:49 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Norton Utilities 16

2014-11-10 19:00 - 2014-11-12 19:00 - 00000274 _____ () C:\windows\SysWOW64\AppLog.log

2014-11-10 18:28 - 2014-11-12 19:18 - 00000288 _____ () C:\windows\Tasks\NUAutoUpdate.job

2014-11-10 18:28 - 2014-11-12 19:02 - 00000280 _____ () C:\windows\Tasks\NUSchedule.job

2014-11-10 18:28 - 2014-11-10 18:28 - 00002856 _____ () C:\windows\System32\Tasks\NUSchedule

2014-11-10 18:28 - 2014-11-10 18:28 - 00002524 _____ () C:\windows\System32\Tasks\NUAutoUpdate

2014-11-10 18:28 - 2014-11-10 18:28 - 00000000 ____D () C:\Users\Alice\Documents\Norton Utilities 16

2014-11-10 18:24 - 2014-11-10 18:24 - 00001225 _____ () C:\Users\Public\Desktop\Norton Utilities 16.lnk

2014-11-10 18:24 - 2014-11-10 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16

2014-11-10 18:24 - 2014-11-10 18:24 - 00000000 ____D () C:\Program Files (x86)\Symantec

2014-11-10 18:24 - 2014-01-17 05:13 - 00042624 _____ () C:\windows\system32\CleanMFT64.exe

2014-11-10 18:24 - 2014-01-17 04:35 - 01101824 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBox210.ocx

2014-11-10 18:24 - 2014-01-17 04:35 - 00880640 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBox10.ocx

2014-11-10 18:24 - 2014-01-17 04:35 - 00506368 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml.dll

2014-11-10 18:24 - 2014-01-17 04:35 - 00212992 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBoxVB12.ocx

2014-11-10 18:24 - 2014-01-17 04:35 - 00044544 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml4a.dll

2014-11-10 18:23 - 2014-11-10 18:24 - 00000000 ____D () C:\ProgramData\Symantec

2014-11-10 18:23 - 2014-11-10 18:23 - 20120192 _____ (Symantec) C:\Users\Alice\Documents\nu-TW-16.0.2.14-SMUI.exe

2014-11-10 18:23 - 2014-11-10 18:23 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Product_NU16

2014-11-10 18:22 - 2014-11-10 18:23 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Download Manager

2014-11-10 18:20 - 2014-11-10 18:20 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Tific

2014-11-10 18:20 - 2014-11-10 18:20 - 00000000 ____D () C:\Users\Alice\AppData\Local\Symantec

2014-11-10 18:18 - 2014-11-10 18:18 - 00000000 ____D () C:\Users\Alice\AppData\Local\Origin

2014-11-10 18:10 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2014-11-10 18:10 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2014-11-10 18:10 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2014-11-10 18:10 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2014-11-10 18:09 - 2014-11-10 18:10 - 00005682 _____ () C:\windows\SysWOW64\jupdate-1.7.0_71-b14.log

2014-11-10 17:59 - 2014-11-10 17:59 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-11-10 17:22 - 2014-11-04 14:30 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

2014-11-09 11:38 - 2014-11-09 11:38 - 00022528 _____ () C:\Users\Alice\AppData\Local\316383646dsisetup3163856742.exe

2014-11-09 11:38 - 2014-11-09 11:38 - 00000001 _____ () C:\Users\Alice\AppData\Local\DSI.DAT

2014-11-09 09:47 - 2014-11-09 05:26 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w64.sys

2014-11-07 22:15 - 2014-11-12 20:49 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7

2014-11-07 21:41 - 2014-11-10 16:30 - 00000130 _____ () C:\Users\Alice\AppData\Roaming\WB.CFG

2014-11-07 20:41 - 2014-11-10 17:42 - 00000292 _____ () C:\windows\Tasks\Digital Sites.job

2014-11-07 20:41 - 2014-11-07 20:42 - 00003232 _____ () C:\windows\System32\Tasks\Digital Sites

2014-11-07 20:41 - 2014-11-07 20:41 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\DigitalSites

2014-10-17 02:45 - 2014-10-17 02:45 - 00000000 _____ () C:\windows\SysWOW64\sho56DF.tmp

2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL

2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL

2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL

2014-10-16 05:54 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL

2014-10-16 05:54 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL

2014-10-16 05:54 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL

2014-10-16 05:54 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL

2014-10-16 05:54 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL

2014-10-16 05:54 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL

2014-10-16 05:54 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL

2014-10-16 05:54 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls

2014-10-16 05:54 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls

2014-10-16 05:54 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll

2014-10-16 05:54 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll

2014-10-16 05:54 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll

2014-10-16 05:54 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll

2014-10-16 05:54 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll

2014-10-16 05:54 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll

2014-10-16 05:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll

2014-10-16 05:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll

2014-10-16 05:52 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2014-10-16 05:52 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

2014-10-16 05:52 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll

2014-10-16 05:52 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll

2014-10-16 05:52 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2014-10-16 05:52 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll

2014-10-16 05:52 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe

2014-10-16 05:52 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll

2014-10-16 05:52 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll

2014-10-16 05:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe

2014-10-16 05:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll

2014-10-16 05:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll

2014-10-16 05:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll

2014-10-16 05:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys

2014-10-16 05:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 21:48 - 2011-06-11 13:35 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-12 21:43 - 2012-06-13 09:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-11-12 21:21 - 2011-09-03 18:05 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001UA.job

2014-11-12 21:17 - 2011-04-18 14:16 - 01422665 _____ () C:\windows\WindowsUpdate.log

2014-11-12 21:08 - 2009-07-13 23:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-12 21:08 - 2009-07-13 23:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-12 19:23 - 2009-07-14 00:13 - 00789658 _____ () C:\windows\system32\PerfStringBackup.INI

2014-11-12 19:20 - 2011-09-03 17:45 - 00000420 _____ () C:\windows\Tasks\PC Health Advisor Startup.job

2014-11-12 19:19 - 2013-02-13 15:28 - 00028277 _____ () C:\windows\AutoKMS.log

2014-11-12 19:19 - 2013-02-13 09:04 - 00000200 _____ () C:\windows\Tasks\AutoKMS.job

2014-11-12 19:19 - 2011-06-03 15:37 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

2014-11-12 19:19 - 2011-06-03 15:37 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

2014-11-12 19:19 - 2011-04-18 15:10 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-11-12 19:18 - 2012-07-20 05:57 - 00000494 _____ () C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job

2014-11-12 19:18 - 2011-09-09 20:38 - 00026856 _____ () C:\windows\setupact.log

2014-11-12 19:18 - 2011-06-11 13:35 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-12 19:18 - 2011-04-18 14:43 - 00000000 ____D () C:\ProgramData\Temp

2014-11-12 19:18 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-11-12 19:01 - 2011-06-05 13:30 - 00000000 ____D () C:\ProgramData\Norton

2014-11-12 18:00 - 2011-09-03 17:45 - 00000468 _____ () C:\windows\Tasks\ParetoLogic Registration3.job

2014-11-12 06:35 - 2011-06-03 14:36 - 00127208 _____ () C:\Users\Alice\AppData\Local\GDIPFONTCACHEV1.DAT

2014-11-12 06:35 - 2011-04-18 14:48 - 00000000 ____D () C:\ProgramData\Sonic

2014-11-12 03:41 - 2009-07-13 23:45 - 00463888 _____ () C:\windows\system32\FNTCACHE.DAT

2014-11-12 03:38 - 2014-05-07 02:01 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-11-12 03:37 - 2011-09-03 17:45 - 00000400 _____ () C:\windows\Tasks\PC Health Advisor Defrag.job

2014-11-12 03:21 - 2013-02-13 08:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-12 03:14 - 2013-07-14 02:01 - 00000000 ____D () C:\windows\system32\MRT

2014-11-12 03:06 - 2011-07-12 23:42 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-11-12 01:34 - 2011-09-03 18:05 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001Core.job

2014-11-11 20:43 - 2012-06-13 09:36 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-11-11 20:43 - 2012-06-13 09:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-11-11 20:43 - 2011-07-12 23:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-10 18:18 - 2011-06-07 18:47 - 00000000 ____D () C:\ProgramData\Origin

2014-11-10 18:10 - 2013-11-02 20:24 - 00000000 ____D () C:\ProgramData\Oracle

2014-11-10 18:10 - 2012-08-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Java

2014-11-10 18:05 - 2011-06-11 13:38 - 00000000 ____D () C:\Users\Alice\AppData\Local\Adobe

2014-11-10 17:59 - 2011-04-18 14:30 - 00365234 _____ () C:\windows\PFRO.log

2014-11-10 17:56 - 2013-06-12 17:26 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork

2014-11-10 16:36 - 2009-07-13 21:34 - 00000647 _____ () C:\windows\win.ini

2014-11-10 16:31 - 2012-07-20 05:57 - 00000382 _____ () C:\windows\Tasks\PC Health Advisor.job

2014-11-08 23:56 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\GroupPolicy

2014-11-08 19:47 - 2012-01-18 07:07 - 00000346 _____ () C:\windows\Tasks\PC Health Advisor_sch_05506B31-41CD-11E1-B232-BC77373FD445.job

2014-11-07 20:41 - 2013-06-25 19:57 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-11-07 20:41 - 2011-09-03 18:06 - 00002372 _____ () C:\Users\Alice\Desktop\Google Chrome.lnk

2014-11-07 06:40 - 2011-09-03 17:45 - 00000442 _____ () C:\windows\Tasks\ParetoLogic Update Version3.job

2014-11-06 06:48 - 2011-06-07 19:35 - 00000000 ____D () C:\Users\Alice\AppData\Local\CrashDumps

2014-10-23 14:42 - 2011-06-11 13:35 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-23 14:42 - 2011-06-11 13:35 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-17 21:18 - 2011-06-11 13:37 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

2014-10-17 21:18 - 2011-04-18 15:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-10-17 21:16 - 2011-09-03 18:05 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001UA

2014-10-17 21:16 - 2011-09-03 18:05 - 00003482 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014477673-2926293493-1085533744-1001Core

2014-10-17 02:48 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

Files to move or delete:

====================

C:\ProgramData\SMRResults430.dat

Some content of TEMP:

====================

C:\Users\Alice\AppData\Local\Temp\drm_dyndata_7330014.dll

C:\Users\Alice\AppData\Local\Temp\eauninstall.exe

C:\Users\Alice\AppData\Local\Temp\First15.exe

C:\Users\Alice\AppData\Local\Temp\jigsawboom2-510007622-setup.s510007622.c110268333.len.u.dl.exe

C:\Users\Alice\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

C:\Users\Alice\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Alice\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Alice\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Alice\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe

C:\Users\Alice\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Alice\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\Alice\AppData\Local\Temp\Relay.dll

C:\Users\Alice\AppData\Local\Temp\RelayL.dll

C:\Users\Alice\AppData\Local\Temp\rootsupd.exe

C:\Users\Alice\AppData\Local\Temp\The Sims 2_uninst.exe

C:\Users\Alice\AppData\Local\Temp\Update.exe

C:\Users\Alice\AppData\Local\Temp\VP6Install.exe

C:\Users\Alice\AppData\Local\Temp\VP6VFW.dll

C:\Users\Alice\AppData\Local\Temp\{9611D4C6-014D-4877-92B8-A53FCD55BE0D}-GoogleUpdateB6998767.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-01 02:36

==================== End Of Log ============================

#7 alifitz

New Member

Authentic Member
7 posts

Posted 12 November 2014 - 09:07 PM

FRST.txt

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 November 2014 - 09:12 PM

Alice, your infected with Astromenda , hang off on the Additions log for now, I need you to run three programs, run them in the order listed, if the first one wont run the skip to the next one.

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

===============================================================================

Download Malwarebytes' Anti-Malware to your desktop.

Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#9 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 14 November 2014 - 05:44 AM

When you can, post the logs from AdwCleaner, Junkware Removal and Malwarebytes

AdwCleaner and Junkware should be on your desktop

Here is how to find the log from Malwarebytes if you didn't save it

1. Open up Malwarebytes

2. Go to the History Tab

3. Click on Application Logs

4. Click on the last Scan Log you just ran

5. Click on View

6. Then on the Bottom click on Copy to Clipboard

7. Then paste it into this thread

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#10 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 14 November 2014 - 07:51 PM

Alice, I need you to run a new scan with FRST, be sure to checkmark Additions and post both logs and I will work up a fix for you

You can run this tool, it wont remove the infection but will calm it down so we can run other scans and tools

Please download rkill (Courtesy of Bleepingcomputer.com).

There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.

Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.

Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe

2. rkill.com

3. rkill.scr

4. WiNlOgOn.exe

5. uSeRiNiT.exe

Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#11 alifitz

New Member

Authentic Member
7 posts

Posted 15 November 2014 - 08:13 AM

FRST.txt 56.13KB 160 downloads

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014

Ran by Alice (administrator) on ALICE-PC on 15-11-2014 09:08:11