Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another astromenda infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 BelowtheLine

BelowtheLine

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 31 October 2014 - 01:30 AM

Hello,

It seems I have had the misfortune to pick up Astromenda. I've run two or three Malwarebytes scans (and removed numerous threads) and one with Norton, but Chrome still opens to the Astromenda page (already have homepage reset to Google.)

I took the liberty of running a FRST scan, and have included the results below.

Thank you so much for your help!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by pbrunner (administrator) on PBRUNNER-PC on 31-10-2014 01:20:35
Running from C:\Users\pbrunner\Desktop
Loaded Profile: pbrunner (Available profiles: pbrunner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(CMedia) C:\Program Files\UNi Xonar Audio\Customapp\AsusAudioCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3620361521-2290374174-2433197831-1000\...\Run: [GoogleChromeAutoLaunch_289A04FA287BB88D5C7EAFA2351AC9B4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3620361521-2290374174-2433197831-1000\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
HKU\S-1-5-21-3620361521-2290374174-2433197831-1000\...\MountPoints2: {fd76b6cd-f7af-11e3-97e2-806e6f6e6963} - D:\CPanel.exe
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2665C394838BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir=
SearchScopes: HKCU - {17FFB95C-5C4E-42E5-ADF2-748F1FCEE6AF} URL = http://www.mypoints.com/emp/u/mysearch.vm?q={searchTerms}&mypoints_brw=1
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
FF Keyword.URL: https://www.mypoints.com/emp/u/mysearch.vm?ourmark=3&st=mypWeb&mypoints2y_dns4=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\searchplugins\search-and-earn-points.xml
FF Extension: LastPass - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\support@lastpass.com [2014-06-19]
FF Extension: Astrmenda Search - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-10-24]
FF Extension: Adblock Plus - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-20]
FF Extension: MyPoints Toolbar - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}.xpi [2014-08-04]
FF Extension: Astro New Tab - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-10-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-19]
CHR Extension: (Google Drive) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (YouTube) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-19]
CHR Extension: (Google Cast) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-29]
CHR Extension: (Adblock Plus) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-20]
CHR Extension: (Google Search) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-19]
CHR Extension: (Pin It Button) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-06-22]
CHR Extension: (Adorable Olaf - Frozen) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnecnlkmjfggfebndpanigjbjfnbomi [2014-06-22]
CHR Extension: (Norton Security Toolbar) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-19]
CHR Extension: (Google Wallet) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
CHR Extension: (Gmail) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-19]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [178160 2014-08-28] (Coupons.com Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2735616 2013-12-11] (C-Media Inc)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141030.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R0 iteatapi; C:\Windows\System32\DRIVERS\iteatapi.sys [38680 2008-05-14] (ITE Tech. Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-26] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141030.019\ENG64.SYS [129752 2014-10-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141030.019\EX64.SYS [2137304 2014-10-09] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 01:20 - 2014-10-31 01:21 - 00020511 _____ () C:\Users\pbrunner\Desktop\FRST.txt
2014-10-31 01:19 - 2014-10-31 01:20 - 00000000 ____D () C:\FRST
2014-10-31 01:18 - 2014-10-31 01:18 - 02113536 _____ (Farbar) C:\Users\pbrunner\Desktop\frst64.exe
2014-10-30 18:03 - 2014-10-30 22:11 - 00000137 _____ () C:\Windows\realflight.INI
2014-10-30 18:02 - 2014-10-30 18:02 - 00001986 _____ () C:\Users\Public\Desktop\RealFlight NexSTAR.lnk
2014-10-30 18:02 - 2014-10-30 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealFlight G2 NexStar Edition
2014-10-30 18:02 - 2014-10-30 18:02 - 00000000 ____D () C:\Program Files (x86)\directx
2014-10-30 18:01 - 2014-10-30 22:11 - 00000000 ____D () C:\Program Files (x86)\RealFlight NexSTAR
2014-10-30 17:58 - 2014-10-30 18:45 - 00003176 _____ () C:\cptime.log
2014-10-30 17:58 - 1998-07-30 14:51 - 00305152 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-10-30 12:59 - 2014-10-30 12:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-24 14:01 - 2014-10-26 18:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 14:00 - 2014-10-24 14:00 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 14:00 - 2014-10-24 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 14:00 - 2014-10-24 14:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-24 14:00 - 2014-10-24 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 14:00 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-24 14:00 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-24 14:00 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-24 13:58 - 2014-10-24 14:00 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\pbrunner\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-24 13:26 - 2014-10-24 13:26 - 00003748 _____ () C:\Windows\System32\Tasks\boosterpop
2014-10-24 13:26 - 2014-10-24 13:26 - 00003644 _____ () C:\Windows\System32\Tasks\IEError
2014-10-24 13:25 - 2014-10-24 13:25 - 00003490 _____ () C:\Windows\System32\Tasks\AI_Updater
2014-10-23 02:03 - 2014-10-23 02:03 - 00001277 _____ () C:\Users\pbrunner\Desktop\Revo Uninstaller.lnk
2014-10-23 02:03 - 2014-10-23 02:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-23 02:02 - 2014-10-23 02:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\pbrunner\Desktop\revosetup.exe
2014-10-22 17:20 - 2014-10-22 17:20 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-15 21:19 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 21:19 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 21:19 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 21:19 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 21:19 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 21:19 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 21:19 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 21:19 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 21:19 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 21:19 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 21:19 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 21:19 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 21:19 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 21:19 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 21:19 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 21:19 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 21:19 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 21:19 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 21:19 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 21:19 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 21:19 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 21:19 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 21:19 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 21:19 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 21:19 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 21:19 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 21:19 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 21:19 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 21:19 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 21:19 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 21:19 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 21:19 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 21:19 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 21:19 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 21:19 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 21:19 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 21:19 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 21:19 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 21:19 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 21:19 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 21:19 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 21:19 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 21:19 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 21:19 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 21:19 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 21:19 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 21:19 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 21:19 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 21:19 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 21:19 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 21:19 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 21:19 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 21:19 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 21:19 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 21:19 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 21:19 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 21:19 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 21:19 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 21:19 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 21:19 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 21:19 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 21:19 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 21:19 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 21:16 - 2014-08-29 21:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 21:16 - 2014-08-29 20:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 21:16 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 21:15 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 21:15 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 21:15 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 21:15 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 21:15 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 21:15 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 21:15 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 21:15 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 21:15 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 21:15 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 21:15 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 21:15 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 21:15 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 21:15 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 21:15 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-11 08:47 - 2014-10-11 08:47 - 00000000 _____ () C:\Windows\SysWOW64\FAP5F82.tmp
2014-10-10 08:44 - 2014-10-10 08:44 - 00000000 _____ () C:\Windows\SysWOW64\FAP5151.tmp
2014-10-10 08:09 - 2014-10-10 08:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP1C60.tmp
2014-10-10 08:09 - 2014-10-10 08:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP1C00.tmp
2014-10-10 08:09 - 2014-10-10 08:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP13EF.tmp
2014-10-10 02:05 - 2014-10-10 02:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP3C1A.tmp
2014-10-10 02:01 - 2014-10-10 02:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP8DF5.tmp
2014-10-10 01:27 - 2014-10-10 01:27 - 00000000 _____ () C:\Windows\SysWOW64\FAP733E.tmp
2014-10-10 01:23 - 2014-10-10 01:23 - 00000000 _____ () C:\Windows\SysWOW64\FAP1F7.tmp
2014-10-10 01:22 - 2014-10-10 01:22 - 00000000 _____ () C:\Windows\SysWOW64\FAPC23C.tmp
2014-10-10 01:22 - 2014-10-10 01:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP809E.tmp
2014-10-10 01:22 - 2014-10-10 01:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP784F.tmp
2014-10-10 01:22 - 2014-10-10 01:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP77C0.tmp
2014-10-10 01:22 - 2014-10-10 01:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP7685.tmp
2014-10-10 01:12 - 2014-10-10 01:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPDE0.tmp
2014-10-10 01:12 - 2014-10-10 01:12 - 00000000 _____ () C:\Windows\SysWOW64\FAP196B.tmp
2014-10-10 01:02 - 2014-10-10 01:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPED90.tmp
2014-10-10 01:02 - 2014-10-10 01:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPE05F.tmp
2014-10-10 00:52 - 2014-10-10 00:52 - 00000000 _____ () C:\Windows\SysWOW64\FAPC271.tmp
2014-10-10 00:52 - 2014-10-10 00:52 - 00000000 _____ () C:\Windows\SysWOW64\FAPB5FB.tmp
2014-10-10 00:42 - 2014-10-10 00:42 - 00000000 _____ () C:\Windows\SysWOW64\FAP81E5.tmp
2014-10-10 00:42 - 2014-10-10 00:42 - 00000000 _____ () C:\Windows\SysWOW64\FAP7FFF.tmp
2014-10-10 00:32 - 2014-10-10 00:32 - 00000000 _____ () C:\Windows\SysWOW64\FAP5FAF.tmp
2014-10-10 00:32 - 2014-10-10 00:32 - 00000000 _____ () C:\Windows\SysWOW64\FAP558B.tmp
2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP3079.tmp
2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP2471.tmp
2014-10-10 00:12 - 2014-10-10 00:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPF973.tmp
2014-10-10 00:12 - 2014-10-10 00:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPF7FA.tmp
2014-10-10 00:02 - 2014-10-10 00:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPE7F6.tmp
2014-10-10 00:02 - 2014-10-10 00:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPDDC2.tmp
2014-10-09 23:51 - 2014-10-09 23:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP7DD9.tmp
2014-10-09 23:51 - 2014-10-09 23:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP7A2E.tmp
2014-10-09 23:48 - 2014-10-09 23:48 - 00000000 _____ () C:\Windows\SysWOW64\FAPFDC7.tmp
2014-10-09 23:47 - 2014-10-09 23:47 - 00000000 _____ () C:\Windows\SysWOW64\FAPBD8F.tmp
2014-10-09 23:47 - 2014-10-09 23:47 - 00000000 _____ () C:\Windows\SysWOW64\FAPB9D4.tmp
2014-10-09 23:41 - 2014-10-09 23:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP51CA.tmp
2014-10-09 23:41 - 2014-10-09 23:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP48A0.tmp
2014-10-09 23:31 - 2014-10-09 23:31 - 00000000 _____ () C:\Windows\SysWOW64\FAP25A1.tmp
2014-10-09 23:31 - 2014-10-09 23:31 - 00000000 _____ () C:\Windows\SysWOW64\FAP1A92.tmp
2014-10-09 23:21 - 2014-10-09 23:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPEF08.tmp
2014-10-09 23:21 - 2014-10-09 23:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPED50.tmp
2014-10-09 23:11 - 2014-10-09 23:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPBA34.tmp
2014-10-09 23:11 - 2014-10-09 23:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPB11A.tmp
2014-10-09 23:01 - 2014-10-09 23:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP8DBD.tmp
2014-10-09 23:01 - 2014-10-09 23:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP835B.tmp
2014-10-09 22:51 - 2014-10-09 22:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP5B0C.tmp
2014-10-09 22:51 - 2014-10-09 22:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP5A10.tmp
2014-10-09 22:41 - 2014-10-09 22:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP3626.tmp
2014-10-09 22:41 - 2014-10-09 22:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP2DE7.tmp
2014-10-09 22:31 - 2014-10-09 22:31 - 00000000 _____ () C:\Windows\SysWOW64\FAPFAB9.tmp
2014-10-09 22:31 - 2014-10-09 22:31 - 00000000 _____ () C:\Windows\SysWOW64\FAP53B.tmp
2014-10-09 22:21 - 2014-10-09 22:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPD9DD.tmp
2014-10-09 22:21 - 2014-10-09 22:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPCA89.tmp
2014-10-09 22:11 - 2014-10-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPA259.tmp
2014-10-09 22:11 - 2014-10-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP9874.tmp
2014-10-09 22:01 - 2014-10-09 22:01 - 00000000 _____ () C:\Windows\SysWOW64\FAPB1D2.tmp
2014-10-09 22:01 - 2014-10-09 22:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP7024.tmp
2014-10-09 21:51 - 2014-10-09 21:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP40E0.tmp
2014-10-09 21:51 - 2014-10-09 21:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP3C79.tmp
2014-10-09 21:49 - 2014-10-09 21:49 - 00000000 _____ () C:\Windows\SysWOW64\FAP44DD.tmp
2014-10-09 21:49 - 2014-10-09 21:49 - 00000000 _____ () C:\Windows\SysWOW64\FAP4383.tmp
2014-10-09 21:48 - 2014-10-09 21:48 - 00000000 _____ () C:\Windows\SysWOW64\FAP8215.tmp
2014-10-09 21:48 - 2014-10-09 21:48 - 00000000 _____ () C:\Windows\SysWOW64\FAP71D7.tmp
2014-10-09 21:48 - 2014-10-09 21:48 - 00000000 _____ () C:\Windows\SysWOW64\FAP6D70.tmp
2014-10-09 21:47 - 2014-10-09 21:47 - 00000000 _____ () C:\Windows\SysWOW64\FAP1730.tmp
2014-10-09 21:47 - 2014-10-09 21:47 - 00000000 _____ () C:\Windows\SysWOW64\FAP11DF.tmp
2014-10-09 21:46 - 2014-10-09 21:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPEDCB.tmp
2014-10-09 21:46 - 2014-10-09 21:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPE453.tmp
2014-10-09 21:46 - 2014-10-09 21:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPE1E0.tmp
2014-10-09 21:46 - 2014-10-09 21:46 - 00000000 _____ () C:\Windows\SysWOW64\FAP339.tmp
2014-10-09 21:46 - 2014-10-09 21:46 - 00000000 _____ () C:\Windows\SysWOW64\FAP11C2.tmp
2014-10-09 21:41 - 2014-10-09 21:41 - 00000000 _____ () C:\Windows\SysWOW64\FAPFD7B.tmp
2014-10-09 21:41 - 2014-10-09 21:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP760.tmp
2014-10-09 21:31 - 2014-10-09 21:31 - 00000000 _____ () C:\Windows\SysWOW64\FAPD636.tmp
2014-10-09 21:31 - 2014-10-09 21:31 - 00000000 _____ () C:\Windows\SysWOW64\FAPCC41.tmp
2014-10-09 21:21 - 2014-10-09 21:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPA7CB.tmp
2014-10-09 21:21 - 2014-10-09 21:21 - 00000000 _____ () C:\Windows\SysWOW64\FAP9913.tmp
2014-10-05 08:42 - 2014-10-05 08:42 - 00000000 _____ () C:\Windows\SysWOW64\FAP939B.tmp
2014-10-05 08:42 - 2014-10-05 08:42 - 00000000 _____ () C:\Windows\SysWOW64\FAP934B.tmp
2014-10-05 08:42 - 2014-10-05 08:42 - 00000000 _____ () C:\Windows\SysWOW64\FAP8BC7.tmp
2014-10-04 21:27 - 2014-10-04 21:27 - 00000000 _____ () C:\Windows\SysWOW64\FAPBA55.tmp
2014-10-04 18:43 - 2014-10-04 18:43 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 00:52 - 2014-06-20 00:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-31 00:10 - 2014-06-19 01:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-30 23:57 - 2009-07-13 23:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-30 23:57 - 2009-07-13 23:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 23:54 - 2014-06-19 02:06 - 01335421 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 23:50 - 2014-06-19 01:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-30 23:50 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 23:50 - 2009-07-13 23:51 - 00036162 _____ () C:\Windows\setupact.log
2014-10-30 19:13 - 2010-11-20 22:47 - 00313344 _____ () C:\Windows\PFRO.log
2014-10-30 18:03 - 2014-07-04 23:07 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\CrashDumps
2014-10-30 18:02 - 2014-07-05 13:14 - 00001026 _____ () C:\Windows\DirectX.log
2014-10-30 18:02 - 2009-07-13 21:34 - 00000597 _____ () C:\Windows\win.ini
2014-10-30 14:49 - 2014-06-21 21:23 - 00000000 ____D () C:\Users\pbrunner\AppData\Roaming\.minecraft
2014-10-27 18:13 - 2014-06-19 01:02 - 00002192 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-26 15:56 - 2014-09-21 15:37 - 00000000 ____D () C:\Users\pbrunner\AppData\Roaming\Mumble
2014-10-26 13:33 - 2014-06-19 01:00 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\Deployment
2014-10-24 17:27 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 15:53 - 2009-07-13 23:45 - 00348992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 15:52 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2014-10-24 15:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-24 13:56 - 2014-06-19 01:00 - 00077488 _____ () C:\Users\pbrunner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-22 17:55 - 2014-08-20 17:20 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\Adobe
2014-10-22 17:20 - 2014-06-20 00:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-22 17:20 - 2014-06-20 00:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-22 17:20 - 2014-06-20 00:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-22 09:00 - 2014-06-19 18:49 - 00000000 ____D () C:\Program Files (x86)\Quicken
2014-10-22 03:06 - 2014-06-19 01:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 03:06 - 2014-06-19 01:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 03:06 - 2014-06-19 01:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-16 04:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 03:06 - 2014-06-19 03:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:00 - 2014-06-19 03:15 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-04 18:43 - 2014-06-19 23:39 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-04 18:43 - 2014-06-19 23:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-04 18:43 - 2014-06-19 23:37 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-30 20:51

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 BelowtheLine

BelowtheLine
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 31 October 2014 - 01:34 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
Ran by pbrunner at 2014-10-31 01:21:40
Running from C:\Users\pbrunner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.10) (Version: 5.0.0.10 - Coupons.com Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
LEGO Minifigures Online (HKCU\...\423b93224c69643b) (Version: 1.0.0.0 - Funcom)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
RealFlight G2 NexSTAR Simulator (HKLM-x32\...\RealFlight2NexSTAR) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

16-10-2014 05:00:01 Scheduled Checkpoint
16-10-2014 08:00:17 Windows Update
23-10-2014 07:03:20 Revo Uninstaller's restore point - McAfee Security Scan Plus
24-10-2014 21:04:35 Removed PCBooster

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00CAE86E-7205-45DA-813B-84E946AEEAE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {3562A2D3-6FB4-41A6-9088-FFD2AD63B4E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22] (Adobe Systems Incorporated)
Task: {456A99C8-947D-48BD-864B-64F45E18F90A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {678B037B-028C-44A9-9672-0837E4E59136} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Portable Booster\\updater.exe
Task: {67EC06E9-D82F-42BC-AE10-762322762AE6} - System32\Tasks\boosterpop => C:\Program Files (x86)\Portable Booster\\WarningPopUp.exe
Task: {AA38CE76-AA01-4AD8-A36C-7D3C3B9FE9E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {B6FC2308-6352-4601-B61D-CEAC7FE9B4AE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D4DFD460-0BFD-4912-9D75-F08E72599875} - System32\Tasks\{EE175FBE-03C5-4547-ABD9-B5A45EEE69EF} => C:\Users\pbrunner\Downloads\Audio_IDT_5.10.5762.00_Vistax64Vistax86_A\Audio_IDT_5.10.5762.00_Vistax86x64\setup.exe
Task: {FB99CDFA-A22E-4902-9429-503F29A90AF9} - System32\Tasks\IEError => C:\Program Files (x86)\Portable Booster\IEError.exe
Task: {FC1C0F88-AE01-437E-8BB5-3449DC9FB04F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-20 17:16 - 2008-07-11 15:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2014-06-20 17:16 - 2008-07-11 15:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-06-20 17:16 - 2012-06-06 09:56 - 00143360 ____N () C:\Program Files\UNi Xonar Audio\Customapp\VmixP8.dll
2014-10-27 18:13 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 18:13 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 18:13 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 18:13 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-27 18:13 - 2014-10-21 23:04 - 00310088 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libexif.dll
2014-10-30 12:59 - 2014-10-30 12:59 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-19 01:05 - 2014-06-19 01:05 - 01020928 _____ () C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3620361521-2290374174-2433197831-500 - Administrator - Disabled)
Guest (S-1-5-21-3620361521-2290374174-2433197831-501 - Limited - Disabled)
pbrunner (S-1-5-21-3620361521-2290374174-2433197831-1000 - Administrator - Enabled) => C:\Users\pbrunner

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2014 11:52:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 07:15:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 06:03:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: realflight.TMP0, version: 2.0.0.709, time stamp: 0x3f721fcf
Faulting module name: realflight.TMP0, version: 2.0.0.709, time stamp: 0x3f721fcf
Exception code: 0xc0000005
Fault offset: 0x0001e8f4
Faulting process id: 0x17bc
Faulting application start time: 0xrealflight.TMP00
Faulting application path: realflight.TMP01
Faulting module path: realflight.TMP02
Report Id: realflight.TMP03

Error: (10/30/2014 08:09:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: javaw.exe, version: 7.0.670.1, time stamp: 0x53d27f39
Faulting module name: glass.dll, version: 0.0.0.0, time stamp: 0x53d28873
Exception code: 0xc0000005
Fault offset: 0x0000000000017f96
Faulting process id: 0x1ef8
Faulting application start time: 0xjavaw.exe0
Faulting application path: javaw.exe1
Faulting module path: javaw.exe2
Report Id: javaw.exe3

Error: (10/24/2014 03:54:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2014 01:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: mozalloc.dll, version: 32.0.3.5379, time stamp: 0x54221b67
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0xfd0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/22/2014 03:27:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2014 03:32:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 10:26:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: mozalloc.dll, version: 32.0.3.5379, time stamp: 0x54221b67
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x19ac
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/09/2014 10:33:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: mozalloc.dll, version: 32.0.3.5379, time stamp: 0x54221b67
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x12e4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (10/30/2014 07:15:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/24/2014 03:55:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/24/2014 02:31:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Framed Display service failed to start due to the following error:
%%3

Error: (10/24/2014 02:31:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Framed Display service failed to start due to the following error:
%%3

Error: (10/24/2014 02:31:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Framed Display service failed to start due to the following error:
%%3

Error: (10/24/2014 02:31:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Framed Display service failed to start due to the following error:
%%3

Error: (10/22/2014 09:36:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/22/2014 09:35:59 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/22/2014 09:35:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/22/2014 09:35:52 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (10/30/2014 11:52:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 07:15:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 06:03:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: realflight.TMP02.0.0.7093f721fcfrealflight.TMP02.0.0.7093f721fcfc00000050001e8f417bc01cff4958e0e6614C:\Program Files (x86)\RealFlight NexSTAR\realflight.TMP0C:\Program Files (x86)\RealFlight NexSTAR\realflight.TMP0f2737ed9-6088-11e4-bafd-001cc0085947

Error: (10/30/2014 08:09:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: javaw.exe7.0.670.153d27f39glass.dll0.0.0.053d28873c00000050000000000017f961ef801cff44224be0838C:\Program Files\Java\jre7\bin\javaw.exeC:\Program Files\Java\jre7\bin\glass.dll007d36fe-6036-11e4-bafd-001cc0085947

Error: (10/24/2014 03:54:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2014 01:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141bfd001cfeeeadcec1871C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2c8f5df1-5bab-11e4-92c9-001cc0085947

Error: (10/22/2014 03:27:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2014 03:32:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 10:26:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b19ac01cfe3d6a8c0b9b8c:\program files (x86)\mozilla firefox\plugin-container.exec:\program files (x86)\mozilla firefox\mozalloc.dll41e3d0bd-52ed-11e4-a9ec-001cc0085947

Error: (10/09/2014 10:33:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b12e401cfe2afee2e6523C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9a9d6744-4fc9-11e4-a9ec-001cc0085947


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 8122.81 MB
Available physical RAM: 4542.04 MB
Total Pagefile: 16243.8 MB
Available Pagefile: 11612.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:683.54 GB) (Free:228.18 GB) NTFS
Drive d: (RFV2NS) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS
Drive i: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2F01DF5D)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 05 November 2014 - 08:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554087 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 BelowtheLine

BelowtheLine
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 05 November 2014 - 11:51 AM

Here's the DDS log - and yes, I do have the Windows DVD available, although hopefully it won't come to that. :-)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.67.2
Run by pbrunner at 10:42:17 on 2014-11-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8123.4021 [GMT -6:00]
.
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\UNi Xonar Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
uRun: [GoogleChromeAutoLaunch_289A04FA287BB88D5C7EAFA2351AC9B4] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [BRS] C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.254.254 192.168.1.1
TCP: Interfaces\{8C2ECCB9-1AB4-4A7F-B3E6-BE4D1BCA223F} : DHCPNameServer = 192.168.254.254 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\
FF - prefs.js: browser.search.selectedEngine - Astromenda
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?ourmark=3&st=mypWeb&mypoints2y_dns4=1&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.astrmndasr.hmpg - true
FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir=
FF - user.js: extensions.astrmndasr.dfltSrch - true
FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
FF - user.js: extensions.astrmndasr.dnsErr - true
FF - user.js: extensions.astrmndasr_i.newTab - true
FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir=
FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir=&q=
FF - user.js: extensions.astrmndasr.id - 001CC00859479727
FF - user.js: extensions.astrmndasr.instlDay - 16367
FF - user.js: extensions.astrmndasr.vrsn -
FF - user.js: extensions.astrmndasr.vrsni -
FF - user.js: extensions.astrmndasr_i.vrsnTs - 13:25:38
FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
FF - user.js: extensions.astrmndasr.prdct - astrmndasr
FF - user.js: extensions.astrmndasr.aflt - ast_ir_14_43_ff
FF - user.js: extensions.astrmndasr_i.smplGrp - none
FF - user.js: extensions.astrmndasr.tlbrId -
FF - user.js: extensions.astrmndasr.instlRef - 142905_b
FF - user.js: extensions.astrmndasr.dfltLng -
FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
FF - user.js: extensions.astrmndasr.excTlbr - false
FF - user.js: extensions.astrmndasr.cr - 1389102685
FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q
FF - user.js: extensions.astrmndasr.AL - 4
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-10-4 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-10-4 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [2014-11-3 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-10-4 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141104.001\IDSviA64.sys [2014-11-4 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-10-4 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-10-4 593112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-29 238080]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 178160]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe [2014-10-4 265040]
R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2014-6-20 2735616]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-24 129752]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-19 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-19 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-10-31 16:12:41    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-10-31 16:10:54    --------    d-----w-    C:\Program Files\iPod
2014-10-31 16:10:41    --------    d-----w-    C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-31 16:10:41    --------    d-----w-    C:\Program Files\iTunes
2014-10-31 16:10:41    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-10-31 16:09:52    --------    d-----w-    C:\Users\pbrunner\AppData\Local\Apple
2014-10-31 16:09:19    --------    d-----w-    C:\Program Files\Bonjour
2014-10-31 16:09:19    --------    d-----w-    C:\Program Files (x86)\Bonjour
2014-10-31 06:19:59    --------    d-----w-    C:\FRST
2014-10-30 23:02:06    --------    d-----w-    C:\Program Files (x86)\directx
2014-10-30 23:01:24    --------    d-----w-    C:\Program Files (x86)\RealFlight NexSTAR
2014-10-30 23:01:24    --------    d-----w-    C:\Program Files (x86)\Common Files\KnifeEdge
2014-10-30 22:58:36    305152    ----a-w-    C:\Windows\IsUninst.exe
2014-10-24 19:01:00    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-24 19:00:50    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-24 19:00:50    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-24 19:00:50    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-10-24 19:00:50    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-10-24 19:00:50    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-23 07:03:06    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2014-10-16 02:16:26    6583296    ----a-w-    C:\Windows\System32\mstscax.dll
2014-10-16 02:16:26    5702656    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-10-16 02:16:17    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-10-11 13:47:36    0    ----a-w-    C:\Windows\SysWow64\FAP5F82.tmp
2014-10-10 13:44:39    0    ----a-w-    C:\Windows\SysWow64\FAP5151.tmp
2014-10-10 13:09:28    0    ----a-w-    C:\Windows\SysWow64\FAP1C60.tmp
2014-10-10 13:09:28    0    ----a-w-    C:\Windows\SysWow64\FAP1C00.tmp
2014-10-10 13:09:26    0    ----a-w-    C:\Windows\SysWow64\FAP13EF.tmp
2014-10-10 07:05:53    0    ----a-w-    C:\Windows\SysWow64\FAP3C1A.tmp
2014-10-10 07:01:52    0    ----a-w-    C:\Windows\SysWow64\FAP8DF5.tmp
2014-10-10 06:27:53    0    ----a-w-    C:\Windows\SysWow64\FAP733E.tmp
2014-10-10 06:23:02    0    ----a-w-    C:\Windows\SysWow64\FAP1F7.tmp
2014-10-10 06:22:46    0    ----a-w-    C:\Windows\SysWow64\FAPC23C.tmp
2014-10-10 06:22:29    0    ----a-w-    C:\Windows\SysWow64\FAP809E.tmp
2014-10-10 06:22:27    0    ----a-w-    C:\Windows\SysWow64\FAP784F.tmp
2014-10-10 06:22:27    0    ----a-w-    C:\Windows\SysWow64\FAP77C0.tmp
2014-10-10 06:22:26    0    ----a-w-    C:\Windows\SysWow64\FAP7685.tmp
2014-10-10 06:12:13    0    ----a-w-    C:\Windows\SysWow64\FAP196B.tmp
2014-10-10 06:12:10    0    ----a-w-    C:\Windows\SysWow64\FAPDE0.tmp
2014-10-10 06:02:12    0    ----a-w-    C:\Windows\SysWow64\FAPED90.tmp
2014-10-10 06:02:08    0    ----a-w-    C:\Windows\SysWow64\FAPE05F.tmp
2014-10-10 05:52:11    0    ----a-w-    C:\Windows\SysWow64\FAPC271.tmp
2014-10-10 05:52:08    0    ----a-w-    C:\Windows\SysWow64\FAPB5FB.tmp
2014-10-10 05:42:05    0    ----a-w-    C:\Windows\SysWow64\FAP81E5.tmp
2014-10-10 05:42:04    0    ----a-w-    C:\Windows\SysWow64\FAP7FFF.tmp
2014-10-10 05:32:06    0    ----a-w-    C:\Windows\SysWow64\FAP5FAF.tmp
2014-10-10 05:32:03    0    ----a-w-    C:\Windows\SysWow64\FAP558B.tmp
2014-10-10 05:22:04    0    ----a-w-    C:\Windows\SysWow64\FAP3079.tmp
2014-10-10 05:22:01    0    ----a-w-    C:\Windows\SysWow64\FAP2471.tmp
2014-10-10 05:12:00    0    ----a-w-    C:\Windows\SysWow64\FAPF973.tmp
2014-10-10 05:12:00    0    ----a-w-    C:\Windows\SysWow64\FAPF7FA.tmp
2014-10-10 05:02:06    0    ----a-w-    C:\Windows\SysWow64\FAPE7F6.tmp
2014-10-10 05:02:03    0    ----a-w-    C:\Windows\SysWow64\FAPDDC2.tmp
2014-10-10 04:51:49    0    ----a-w-    C:\Windows\SysWow64\FAP7DD9.tmp
2014-10-10 04:51:48    0    ----a-w-    C:\Windows\SysWow64\FAP7A2E.tmp
2014-10-10 04:48:00    0    ----a-w-    C:\Windows\SysWow64\FAPFDC7.tmp
2014-10-10 04:47:43    0    ----a-w-    C:\Windows\SysWow64\FAPBD8F.tmp
2014-10-10 04:47:42    0    ----a-w-    C:\Windows\SysWow64\FAPB9D4.tmp
2014-10-10 04:41:48    0    ----a-w-    C:\Windows\SysWow64\FAP51CA.tmp
2014-10-10 04:41:45    0    ----a-w-    C:\Windows\SysWow64\FAP48A0.tmp
2014-10-10 04:31:47    0    ----a-w-    C:\Windows\SysWow64\FAP25A1.tmp
2014-10-10 04:31:44    0    ----a-w-    C:\Windows\SysWow64\FAP1A92.tmp
2014-10-10 04:21:43    0    ----a-w-    C:\Windows\SysWow64\FAPEF08.tmp
2014-10-10 04:21:42    0    ----a-w-    C:\Windows\SysWow64\FAPED50.tmp
2014-10-10 04:11:40    0    ----a-w-    C:\Windows\SysWow64\FAPBA34.tmp
2014-10-10 04:11:37    0    ----a-w-    C:\Windows\SysWow64\FAPB11A.tmp
2014-10-10 04:01:38    0    ----a-w-    C:\Windows\SysWow64\FAP8DBD.tmp
2014-10-10 04:01:36    0    ----a-w-    C:\Windows\SysWow64\FAP835B.tmp
2014-10-10 03:51:36    0    ----a-w-    C:\Windows\SysWow64\FAP5B0C.tmp
2014-10-10 03:51:35    0    ----a-w-    C:\Windows\SysWow64\FAP5A10.tmp
2014-10-10 03:41:36    0    ----a-w-    C:\Windows\SysWow64\FAP3626.tmp
2014-10-10 03:41:34    0    ----a-w-    C:\Windows\SysWow64\FAP2DE7.tmp
2014-10-10 03:31:34    0    ----a-w-    C:\Windows\SysWow64\FAP53B.tmp
2014-10-10 03:31:31    0    ----a-w-    C:\Windows\SysWow64\FAPFAB9.tmp
2014-10-10 03:21:33    0    ----a-w-    C:\Windows\SysWow64\FAPD9DD.tmp
2014-10-10 03:21:29    0    ----a-w-    C:\Windows\SysWow64\FAPCA89.tmp
2014-10-10 03:11:29    0    ----a-w-    C:\Windows\SysWow64\FAPA259.tmp
2014-10-10 03:11:26    0    ----a-w-    C:\Windows\SysWow64\FAP9874.tmp
2014-10-10 03:01:43    0    ----a-w-    C:\Windows\SysWow64\FAPB1D2.tmp
2014-10-10 03:01:26    0    ----a-w-    C:\Windows\SysWow64\FAP7024.tmp
2014-10-10 02:51:24    0    ----a-w-    C:\Windows\SysWow64\FAP40E0.tmp
2014-10-10 02:51:23    0    ----a-w-    C:\Windows\SysWow64\FAP3C79.tmp
2014-10-10 02:49:14    0    ----a-w-    C:\Windows\SysWow64\FAP44DD.tmp
2014-10-10 02:49:14    0    ----a-w-    C:\Windows\SysWow64\FAP4383.tmp
2014-10-10 02:48:24    0    ----a-w-    C:\Windows\SysWow64\FAP8215.tmp
2014-10-10 02:48:20    0    ----a-w-    C:\Windows\SysWow64\FAP71D7.tmp
2014-10-10 02:48:19    0    ----a-w-    C:\Windows\SysWow64\FAP6D70.tmp
2014-10-10 02:47:57    0    ----a-w-    C:\Windows\SysWow64\FAP1730.tmp
2014-10-10 02:47:56    0    ----a-w-    C:\Windows\SysWow64\FAP11DF.tmp
2014-10-10 02:46:50    0    ----a-w-    C:\Windows\SysWow64\FAP11C2.tmp
2014-10-10 02:46:46    0    ----a-w-    C:\Windows\SysWow64\FAP339.tmp
2014-10-10 02:46:41    0    ----a-w-    C:\Windows\SysWow64\FAPEDCB.tmp
2014-10-10 02:46:39    0    ----a-w-    C:\Windows\SysWow64\FAPE453.tmp
2014-10-10 02:46:38    0    ----a-w-    C:\Windows\SysWow64\FAPE1E0.tmp
2014-10-10 02:41:20    0    ----a-w-    C:\Windows\SysWow64\FAP760.tmp
2014-10-10 02:41:17    0    ----a-w-    C:\Windows\SysWow64\FAPFD7B.tmp
2014-10-10 02:31:17    0    ----a-w-    C:\Windows\SysWow64\FAPD636.tmp
2014-10-10 02:31:15    0    ----a-w-    C:\Windows\SysWow64\FAPCC41.tmp
2014-10-10 02:21:16    0    ----a-w-    C:\Windows\SysWow64\FAPA7CB.tmp
2014-10-10 02:21:12    0    ----a-w-    C:\Windows\SysWow64\FAP9913.tmp
.
==================== Find3M  ====================
.
2014-10-22 22:20:15    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-22 22:20:15    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-05 13:42:18    0    ----a-w-    C:\Windows\SysWow64\FAP939B.tmp
2014-10-05 13:42:18    0    ----a-w-    C:\Windows\SysWow64\FAP934B.tmp
2014-10-05 13:42:16    0    ----a-w-    C:\Windows\SysWow64\FAP8BC7.tmp
2014-10-05 02:27:27    0    ----a-w-    C:\Windows\SysWow64\FAPBA55.tmp
2014-09-29 00:58:48    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-09-25 22:32:04    2017280    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02    2108416    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-23 23:15:58    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-19 01:56:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57    5829632    ----a-w-    C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12    4201472    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18    2309632    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-19 00:18:55    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-13 01:58:18    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-09-13 01:40:05    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-09-11 01:52:35    10036224    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-28 20:29:27    444912    ----a-w-    C:\Windows\CouponPrinter.ocx
2014-08-28 20:29:26    659440    ----a-w-    C:\Windows\couponprinter_x64.ocx
2014-08-26 02:20:22    876248    ----a-w-    C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-08-26 02:20:22    37592    ----a-w-    C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-16 04:35:00    6112072    ----a-w-    C:\Windows\System32\usbaaplrc.dll
2014-08-16 04:35:00    54784    ----a-w-    C:\Windows\System32\drivers\usbaapl64.sys
2014-08-13 21:10:45    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
.
============= FINISH: 10:42:58.40 ===============



#5 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:11:50 AM

Posted 05 November 2014 - 01:46 PM

:welcome:

 

You have a lot going on

 

 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #6 BelowtheLine

    BelowtheLine
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:09:50 AM

    Posted 05 November 2014 - 02:35 PM

    Thanks for your help; I've included all three logs below. For what it's worth, since I'm not paying or using the trial of Malwarebytes, the option was grayed out (but appeared checked) to automatically quarantine - the scan results at the end presented me an option to quarantine the threat detected, which I did. 

    Also, I just opened Google Chrome, and Astromenda is still coming up (I checked the homepage default, and it's not that.)

    # AdwCleaner v3.311 - Report created 05/11/2014 at 13:01:17
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : pbrunner - PBRUNNER-PC
    # Running from : C:\Users\pbrunner\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\FCTB
    Folder Deleted : C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    [!] Folder Deleted : C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    [!] Folder Deleted : C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    File Deleted : C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\user.js
    File Deleted : C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BRS]
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Deleted : HKCU\Software\BRS
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.10

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Mozilla Firefox v33.0.2 (x86 en-US)

    [ File : C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\prefs.js ]

    Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
    Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD[...]
    Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytD[...]
    Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
    Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
    Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzy[...]
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.AutoSearchEventData", "auto%20search");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.ClearCacheDate", 5);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.DNSCatch", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.DisplayEULA", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.DnsCatchEventData", "dns%20catch");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.EBOMode", false);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.EnableDCAData_xx", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.EnableDCA_xx", false);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.FirstLaunchShown", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.InstallDomain", "freecause.com");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.InstallType", "one_click");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.LoadLayoutDate.101075", 5);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.NewTabSearchEventData", "tab%20search");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.ShowRecommendedOptions", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.StateReportDate", "1407196765996");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.TopRightSearchEventData", "top%20right%20search");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.beforeInstallSaved", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.beforeinstall.homepage", "www.google.com");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.beforeinstall.search", "Google");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.customNewTab", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.custom_search.KeywordHistory", "kroger%2520weekly%2520deals%7C");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.dcaDefaultMode", false);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.dcaShowInstallerPage", false);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.dcaShowSurvey", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.helpUsImprove", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.hideOthers", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.partnerauth", false);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.processAddrBar", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.remove_homepage", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.remove_search", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.restoreSearch", false);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.searchHistory", true);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.session", "FE3F92FA83014A77617C0259A844B853D95925053ABC7389BB75FED1DE2E78B9C57A2F29B8BA2D0B59E9438C18A063FBF83290C370EE85CF9D61367197E8306E4E51808A[...]
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.showFirstLaunchOptions", false);
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.tb_lang", "en");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.tool_id", "101075");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.user_id", "133334197");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.user_key", "ae5707f03760eb13b8a19ffd53f2b7f39c7229fd");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.user_layouts", "101075");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.user_lnames", "MyPoints%20Toolbar");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
    Line Deleted : user_pref("freecausee3cf95f78178d3b4395761b28eea4d80.yahooSearch", true);

    -\\ Google Chrome v38.0.2125.111

    [ File : C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [9260 octets] - [05/11/2014 12:59:23]
    AdwCleaner[S0].txt - [8702 octets] - [05/11/2014 13:01:17]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8762 octets] ##########
     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.5 (10.31.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by pbrunner on Wed 11/05/2014 at 13:07:43.44
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] couponprinterservice
    Successfully deleted: [Service] couponprinterservice



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{17FFB95C-5C4E-42E5-ADF2-748F1FCEE6AF}



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\pbrunner\AppData\Roaming\mozilla\firefox\profiles\k83j341h.default\extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi
    Successfully deleted the following from C:\Users\pbrunner\AppData\Roaming\mozilla\firefox\profiles\k83j341h.default\prefs.js

    user_pref("keyword.URL", "hxxps://www.mypoints.com/emp/u/mysearch.vm?ourmark=3&st=mypWeb&mypoints2y_dns4=1&q=");
    Emptied folder: C:\Users\pbrunner\AppData\Roaming\mozilla\firefox\profiles\k83j341h.default\minidumps [19 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 11/05/2014 at 13:12:17.34
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/5/2014
    Scan Time: 1:20:04 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.05.09
    Rootkit Database: v2014.11.01.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: pbrunner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 312703
    Time Elapsed: 8 min, 49 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.Astromenda.A, C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\astrmndant, Quarantined, [002da098bdbfef47a6b5bd690201b64a],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)



    #7 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:11:50 AM

    Posted 05 November 2014 - 03:13 PM

    Go ahead and run a new scan with FRST, be sure to checkmark Additions and post both logs please


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #8 BelowtheLine

    BelowtheLine
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:09:50 AM

    Posted 05 November 2014 - 03:16 PM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
    Ran by pbrunner (administrator) on PBRUNNER-PC on 05-11-2014 14:15:27
    Running from C:\Users\pbrunner\Desktop
    Loaded Profile: pbrunner (Available profiles: pbrunner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
    () C:\Windows\SysWOW64\HsMgr.exe
    (CMedia) C:\Program Files\UNi Xonar Audio\Customapp\AsusAudioCenter.exe
    () C:\Windows\system\HsMgr64.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
    HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
    HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-29] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKU\S-1-5-21-3620361521-2290374174-2433197831-1000\...\Run: [GoogleChromeAutoLaunch_289A04FA287BB88D5C7EAFA2351AC9B4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
    HKU\S-1-5-21-3620361521-2290374174-2433197831-1000\...\MountPoints2: {fd76b6cd-f7af-11e3-97e2-806e6f6e6963} - D:\CPanel.exe
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2665C394838BCF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF SearchPlugin: C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\searchplugins\search-and-earn-points.xml
    FF Extension: LastPass - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\support@lastpass.com [2014-06-19]
    FF Extension: Astrmenda Search - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-10-24]
    FF Extension: Adblock Plus - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-19]
    FF Extension: MyPoints Toolbar - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}.xpi [2014-08-04]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-11-05]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir="
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-19]
    CHR Extension: (Google Drive) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-19]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
    CHR Extension: (YouTube) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-19]
    CHR Extension: (Google Cast) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-29]
    CHR Extension: (Adblock Plus) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-19]
    CHR Extension: (Google Search) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-19]
    CHR Extension: (Pin It Button) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-06-22]
    CHR Extension: (Adorable Olaf - Frozen) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnecnlkmjfggfebndpanigjbjfnbomi [2014-06-22]
    CHR Extension: (Google Wallet) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
    CHR Extension: (Gmail) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-19]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
    R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2735616 2013-12-11] (C-Media Inc)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141104.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
    R0 iteatapi; C:\Windows\System32\DRIVERS\iteatapi.sys [38680 2008-05-14] (ITE Tech. Inc.)
    R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141104.035\ENG64.SYS [129752 2014-10-09] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141104.035\EX64.SYS [2137304 2014-10-09] (Symantec Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-19] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-05 14:15 - 2014-11-05 14:15 - 00015502 _____ () C:\Users\pbrunner\Desktop\FRST.txt
    2014-11-05 14:14 - 2014-11-05 14:14 - 00000000 ____D () C:\Users\pbrunner\Desktop\FRST-OlderVersion
    2014-11-05 13:07 - 2014-11-05 13:07 - 00000000 ____D () C:\Windows\ERUNT
    2014-11-05 13:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-11-05 12:59 - 2014-11-05 13:01 - 00000000 ____D () C:\AdwCleaner
    2014-11-05 12:58 - 2014-11-05 12:58 - 01706359 _____ (Thisisu) C:\Users\pbrunner\Desktop\JRT.exe
    2014-11-05 12:57 - 2014-11-05 12:57 - 01375089 _____ () C:\Users\pbrunner\Desktop\AdwCleaner.exe
    2014-11-05 10:48 - 2014-11-05 10:48 - 00002038 _____ () C:\Users\pbrunner\Desktop\attach.zip
    2014-11-05 10:39 - 2014-11-05 10:39 - 00688992 ____R (Swearware) C:\Users\pbrunner\Desktop\dds.com
    2014-10-31 10:12 - 2014-10-31 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-10-31 10:12 - 2012-10-03 15:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2014-10-31 10:10 - 2014-10-31 10:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-10-31 10:10 - 2014-10-31 10:12 - 00000000 ____D () C:\Program Files\iTunes
    2014-10-31 10:10 - 2014-10-31 10:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-10-31 10:10 - 2014-10-31 10:10 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-10-31 10:10 - 2014-10-31 10:10 - 00000000 ____D () C:\Program Files\iPod
    2014-10-31 10:09 - 2014-10-31 10:10 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-10-31 10:09 - 2014-10-31 10:09 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2014-10-31 10:09 - 2014-10-31 10:09 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
    2014-10-31 10:09 - 2014-10-31 10:09 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\Apple
    2014-10-31 10:09 - 2014-10-31 10:09 - 00000000 ____D () C:\Program Files\Bonjour
    2014-10-31 10:09 - 2014-10-31 10:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-10-31 10:09 - 2014-10-31 10:09 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-10-31 10:08 - 2014-10-31 10:09 - 00000000 ____D () C:\ProgramData\Apple
    2014-10-31 00:19 - 2014-11-05 14:15 - 00000000 ____D () C:\FRST
    2014-10-31 00:18 - 2014-11-05 14:14 - 02114560 _____ (Farbar) C:\Users\pbrunner\Desktop\FRST64.exe
    2014-10-30 17:03 - 2014-11-03 11:45 - 00000137 _____ () C:\Windows\realflight.INI
    2014-10-30 17:02 - 2014-10-30 17:02 - 00001986 _____ () C:\Users\Public\Desktop\RealFlight NexSTAR.lnk
    2014-10-30 17:02 - 2014-10-30 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealFlight G2 NexStar Edition
    2014-10-30 17:02 - 2014-10-30 17:02 - 00000000 ____D () C:\Program Files (x86)\directx
    2014-10-30 17:01 - 2014-11-03 11:45 - 00000000 ____D () C:\Program Files (x86)\RealFlight NexSTAR
    2014-10-30 16:58 - 2014-10-30 17:45 - 00003176 _____ () C:\cptime.log
    2014-10-30 16:58 - 1998-07-30 13:51 - 00305152 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
    2014-10-30 11:59 - 2014-10-30 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-24 13:01 - 2014-11-05 13:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-24 13:00 - 2014-10-24 13:00 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-24 13:00 - 2014-10-24 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-24 13:00 - 2014-10-24 13:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-24 13:00 - 2014-10-24 13:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-24 13:00 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-24 13:00 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-24 13:00 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-24 12:58 - 2014-10-24 13:00 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\pbrunner\Desktop\mbam-setup-2.0.3.1025.exe
    2014-10-24 12:26 - 2014-10-24 12:26 - 00003748 _____ () C:\Windows\System32\Tasks\boosterpop
    2014-10-24 12:26 - 2014-10-24 12:26 - 00003644 _____ () C:\Windows\System32\Tasks\IEError
    2014-10-24 12:25 - 2014-10-24 12:25 - 00003490 _____ () C:\Windows\System32\Tasks\AI_Updater
    2014-10-23 01:03 - 2014-10-23 01:03 - 00001277 _____ () C:\Users\pbrunner\Desktop\Revo Uninstaller.lnk
    2014-10-23 01:03 - 2014-10-23 01:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-10-23 01:02 - 2014-10-23 01:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\pbrunner\Desktop\revosetup.exe
    2014-10-22 16:20 - 2014-10-22 16:20 - 00000000 ____D () C:\ProgramData\McAfee
    2014-10-15 20:19 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-15 20:19 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-15 20:19 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-15 20:19 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-15 20:19 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-15 20:19 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-15 20:19 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-15 20:19 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-15 20:19 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-15 20:19 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-15 20:19 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-15 20:19 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-15 20:19 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-15 20:19 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-15 20:19 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-15 20:19 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-15 20:19 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-15 20:19 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-15 20:19 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-15 20:19 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-15 20:19 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-15 20:19 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-15 20:19 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-15 20:19 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-15 20:19 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-15 20:19 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-15 20:19 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-15 20:19 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-15 20:19 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-15 20:19 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-15 20:19 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-15 20:19 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-15 20:19 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-15 20:19 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-15 20:19 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-15 20:19 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-15 20:19 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-15 20:19 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-15 20:19 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-15 20:19 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-15 20:19 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-15 20:19 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-15 20:19 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-15 20:19 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-15 20:19 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-15 20:19 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-15 20:19 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-15 20:19 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-15 20:19 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-15 20:19 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-15 20:19 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-15 20:19 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-15 20:19 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-15 20:19 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-15 20:19 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-15 20:19 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-15 20:19 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-15 20:16 - 2014-08-29 20:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-15 20:16 - 2014-08-29 19:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-15 20:16 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-15 20:15 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-15 20:15 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-15 20:15 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-15 20:15 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-15 20:15 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-15 20:15 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-15 20:15 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-15 20:15 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-15 20:15 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-15 20:15 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-15 20:15 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-15 20:15 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-15 20:15 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-15 20:15 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-15 20:15 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-11 07:47 - 2014-10-11 07:47 - 00000000 _____ () C:\Windows\SysWOW64\FAP5F82.tmp
    2014-10-10 07:44 - 2014-10-10 07:44 - 00000000 _____ () C:\Windows\SysWOW64\FAP5151.tmp
    2014-10-10 07:09 - 2014-10-10 07:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP1C60.tmp
    2014-10-10 07:09 - 2014-10-10 07:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP1C00.tmp
    2014-10-10 07:09 - 2014-10-10 07:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP13EF.tmp
    2014-10-10 01:05 - 2014-10-10 01:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP3C1A.tmp
    2014-10-10 01:01 - 2014-10-10 01:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP8DF5.tmp
    2014-10-10 00:27 - 2014-10-10 00:27 - 00000000 _____ () C:\Windows\SysWOW64\FAP733E.tmp
    2014-10-10 00:23 - 2014-10-10 00:23 - 00000000 _____ () C:\Windows\SysWOW64\FAP1F7.tmp
    2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAPC23C.tmp
    2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP809E.tmp
    2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP784F.tmp
    2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP77C0.tmp
    2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP7685.tmp
    2014-10-10 00:12 - 2014-10-10 00:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPDE0.tmp
    2014-10-10 00:12 - 2014-10-10 00:12 - 00000000 _____ () C:\Windows\SysWOW64\FAP196B.tmp
    2014-10-10 00:02 - 2014-10-10 00:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPED90.tmp
    2014-10-10 00:02 - 2014-10-10 00:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPE05F.tmp
    2014-10-09 23:52 - 2014-10-09 23:52 - 00000000 _____ () C:\Windows\SysWOW64\FAPC271.tmp
    2014-10-09 23:52 - 2014-10-09 23:52 - 00000000 _____ () C:\Windows\SysWOW64\FAPB5FB.tmp
    2014-10-09 23:42 - 2014-10-09 23:42 - 00000000 _____ () C:\Windows\SysWOW64\FAP81E5.tmp
    2014-10-09 23:42 - 2014-10-09 23:42 - 00000000 _____ () C:\Windows\SysWOW64\FAP7FFF.tmp
    2014-10-09 23:32 - 2014-10-09 23:32 - 00000000 _____ () C:\Windows\SysWOW64\FAP5FAF.tmp
    2014-10-09 23:32 - 2014-10-09 23:32 - 00000000 _____ () C:\Windows\SysWOW64\FAP558B.tmp
    2014-10-09 23:22 - 2014-10-09 23:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP3079.tmp
    2014-10-09 23:22 - 2014-10-09 23:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP2471.tmp
    2014-10-09 23:12 - 2014-10-09 23:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPF973.tmp
    2014-10-09 23:12 - 2014-10-09 23:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPF7FA.tmp
    2014-10-09 23:02 - 2014-10-09 23:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPE7F6.tmp
    2014-10-09 23:02 - 2014-10-09 23:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPDDC2.tmp
    2014-10-09 22:51 - 2014-10-09 22:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP7DD9.tmp
    2014-10-09 22:51 - 2014-10-09 22:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP7A2E.tmp
    2014-10-09 22:48 - 2014-10-09 22:48 - 00000000 _____ () C:\Windows\SysWOW64\FAPFDC7.tmp
    2014-10-09 22:47 - 2014-10-09 22:47 - 00000000 _____ () C:\Windows\SysWOW64\FAPBD8F.tmp
    2014-10-09 22:47 - 2014-10-09 22:47 - 00000000 _____ () C:\Windows\SysWOW64\FAPB9D4.tmp
    2014-10-09 22:41 - 2014-10-09 22:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP51CA.tmp
    2014-10-09 22:41 - 2014-10-09 22:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP48A0.tmp
    2014-10-09 22:31 - 2014-10-09 22:31 - 00000000 _____ () C:\Windows\SysWOW64\FAP25A1.tmp
    2014-10-09 22:31 - 2014-10-09 22:31 - 00000000 _____ () C:\Windows\SysWOW64\FAP1A92.tmp
    2014-10-09 22:21 - 2014-10-09 22:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPEF08.tmp
    2014-10-09 22:21 - 2014-10-09 22:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPED50.tmp
    2014-10-09 22:11 - 2014-10-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPBA34.tmp
    2014-10-09 22:11 - 2014-10-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPB11A.tmp
    2014-10-09 22:01 - 2014-10-09 22:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP8DBD.tmp
    2014-10-09 22:01 - 2014-10-09 22:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP835B.tmp
    2014-10-09 21:51 - 2014-10-09 21:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP5B0C.tmp
    2014-10-09 21:51 - 2014-10-09 21:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP5A10.tmp
    2014-10-09 21:41 - 2014-10-09 21:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP3626.tmp
    2014-10-09 21:41 - 2014-10-09 21:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP2DE7.tmp
    2014-10-09 21:31 - 2014-10-09 21:31 - 00000000 _____ () C:\Windows\SysWOW64\FAPFAB9.tmp
    2014-10-09 21:31 - 2014-10-09 21:31 - 00000000 _____ () C:\Windows\SysWOW64\FAP53B.tmp
    2014-10-09 21:21 - 2014-10-09 21:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPD9DD.tmp
    2014-10-09 21:21 - 2014-10-09 21:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPCA89.tmp
    2014-10-09 21:11 - 2014-10-09 21:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPA259.tmp
    2014-10-09 21:11 - 2014-10-09 21:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP9874.tmp
    2014-10-09 21:01 - 2014-10-09 21:01 - 00000000 _____ () C:\Windows\SysWOW64\FAPB1D2.tmp
    2014-10-09 21:01 - 2014-10-09 21:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP7024.tmp
    2014-10-09 20:51 - 2014-10-09 20:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP40E0.tmp
    2014-10-09 20:51 - 2014-10-09 20:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP3C79.tmp
    2014-10-09 20:49 - 2014-10-09 20:49 - 00000000 _____ () C:\Windows\SysWOW64\FAP44DD.tmp
    2014-10-09 20:49 - 2014-10-09 20:49 - 00000000 _____ () C:\Windows\SysWOW64\FAP4383.tmp
    2014-10-09 20:48 - 2014-10-09 20:48 - 00000000 _____ () C:\Windows\SysWOW64\FAP8215.tmp
    2014-10-09 20:48 - 2014-10-09 20:48 - 00000000 _____ () C:\Windows\SysWOW64\FAP71D7.tmp
    2014-10-09 20:48 - 2014-10-09 20:48 - 00000000 _____ () C:\Windows\SysWOW64\FAP6D70.tmp
    2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 _____ () C:\Windows\SysWOW64\FAP1730.tmp
    2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 _____ () C:\Windows\SysWOW64\FAP11DF.tmp
    2014-10-09 20:46 - 2014-10-09 20:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPEDCB.tmp
    2014-10-09 20:46 - 2014-10-09 20:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPE453.tmp
    2014-10-09 20:46 - 2014-10-09 20:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPE1E0.tmp
    2014-10-09 20:46 - 2014-10-09 20:46 - 00000000 _____ () C:\Windows\SysWOW64\FAP339.tmp
    2014-10-09 20:46 - 2014-10-09 20:46 - 00000000 _____ () C:\Windows\SysWOW64\FAP11C2.tmp
    2014-10-09 20:41 - 2014-10-09 20:41 - 00000000 _____ () C:\Windows\SysWOW64\FAPFD7B.tmp
    2014-10-09 20:41 - 2014-10-09 20:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP760.tmp
    2014-10-09 20:31 - 2014-10-09 20:31 - 00000000 _____ () C:\Windows\SysWOW64\FAPD636.tmp
    2014-10-09 20:31 - 2014-10-09 20:31 - 00000000 _____ () C:\Windows\SysWOW64\FAPCC41.tmp
    2014-10-09 20:21 - 2014-10-09 20:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPA7CB.tmp
    2014-10-09 20:21 - 2014-10-09 20:21 - 00000000 _____ () C:\Windows\SysWOW64\FAP9913.tmp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-05 13:52 - 2014-06-19 23:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-05 13:10 - 2009-07-13 22:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-05 13:10 - 2009-07-13 22:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-05 13:09 - 2009-07-13 23:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-05 13:08 - 2014-06-19 01:06 - 01435192 _____ () C:\Windows\WindowsUpdate.log
    2014-11-05 13:06 - 2014-06-19 00:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-05 13:03 - 2010-11-20 21:47 - 00319374 _____ () C:\Windows\PFRO.log
    2014-11-05 13:03 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-05 13:03 - 2009-07-13 22:51 - 00037026 _____ () C:\Windows\setupact.log
    2014-11-05 09:08 - 2014-06-21 20:23 - 00000000 ____D () C:\Users\pbrunner\AppData\Roaming\.minecraft
    2014-11-03 14:55 - 2014-06-19 17:49 - 00000000 ____D () C:\Program Files (x86)\Quicken
    2014-11-02 13:36 - 2014-07-04 22:07 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\CrashDumps
    2014-10-31 10:15 - 2014-08-18 18:38 - 00000000 ____D () C:\Users\pbrunner\AppData\Roaming\Apple Computer
    2014-10-31 10:12 - 2014-08-18 18:38 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\Apple Computer
    2014-10-30 22:50 - 2014-06-19 00:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-10-30 17:02 - 2014-07-05 12:14 - 00001026 _____ () C:\Windows\DirectX.log
    2014-10-30 17:02 - 2009-07-13 20:34 - 00000597 _____ () C:\Windows\win.ini
    2014-10-27 17:13 - 2014-06-19 00:02 - 00002192 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-10-26 14:56 - 2014-09-21 14:37 - 00000000 ____D () C:\Users\pbrunner\AppData\Roaming\Mumble
    2014-10-26 12:33 - 2014-06-19 00:00 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\Deployment
    2014-10-24 14:53 - 2009-07-13 22:45 - 00348992 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-24 14:52 - 2009-07-13 22:45 - 00000000 ____D () C:\Windows\Setup
    2014-10-24 14:52 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
    2014-10-24 12:56 - 2014-06-19 00:00 - 00077488 _____ () C:\Users\pbrunner\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-10-22 16:55 - 2014-08-20 16:20 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\Adobe
    2014-10-22 16:20 - 2014-06-19 23:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-10-22 16:20 - 2014-06-19 23:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-22 16:20 - 2014-06-19 23:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-10-22 02:06 - 2014-06-19 00:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-22 02:06 - 2014-06-19 00:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-22 02:06 - 2014-06-19 00:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-16 03:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-16 02:06 - 2014-06-19 02:15 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-16 02:00 - 2014-06-19 02:15 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    Some content of TEMP:
    ====================
    C:\Users\pbrunner\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-05 00:28

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
    Ran by pbrunner at 2014-11-05 14:15:57
    Running from C:\Users\pbrunner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    LEGO Minifigures Online (HKCU\...\423b93224c69643b) (Version: 1.0.0.0 - Funcom)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
    Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
    OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
    Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
    RealFlight G2 NexSTAR Simulator (HKLM-x32\...\RealFlight2NexSTAR) (Version:  - )
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

    ==================== Restore Points  =========================

    23-10-2014 07:03:20 Revo Uninstaller's restore point - McAfee Security Scan Plus
    24-10-2014 21:04:35 Removed PCBooster
    31-10-2014 16:09:56 Installed iTunes

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00CAE86E-7205-45DA-813B-84E946AEEAE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
    Task: {265730BC-F0C9-4BF1-BE0B-0BC4456E26A4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3562A2D3-6FB4-41A6-9088-FFD2AD63B4E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22] (Adobe Systems Incorporated)
    Task: {456A99C8-947D-48BD-864B-64F45E18F90A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {678B037B-028C-44A9-9672-0837E4E59136} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Portable Booster\\updater.exe
    Task: {67EC06E9-D82F-42BC-AE10-762322762AE6} - System32\Tasks\boosterpop => C:\Program Files (x86)\Portable Booster\\WarningPopUp.exe
    Task: {AA38CE76-AA01-4AD8-A36C-7D3C3B9FE9E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
    Task: {B6FC2308-6352-4601-B61D-CEAC7FE9B4AE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {D4DFD460-0BFD-4912-9D75-F08E72599875} - System32\Tasks\{EE175FBE-03C5-4547-ABD9-B5A45EEE69EF} => C:\Users\pbrunner\Downloads\Audio_IDT_5.10.5762.00_Vistax64Vistax86_A\Audio_IDT_5.10.5762.00_Vistax86x64\setup.exe
    Task: {FB99CDFA-A22E-4902-9429-503F29A90AF9} - System32\Tasks\IEError => C:\Program Files (x86)\Portable Booster\IEError.exe
    Task: {FC1C0F88-AE01-437E-8BB5-3449DC9FB04F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-06-20 16:16 - 2008-07-11 14:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
    2014-06-20 16:16 - 2008-07-11 14:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
    2013-06-18 14:49 - 2013-06-18 14:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2013-04-29 22:08 - 2013-04-29 22:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-06-20 16:16 - 2012-06-06 08:56 - 00143360 ____N () C:\Program Files\UNi Xonar Audio\Customapp\VmixP8.dll
    2014-10-30 11:59 - 2014-10-30 11:59 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2014-06-19 00:05 - 2014-06-19 00:05 - 01020928 _____ () C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    2014-10-27 17:13 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
    2014-10-27 17:13 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
    2014-10-27 17:13 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
    2014-10-27 17:13 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
    2014-10-27 17:13 - 2014-10-21 22:04 - 00310088 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libexif.dll
    2014-10-27 17:13 - 2014-10-21 22:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
    2014-10-22 16:20 - 2014-10-22 16:20 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3620361521-2290374174-2433197831-500 - Administrator - Disabled)
    Guest (S-1-5-21-3620361521-2290374174-2433197831-501 - Limited - Disabled)
    pbrunner (S-1-5-21-3620361521-2290374174-2433197831-1000 - Administrator - Enabled) => C:\Users\pbrunner

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
    Percentage of memory in use: 30%
    Total physical RAM: 8122.81 MB
    Available physical RAM: 5682.16 MB
    Total Pagefile: 16243.8 MB
    Available Pagefile: 13260.67 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (eMachines) (Fixed) (Total:683.54 GB) (Free:228.44 GB) NTFS
    Drive d: (RFV2NS) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS
    Drive i: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2F01DF5D)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=683.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    Edited by BelowtheLine, 05 November 2014 - 03:18 PM.


    #9 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:11:50 AM

    Posted 05 November 2014 - 04:18 PM

     
    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
     
    Start
    CloseProcesses:
    FF Extension: Astrmenda Search - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-10-24]
    FF Extension: MyPoints Toolbar - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}.xpi [2014-08-04]
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir="
    C:\Windows\System32\Tasks\boosterpop
    C:\Windows\System32\Tasks\IEError
    C:\Windows\System32\Tasks\AI_Updater
    C:\Program Files (x86)\Portable Booster
    Task: {678B037B-028C-44A9-9672-0837E4E59136} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Portable Booster\\updater.exe
    Task: {67EC06E9-D82F-42BC-AE10-762322762AE6} - System32\Tasks\boosterpop => C:\Program Files (x86)\Portable Booster\\WarningPopUp.exe
    Task: {FB99CDFA-A22E-4902-9429-503F29A90AF9} - System32\Tasks\IEError => C:\Program Files (x86)\Portable Booster\IEError.exe
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     
     
     
    Let me know if its gone ?????

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #10 BelowtheLine

    BelowtheLine
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:09:50 AM

    Posted 05 November 2014 - 04:40 PM

    Seems to be gone! Here's the log:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
    Ran by pbrunner at 2014-11-05 15:35:09 Run:1
    Running from C:\Users\pbrunner\Desktop
    Loaded Profile: pbrunner (Available profiles: pbrunner)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    FF Extension: Astrmenda Search - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-10-24]
    FF Extension: MyPoints Toolbar - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}.xpi [2014-08-04]
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_ir_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtDzzyDzyyEyBzyyBtByBtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzzyBtD0B0E0EtCtG0EyByD0FtGtCzztDzztGzztCtA0FtGtCtAtBzy0DtBtD0FyEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0D0A0D0D0EyDtGyDyDyCtAtGyEyD0BtBtGzy0E0EtAtGyByEyCtA0CyDyD0CyEzzyDzy2Q&cr=1389102685&ir="
    C:\Windows\System32\Tasks\boosterpop
    C:\Windows\System32\Tasks\IEError
    C:\Windows\System32\Tasks\AI_Updater
    C:\Program Files (x86)\Portable Booster
    Task: {678B037B-028C-44A9-9672-0837E4E59136} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Portable Booster\\updater.exe
    Task: {67EC06E9-D82F-42BC-AE10-762322762AE6} - System32\Tasks\boosterpop => C:\Program Files (x86)\Portable Booster\\WarningPopUp.exe
    Task: {FB99CDFA-A22E-4902-9429-503F29A90AF9} - System32\Tasks\IEError => C:\Program Files (x86)\Portable Booster\IEError.exe
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} => Moved successfully.
    C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}.xpi => Moved successfully.
    Chrome StartupUrls deleted successfully.
    C:\Windows\System32\Tasks\boosterpop => Moved successfully.
    C:\Windows\System32\Tasks\IEError => Moved successfully.
    C:\Windows\System32\Tasks\AI_Updater => Moved successfully.
    "C:\Program Files (x86)\Portable Booster" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{678B037B-028C-44A9-9672-0837E4E59136}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678B037B-028C-44A9-9672-0837E4E59136}" => Key deleted successfully.
    C:\Windows\System32\Tasks\AI_Updater not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AI_Updater" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67EC06E9-D82F-42BC-AE10-762322762AE6}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67EC06E9-D82F-42BC-AE10-762322762AE6}" => Key deleted successfully.
    C:\Windows\System32\Tasks\boosterpop not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB99CDFA-A22E-4902-9429-503F29A90AF9}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB99CDFA-A22E-4902-9429-503F29A90AF9}" => Key deleted successfully.
    C:\Windows\System32\Tasks\IEError not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IEError" => Key deleted successfully.

    =========  ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 1.1 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====



    #11 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:11:50 AM

    Posted 05 November 2014 - 04:49 PM

    Go ahead and run a new scan with FRST, checkmark Additions and post both NEW logs and lets see if its all gone


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #12 BelowtheLine

    BelowtheLine
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:09:50 AM

    Posted 05 November 2014 - 05:08 PM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
    Ran by pbrunner (administrator) on PBRUNNER-PC on 05-11-2014 16:06:40
    Running from C:\Users\pbrunner\Desktop
    Loaded Profile: pbrunner (Available profiles: pbrunner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
    () C:\Windows\SysWOW64\HsMgr.exe
    () C:\Windows\system\HsMgr64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CMedia) C:\Program Files\UNi Xonar Audio\Customapp\AsusAudioCenter.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
    HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
    HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-29] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKU\S-1-5-21-3620361521-2290374174-2433197831-1000\...\Run: [GoogleChromeAutoLaunch_289A04FA287BB88D5C7EAFA2351AC9B4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
    HKU\S-1-5-21-3620361521-2290374174-2433197831-1000\...\MountPoints2: {fd76b6cd-f7af-11e3-97e2-806e6f6e6963} - D:\CPanel.exe
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2665C394838BCF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF SearchPlugin: C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\searchplugins\search-and-earn-points.xml
    FF Extension: LastPass - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\support@lastpass.com [2014-06-19]
    FF Extension: Adblock Plus - C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-19]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-11-05]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-19]
    CHR Extension: (Google Drive) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-19]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
    CHR Extension: (YouTube) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-19]
    CHR Extension: (Google Cast) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-29]
    CHR Extension: (Adblock Plus) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-19]
    CHR Extension: (Google Search) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-19]
    CHR Extension: (Pin It Button) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-06-22]
    CHR Extension: (Adorable Olaf - Frozen) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnecnlkmjfggfebndpanigjbjfnbomi [2014-06-22]
    CHR Extension: (Google Wallet) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
    CHR Extension: (Gmail) - C:\Users\pbrunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-19]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
    R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2735616 2013-12-11] (C-Media Inc)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141104.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
    R0 iteatapi; C:\Windows\System32\DRIVERS\iteatapi.sys [38680 2008-05-14] (ITE Tech. Inc.)
    R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141105.003\ENG64.SYS [129752 2014-10-09] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141105.003\EX64.SYS [2137304 2014-10-09] (Symantec Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-19] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-05 14:15 - 2014-11-05 16:07 - 00014580 _____ () C:\Users\pbrunner\Desktop\FRST.txt
    2014-11-05 14:14 - 2014-11-05 14:14 - 00000000 ____D () C:\Users\pbrunner\Desktop\FRST-OlderVersion
    2014-11-05 13:07 - 2014-11-05 13:07 - 00000000 ____D () C:\Windows\ERUNT
    2014-11-05 13:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-11-05 12:59 - 2014-11-05 13:01 - 00000000 ____D () C:\AdwCleaner
    2014-11-05 12:58 - 2014-11-05 12:58 - 01706359 _____ (Thisisu) C:\Users\pbrunner\Desktop\JRT.exe
    2014-11-05 12:57 - 2014-11-05 12:57 - 01375089 _____ () C:\Users\pbrunner\Desktop\AdwCleaner.exe
    2014-11-05 10:48 - 2014-11-05 10:48 - 00002038 _____ () C:\Users\pbrunner\Desktop\attach.zip
    2014-11-05 10:39 - 2014-11-05 10:39 - 00688992 ____R (Swearware) C:\Users\pbrunner\Desktop\dds.com
    2014-10-31 10:12 - 2014-10-31 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-10-31 10:12 - 2012-10-03 15:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2014-10-31 10:10 - 2014-10-31 10:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-10-31 10:10 - 2014-10-31 10:12 - 00000000 ____D () C:\Program Files\iTunes
    2014-10-31 10:10 - 2014-10-31 10:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-10-31 10:10 - 2014-10-31 10:10 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-10-31 10:10 - 2014-10-31 10:10 - 00000000 ____D () C:\Program Files\iPod
    2014-10-31 10:09 - 2014-10-31 10:10 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-10-31 10:09 - 2014-10-31 10:09 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2014-10-31 10:09 - 2014-10-31 10:09 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
    2014-10-31 10:09 - 2014-10-31 10:09 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\Apple
    2014-10-31 10:09 - 2014-10-31 10:09 - 00000000 ____D () C:\Program Files\Bonjour
    2014-10-31 10:09 - 2014-10-31 10:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-10-31 10:09 - 2014-10-31 10:09 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-10-31 10:08 - 2014-10-31 10:09 - 00000000 ____D () C:\ProgramData\Apple
    2014-10-31 00:19 - 2014-11-05 16:06 - 00000000 ____D () C:\FRST
    2014-10-31 00:18 - 2014-11-05 14:14 - 02114560 _____ (Farbar) C:\Users\pbrunner\Desktop\FRST64.exe
    2014-10-30 17:03 - 2014-11-03 11:45 - 00000137 _____ () C:\Windows\realflight.INI
    2014-10-30 17:02 - 2014-10-30 17:02 - 00001986 _____ () C:\Users\Public\Desktop\RealFlight NexSTAR.lnk
    2014-10-30 17:02 - 2014-10-30 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealFlight G2 NexStar Edition
    2014-10-30 17:02 - 2014-10-30 17:02 - 00000000 ____D () C:\Program Files (x86)\directx
    2014-10-30 17:01 - 2014-11-03 11:45 - 00000000 ____D () C:\Program Files (x86)\RealFlight NexSTAR
    2014-10-30 16:58 - 2014-10-30 17:45 - 00003176 _____ () C:\cptime.log
    2014-10-30 16:58 - 1998-07-30 13:51 - 00305152 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
    2014-10-30 11:59 - 2014-10-30 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-24 13:01 - 2014-11-05 13:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-24 13:00 - 2014-10-24 13:00 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-24 13:00 - 2014-10-24 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-24 13:00 - 2014-10-24 13:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-24 13:00 - 2014-10-24 13:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-24 13:00 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-24 13:00 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-24 13:00 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-24 12:58 - 2014-10-24 13:00 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\pbrunner\Desktop\mbam-setup-2.0.3.1025.exe
    2014-10-23 01:03 - 2014-10-23 01:03 - 00001277 _____ () C:\Users\pbrunner\Desktop\Revo Uninstaller.lnk
    2014-10-23 01:03 - 2014-10-23 01:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
    2014-10-23 01:02 - 2014-10-23 01:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\pbrunner\Desktop\revosetup.exe
    2014-10-22 16:20 - 2014-10-22 16:20 - 00000000 ____D () C:\ProgramData\McAfee
    2014-10-15 20:19 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-15 20:19 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-15 20:19 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-15 20:19 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-15 20:19 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-15 20:19 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-15 20:19 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-15 20:19 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-15 20:19 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-15 20:19 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-15 20:19 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-15 20:19 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-15 20:19 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-15 20:19 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-15 20:19 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-15 20:19 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-15 20:19 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-15 20:19 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-15 20:19 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-15 20:19 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-15 20:19 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-15 20:19 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-15 20:19 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-15 20:19 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-15 20:19 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-15 20:19 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-15 20:19 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-15 20:19 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-15 20:19 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-15 20:19 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-15 20:19 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-15 20:19 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-15 20:19 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-15 20:19 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-15 20:19 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-15 20:19 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-15 20:19 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-15 20:19 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-15 20:19 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-15 20:19 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-15 20:19 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-15 20:19 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-15 20:19 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-15 20:19 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-15 20:19 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-15 20:19 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-15 20:19 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-15 20:19 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-15 20:19 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-15 20:19 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-15 20:19 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-15 20:19 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-15 20:19 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-15 20:19 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-15 20:19 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-15 20:19 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-15 20:19 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-15 20:19 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-15 20:16 - 2014-08-29 20:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-15 20:16 - 2014-08-29 19:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-15 20:16 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-15 20:15 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-15 20:15 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-15 20:15 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-15 20:15 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-15 20:15 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-15 20:15 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-15 20:15 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-15 20:15 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-15 20:15 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-15 20:15 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-15 20:15 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-15 20:15 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-15 20:15 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-15 20:15 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-15 20:15 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-11 07:47 - 2014-10-11 07:47 - 00000000 _____ () C:\Windows\SysWOW64\FAP5F82.tmp
    2014-10-10 07:44 - 2014-10-10 07:44 - 00000000 _____ () C:\Windows\SysWOW64\FAP5151.tmp
    2014-10-10 07:09 - 2014-10-10 07:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP1C60.tmp
    2014-10-10 07:09 - 2014-10-10 07:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP1C00.tmp
    2014-10-10 07:09 - 2014-10-10 07:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP13EF.tmp
    2014-10-10 01:05 - 2014-10-10 01:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP3C1A.tmp
    2014-10-10 01:01 - 2014-10-10 01:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP8DF5.tmp
    2014-10-10 00:27 - 2014-10-10 00:27 - 00000000 _____ () C:\Windows\SysWOW64\FAP733E.tmp
    2014-10-10 00:23 - 2014-10-10 00:23 - 00000000 _____ () C:\Windows\SysWOW64\FAP1F7.tmp
    2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAPC23C.tmp
    2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP809E.tmp
    2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP784F.tmp
    2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP77C0.tmp
    2014-10-10 00:22 - 2014-10-10 00:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP7685.tmp
    2014-10-10 00:12 - 2014-10-10 00:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPDE0.tmp
    2014-10-10 00:12 - 2014-10-10 00:12 - 00000000 _____ () C:\Windows\SysWOW64\FAP196B.tmp
    2014-10-10 00:02 - 2014-10-10 00:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPED90.tmp
    2014-10-10 00:02 - 2014-10-10 00:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPE05F.tmp
    2014-10-09 23:52 - 2014-10-09 23:52 - 00000000 _____ () C:\Windows\SysWOW64\FAPC271.tmp
    2014-10-09 23:52 - 2014-10-09 23:52 - 00000000 _____ () C:\Windows\SysWOW64\FAPB5FB.tmp
    2014-10-09 23:42 - 2014-10-09 23:42 - 00000000 _____ () C:\Windows\SysWOW64\FAP81E5.tmp
    2014-10-09 23:42 - 2014-10-09 23:42 - 00000000 _____ () C:\Windows\SysWOW64\FAP7FFF.tmp
    2014-10-09 23:32 - 2014-10-09 23:32 - 00000000 _____ () C:\Windows\SysWOW64\FAP5FAF.tmp
    2014-10-09 23:32 - 2014-10-09 23:32 - 00000000 _____ () C:\Windows\SysWOW64\FAP558B.tmp
    2014-10-09 23:22 - 2014-10-09 23:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP3079.tmp
    2014-10-09 23:22 - 2014-10-09 23:22 - 00000000 _____ () C:\Windows\SysWOW64\FAP2471.tmp
    2014-10-09 23:12 - 2014-10-09 23:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPF973.tmp
    2014-10-09 23:12 - 2014-10-09 23:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPF7FA.tmp
    2014-10-09 23:02 - 2014-10-09 23:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPE7F6.tmp
    2014-10-09 23:02 - 2014-10-09 23:02 - 00000000 _____ () C:\Windows\SysWOW64\FAPDDC2.tmp
    2014-10-09 22:51 - 2014-10-09 22:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP7DD9.tmp
    2014-10-09 22:51 - 2014-10-09 22:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP7A2E.tmp
    2014-10-09 22:48 - 2014-10-09 22:48 - 00000000 _____ () C:\Windows\SysWOW64\FAPFDC7.tmp
    2014-10-09 22:47 - 2014-10-09 22:47 - 00000000 _____ () C:\Windows\SysWOW64\FAPBD8F.tmp
    2014-10-09 22:47 - 2014-10-09 22:47 - 00000000 _____ () C:\Windows\SysWOW64\FAPB9D4.tmp
    2014-10-09 22:41 - 2014-10-09 22:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP51CA.tmp
    2014-10-09 22:41 - 2014-10-09 22:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP48A0.tmp
    2014-10-09 22:31 - 2014-10-09 22:31 - 00000000 _____ () C:\Windows\SysWOW64\FAP25A1.tmp
    2014-10-09 22:31 - 2014-10-09 22:31 - 00000000 _____ () C:\Windows\SysWOW64\FAP1A92.tmp
    2014-10-09 22:21 - 2014-10-09 22:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPEF08.tmp
    2014-10-09 22:21 - 2014-10-09 22:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPED50.tmp
    2014-10-09 22:11 - 2014-10-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPBA34.tmp
    2014-10-09 22:11 - 2014-10-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPB11A.tmp
    2014-10-09 22:01 - 2014-10-09 22:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP8DBD.tmp
    2014-10-09 22:01 - 2014-10-09 22:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP835B.tmp
    2014-10-09 21:51 - 2014-10-09 21:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP5B0C.tmp
    2014-10-09 21:51 - 2014-10-09 21:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP5A10.tmp
    2014-10-09 21:41 - 2014-10-09 21:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP3626.tmp
    2014-10-09 21:41 - 2014-10-09 21:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP2DE7.tmp
    2014-10-09 21:31 - 2014-10-09 21:31 - 00000000 _____ () C:\Windows\SysWOW64\FAPFAB9.tmp
    2014-10-09 21:31 - 2014-10-09 21:31 - 00000000 _____ () C:\Windows\SysWOW64\FAP53B.tmp
    2014-10-09 21:21 - 2014-10-09 21:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPD9DD.tmp
    2014-10-09 21:21 - 2014-10-09 21:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPCA89.tmp
    2014-10-09 21:11 - 2014-10-09 21:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPA259.tmp
    2014-10-09 21:11 - 2014-10-09 21:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP9874.tmp
    2014-10-09 21:01 - 2014-10-09 21:01 - 00000000 _____ () C:\Windows\SysWOW64\FAPB1D2.tmp
    2014-10-09 21:01 - 2014-10-09 21:01 - 00000000 _____ () C:\Windows\SysWOW64\FAP7024.tmp
    2014-10-09 20:51 - 2014-10-09 20:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP40E0.tmp
    2014-10-09 20:51 - 2014-10-09 20:51 - 00000000 _____ () C:\Windows\SysWOW64\FAP3C79.tmp
    2014-10-09 20:49 - 2014-10-09 20:49 - 00000000 _____ () C:\Windows\SysWOW64\FAP44DD.tmp
    2014-10-09 20:49 - 2014-10-09 20:49 - 00000000 _____ () C:\Windows\SysWOW64\FAP4383.tmp
    2014-10-09 20:48 - 2014-10-09 20:48 - 00000000 _____ () C:\Windows\SysWOW64\FAP8215.tmp
    2014-10-09 20:48 - 2014-10-09 20:48 - 00000000 _____ () C:\Windows\SysWOW64\FAP71D7.tmp
    2014-10-09 20:48 - 2014-10-09 20:48 - 00000000 _____ () C:\Windows\SysWOW64\FAP6D70.tmp
    2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 _____ () C:\Windows\SysWOW64\FAP1730.tmp
    2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 _____ () C:\Windows\SysWOW64\FAP11DF.tmp
    2014-10-09 20:46 - 2014-10-09 20:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPEDCB.tmp
    2014-10-09 20:46 - 2014-10-09 20:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPE453.tmp
    2014-10-09 20:46 - 2014-10-09 20:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPE1E0.tmp
    2014-10-09 20:46 - 2014-10-09 20:46 - 00000000 _____ () C:\Windows\SysWOW64\FAP339.tmp
    2014-10-09 20:46 - 2014-10-09 20:46 - 00000000 _____ () C:\Windows\SysWOW64\FAP11C2.tmp
    2014-10-09 20:41 - 2014-10-09 20:41 - 00000000 _____ () C:\Windows\SysWOW64\FAPFD7B.tmp
    2014-10-09 20:41 - 2014-10-09 20:41 - 00000000 _____ () C:\Windows\SysWOW64\FAP760.tmp
    2014-10-09 20:31 - 2014-10-09 20:31 - 00000000 _____ () C:\Windows\SysWOW64\FAPD636.tmp
    2014-10-09 20:31 - 2014-10-09 20:31 - 00000000 _____ () C:\Windows\SysWOW64\FAPCC41.tmp
    2014-10-09 20:21 - 2014-10-09 20:21 - 00000000 _____ () C:\Windows\SysWOW64\FAPA7CB.tmp
    2014-10-09 20:21 - 2014-10-09 20:21 - 00000000 _____ () C:\Windows\SysWOW64\FAP9913.tmp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-05 15:52 - 2014-06-19 23:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-05 15:44 - 2009-07-13 22:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-05 15:44 - 2009-07-13 22:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-05 15:43 - 2009-07-13 23:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-05 15:41 - 2014-06-19 01:06 - 01442055 _____ () C:\Windows\WindowsUpdate.log
    2014-11-05 15:37 - 2014-06-19 00:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-05 15:37 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-05 15:37 - 2009-07-13 22:51 - 00037082 _____ () C:\Windows\setupact.log
    2014-11-05 13:03 - 2010-11-20 21:47 - 00319374 _____ () C:\Windows\PFRO.log
    2014-11-05 09:08 - 2014-06-21 20:23 - 00000000 ____D () C:\Users\pbrunner\AppData\Roaming\.minecraft
    2014-11-03 14:55 - 2014-06-19 17:49 - 00000000 ____D () C:\Program Files (x86)\Quicken
    2014-11-02 13:36 - 2014-07-04 22:07 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\CrashDumps
    2014-10-31 10:15 - 2014-08-18 18:38 - 00000000 ____D () C:\Users\pbrunner\AppData\Roaming\Apple Computer
    2014-10-31 10:12 - 2014-08-18 18:38 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\Apple Computer
    2014-10-30 22:50 - 2014-06-19 00:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-10-30 17:02 - 2014-07-05 12:14 - 00001026 _____ () C:\Windows\DirectX.log
    2014-10-30 17:02 - 2009-07-13 20:34 - 00000597 _____ () C:\Windows\win.ini
    2014-10-27 17:13 - 2014-06-19 00:02 - 00002192 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-10-26 14:56 - 2014-09-21 14:37 - 00000000 ____D () C:\Users\pbrunner\AppData\Roaming\Mumble
    2014-10-26 12:33 - 2014-06-19 00:00 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\Deployment
    2014-10-24 14:53 - 2009-07-13 22:45 - 00348992 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-24 14:52 - 2009-07-13 22:45 - 00000000 ____D () C:\Windows\Setup
    2014-10-24 14:52 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
    2014-10-24 12:56 - 2014-06-19 00:00 - 00077488 _____ () C:\Users\pbrunner\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-10-22 16:55 - 2014-08-20 16:20 - 00000000 ____D () C:\Users\pbrunner\AppData\Local\Adobe
    2014-10-22 16:20 - 2014-06-19 23:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-10-22 16:20 - 2014-06-19 23:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-22 16:20 - 2014-06-19 23:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-10-22 02:06 - 2014-06-19 00:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-22 02:06 - 2014-06-19 00:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-22 02:06 - 2014-06-19 00:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-16 03:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-16 02:06 - 2014-06-19 02:15 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-16 02:00 - 2014-06-19 02:15 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-05 00:28

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
    Ran by pbrunner at 2014-11-05 16:07:36
    Running from C:\Users\pbrunner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    LEGO Minifigures Online (HKCU\...\423b93224c69643b) (Version: 1.0.0.0 - Funcom)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
    Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
    OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
    Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
    RealFlight G2 NexSTAR Simulator (HKLM-x32\...\RealFlight2NexSTAR) (Version:  - )
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
    CustomCLSID: HKU\S-1-5-21-3620361521-2290374174-2433197831-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

    ==================== Restore Points  =========================

    23-10-2014 07:03:20 Revo Uninstaller's restore point - McAfee Security Scan Plus
    24-10-2014 21:04:35 Removed PCBooster
    31-10-2014 16:09:56 Installed iTunes

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2014-11-05 15:35 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00CAE86E-7205-45DA-813B-84E946AEEAE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
    Task: {265730BC-F0C9-4BF1-BE0B-0BC4456E26A4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3562A2D3-6FB4-41A6-9088-FFD2AD63B4E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22] (Adobe Systems Incorporated)
    Task: {456A99C8-947D-48BD-864B-64F45E18F90A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {AA38CE76-AA01-4AD8-A36C-7D3C3B9FE9E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
    Task: {B6FC2308-6352-4601-B61D-CEAC7FE9B4AE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {D4DFD460-0BFD-4912-9D75-F08E72599875} - System32\Tasks\{EE175FBE-03C5-4547-ABD9-B5A45EEE69EF} => C:\Users\pbrunner\Downloads\Audio_IDT_5.10.5762.00_Vistax64Vistax86_A\Audio_IDT_5.10.5762.00_Vistax86x64\setup.exe
    Task: {FC1C0F88-AE01-437E-8BB5-3449DC9FB04F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-06-20 16:16 - 2008-07-11 14:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
    2014-06-20 16:16 - 2008-07-11 14:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
    2013-06-18 14:49 - 2013-06-18 14:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2013-04-29 22:08 - 2013-04-29 22:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-06-20 16:16 - 2012-06-06 08:56 - 00143360 ____N () C:\Program Files\UNi Xonar Audio\Customapp\VmixP8.dll
    2014-10-27 17:13 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
    2014-10-27 17:13 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
    2014-10-27 17:13 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
    2014-10-27 17:13 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
    2014-10-27 17:13 - 2014-10-21 22:04 - 00310088 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libexif.dll
    2014-10-30 11:59 - 2014-10-30 11:59 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2014-06-19 00:05 - 2014-06-19 00:05 - 01020928 _____ () C:\Users\pbrunner\AppData\Roaming\Mozilla\Firefox\Profiles\k83j341h.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    2014-10-22 16:20 - 2014-10-22 16:20 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3620361521-2290374174-2433197831-500 - Administrator - Disabled)
    Guest (S-1-5-21-3620361521-2290374174-2433197831-501 - Limited - Disabled)
    pbrunner (S-1-5-21-3620361521-2290374174-2433197831-1000 - Administrator - Enabled) => C:\Users\pbrunner

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/05/2014 03:38:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (11/05/2014 03:38:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (11/05/2014 03:35:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (11/05/2014 03:35:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (11/05/2014 03:35:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (11/05/2014 03:35:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (11/05/2014 03:35:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (11/05/2014 03:35:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (11/05/2014 03:35:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (11/05/2014 03:35:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (11/05/2014 03:35:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (11/05/2014 03:38:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ==================== Memory info ===========================

    Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
    Percentage of memory in use: 26%
    Total physical RAM: 8122.81 MB
    Available physical RAM: 5950.29 MB
    Total Pagefile: 16243.8 MB
    Available Pagefile: 13645.12 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (eMachines) (Fixed) (Total:683.54 GB) (Free:231.03 GB) NTFS
    Drive d: (RFV2NS) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS
    Drive i: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2F01DF5D)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=683.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #13 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:11:50 AM

    Posted 05 November 2014 - 05:47 PM

    Looking good, how is everything running now ?


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #14 BelowtheLine

    BelowtheLine
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Local time:09:50 AM

    Posted 06 November 2014 - 02:11 AM

    Seems to be good. Thanks again!



    #15 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:11:50 AM

    Posted 06 November 2014 - 06:04 AM

    Your very welcome :)

     

     

    Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
  •  
     
    ==========================================================
     
     
    Please download DelFix and save the file to your Desktop.
     
  • Windows XP Double Click DelFix.exe to run the program. 
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
  • Place a checkmark next to the following items
  • Activate UAC
  • Remove Disinfection Tools
  • Create registry backup
  • Reset System Settings
  •  
    Click the Run button
     
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
    ==========================================================
     
     
     
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
  • Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
  •  
     
    Safe Surfn
    Ken

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users