Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

vosteran [Solved]

browser hijacker

  • Please log in to reply
23 replies to this topic

#1 pamaboe

pamaboe

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 24 November 2014 - 05:52 PM

Need to clean my computer of Vosteran that I actually think got downloaded with an Adobe update.


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 24 November 2014 - 05:56 PM

Hi pamaboe,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 pamaboe

pamaboe

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 24 November 2014 - 07:43 PM

 Results of screen317's Security Check version 0.99.90 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Java 8 Update 25 
 Java version out of Date!
 Adobe Flash Player 15.0.0.223 
 Adobe Reader XI 
 Mozilla Firefox 29.0.1 Firefox out of Date! 
 Google Chrome (38.0.2125.111)
 Google Chrome (39.0.2171.65)
 Google Chrome (chrome.exe..)
 Google Chrome (Dictionaries...)
 Google Chrome (master_preferences...)
````````Process Check: objlist.exe by Laurent```````` 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-24 18:29:42
-----------------------------
18:29:42.019    OS Version: Windows x64 6.1.7601 Service Pack 1
18:29:42.019    Number of processors: 4 586 0x2505
18:29:42.019    ComputerName: PAMBOE-HP  UserName: pamboe
18:29:44.468    Initialize success
18:29:44.593    VM: initialized successfully
18:29:44.608    VM: Intel CPU BiosDisabled
18:32:26.488    AVAST engine defs: 14112400
18:33:40.104    The log file has been saved successfully to "C:\Users\pamboe\Desktop\aswMBR.txt"

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-24 18:38:08
-----------------------------
18:38:08.552    OS Version: Windows x64 6.1.7601 Service Pack 1
18:38:08.552    Number of processors: 4 586 0x2505
18:38:08.552    ComputerName: PAMBOE-HP  UserName: pamboe
18:38:09.815    Initialize success
18:38:09.815    VM: initialized successfully
18:38:09.815    VM: Intel CPU BiosDisabled
18:38:20.954    The log file has been saved successfully to "C:\Users\pamboe\Desktop\aswMBR.txt"

 

Should I continue? A MBR.dat file does not appear on my desktop. I tried to rerun it, still do not have the .dat file

 

So far your instructions are wonderful!


Edited by pamaboe, 24 November 2014 - 07:44 PM.


#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 24 November 2014 - 09:06 PM

Hi pamaboe,

It appears aswMBR did not complete properly. Please run this scan instead of aswMBR, then finish up with my previous instructions.

bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png
  • Please click by the introduction screen on the Next button to continue.
MBAMAnti-Rootkit2update_zpsf85fca28.png
  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
MBAMAnti-Rootkitupdatecomplete_zpscf9f4c
  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png
  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
MBAMAnti-Rootkitscan-results_zps9f0fdf8e
  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================

In your next post please provide the following:
  • mbar-log
  • system-log.txt
  • FRST.txt
  • Addiition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 pamaboe

pamaboe

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 25 November 2014 - 08:58 AM

I have downloaded the Malware bytes to  my download file, when I right click I do not get an extract all option.



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 November 2014 - 09:09 AM

Hi pamaboe,

Left click the file you downloaded, agree to the UAC if presented with one.
The program will walk you through the extraction of the files to the desktop.
Then double click mbar.exe to run the program.


 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 pamaboe

pamaboe

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 25 November 2014 - 10:11 AM

I received No Malware Found



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 November 2014 - 11:29 AM

Hi pamaboe,

Please post the logs requested and continue with my previous instructions.
  • mbar-log
  • system-log.txt
Previous instruction logs:
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 pamaboe

pamaboe

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 25 November 2014 - 12:10 PM

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.11.25.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
pamboe :: PAMBOE-HP [administrator]

11/25/2014 8:27:37 AM
mbar-log-2014-11-25 (08-27-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 355281
Time elapsed: 30 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

--------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4083007488, free: 1924419584

Downloaded database version: v2014.11.25.06
Downloaded database version: v2014.11.22.01
=======================================
Initializing...
------------ Kernel report ------------
     11/25/2014 08:27:22
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by pamboe (administrator) on PAMBOE-HP on 25-11-2014 10:56:27
Running from C:\Users\pamboe\Desktop
Loaded Profile: pamboe (Available profiles: pamboe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Flexera Software, Inc.) C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Flexera Software, Inc.) C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Zecter Inc.) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Malwarebytes Corp.) C:\Users\pamboe\Downloads\mbar-1.08.2.1001.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\pamboe\Desktop\mbar\mbar.exe
(ESRI) C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ZumoDrive] => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2076 2011-04-17] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-04-16] (Hewlett-Packard Company)
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Run: [ZumoDrive] => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2076 2011-04-17] ()
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-26] (Google Inc.)
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\MountPoints2: {a0d58479-377a-11e0-a106-e02a82305596} - H:\SISetup.exe
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\pamboe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
ShortcutTarget: JL Edwardian Advent Calendar.lnk -> C:\Program Files (x86)\JL Edwardian Advent Calendar\JL Edwardian Advent Calendar.exe (No File)
Startup: C:\Users\pamboe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-6582711-4271374768-1986247805-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/e...42&ocid=U142DHP
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://Vosteran.com/...cr=228883032=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...}&mfe=Notebooks
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...}&mfe=Notebooks
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://Vosteran.com/...cr=228883032=
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://Vosteran.com/...cr=228883032=
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://search.babylo...0000026c7e031b9
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {A1302744-6479-4C7D-8D4F-089017AD3E42} URL = http://websearch.ask...EC-7329832C5971
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=4
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...}&mfe=Notebooks
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://speedial.com/...cr=917010994=
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {E8391765-F256-44F9-BC73-ECF60BE3C4D9} URL = http://www.google.co...1I7ADRA_enUS420
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\pamboe\AppData\Roaming\Mozilla\Firefox\Profiles\wgie2o9a.default-1409603847068
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-6582711-4271374768-1986247805-1000: @citrixonline.com/appdetectorplugin -> C:\Users\pamboe\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-6582711-4271374768-1986247805-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF user.js: detected! => C:\Users\pamboe\AppData\Roaming\Mozilla\Firefox\Profiles\wgie2o9a.default-1409603847068\user.js
FF SearchPlugin: C:\Users\pamboe\AppData\Roaming\Mozilla\Firefox\Profiles\wgie2o9a.default-1409603847068\searchplugins\Vosteran.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-05-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-31]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-25]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-18]
FF HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=U142&ocid=U142DHP&dt=072213
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U142&ocid=U142DHP&dt=072213", "hxxp://www.google.com/", "hxxp://speedial.com/?f=7&a=defoffer_spd_irspd_14_35_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtAtDyDyDzyyC0DtBzyzytN0D0Tzu0SzyyBtBtN1L2XzutBtFtBtCtFtCtCtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtAzy0DtB0ByByCtG0EzzyC0EtGzytBzy0AtG0A0AtDyEtGyBtByC0D0EtAtD0C0DtAyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0Ezz0DtD0AyDyEtGzytCyBtDtGtB0DyB0BtGzzyB0AzztGyEtA0F0Dzz0CzyzyzytBzz0E2Q&cr=917010994&ir=", "hxxp://Vosteran.com/?f=7&a=vst_coinis_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtAtDyDyDzyyC0DtBzyzytN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0AtBzzzyyByCtBtGyB0F0D0AtGyC0A0F0DtG0F0FtBtBtGyByCyC0AyE0B0CyBzztB0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDyCyB0B0F0FyBtG0CyC0EyBtGyE0CtD0BtGzz0BzyyCtG0CyC0FzzzztDtC0D0A0B0EyE2Q&cr=228883032&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\npcoplgn.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Profile: C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-03]
CHR Extension: (Speedial) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-08-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-25]
CHR Extension: (Google Search) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-25]
CHR Extension: (Google Maps) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-12-06]
CHR Extension: (FlashControl) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2013-12-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-08-25]
CHR Extension: (Google Wallet) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-25]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [1408904 2012-04-20] (Flexera Software, Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-04-16] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141124.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [96472 2014-11-25] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [135384 2014-11-25] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Marvell Semiconductor, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141124.035\ENG64.SYS [129752 2014-10-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141124.035\EX64.SYS [2137304 2014-10-30] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 10:52 - 2014-11-25 10:56 - 00042866 _____ () C:\Users\pamboe\Desktop\Addition.txt
2014-11-25 10:51 - 2014-11-25 10:56 - 00039373 _____ () C:\Users\pamboe\Desktop\FRST.txt
2014-11-25 10:51 - 2014-11-25 10:56 - 00000000 ____D () C:\FRST
2014-11-25 10:49 - 2014-11-25 10:49 - 02118144 _____ (Farbar) C:\Users\pamboe\Desktop\FRST64.exe
2014-11-25 08:27 - 2014-11-25 08:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-25 08:27 - 2014-11-25 08:27 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 08:27 - 2014-11-25 08:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 08:25 - 2014-11-25 08:25 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-25 08:25 - 2014-11-25 08:25 - 00000000 ____D () C:\Users\pamboe\Desktop\mbar
2014-11-25 07:54 - 2014-11-25 07:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\pamboe\Downloads\mbar-1.08.2.1001.exe
2014-11-25 07:48 - 2014-11-25 07:48 - 16448208 _____ (Malwarebytes Corp.) C:\Users\pamboe\Downloads\mbar-1.08.2.1001-a.exe
2014-11-24 20:33 - 2014-11-24 20:33 - 16448208 _____ (Malwarebytes Corp.) C:\Users\pamboe\Desktop\mbar-1_08_2_1001_exe
2014-11-24 18:33 - 2014-11-24 18:38 - 00001097 _____ () C:\Users\pamboe\Desktop\aswMBR.txt
2014-11-24 18:29 - 2014-11-24 18:29 - 05198336 _____ (AVAST Software) C:\Users\pamboe\Desktop\aswMBR.exe
2014-11-24 18:28 - 2014-11-24 18:28 - 05198336 _____ (AVAST Software) C:\Users\pamboe\Downloads\aswMBR.exe
2014-11-24 18:24 - 2014-11-25 09:09 - 00000000 ____D () C:\Users\pamboe\Documents\Clean computer
2014-11-24 18:17 - 2014-11-24 18:17 - 00854414 _____ () C:\Users\pamboe\Desktop\SecurityCheck.exe
2014-11-24 18:15 - 2014-11-24 18:15 - 00854414 _____ () C:\Users\pamboe\Downloads\SecurityCheck.exe
2014-11-24 17:23 - 2014-11-24 17:23 - 00000085 _____ () C:\Windows\wininit.ini
2014-11-24 17:01 - 2014-11-25 07:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-24 17:01 - 2014-11-24 17:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-24 17:01 - 2014-11-24 17:01 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-24 15:32 - 2014-11-24 15:32 - 00000000 ____D () C:\Program Files\WOT
2014-11-24 15:32 - 2014-11-24 15:32 - 00000000 ____D () C:\Program Files (x86)\WOT
2014-11-22 12:31 - 2014-11-22 12:31 - 00000000 ____D () C:\Users\pamboe\Documents\CG to Work
2014-11-20 10:50 - 2014-11-20 13:07 - 00000000 ____D () C:\NPE
2014-11-19 11:03 - 2014-11-19 11:03 - 00000000 _____ () C:\autoexec.bat
2014-11-19 11:02 - 2014-11-19 11:02 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-19 07:31 - 2014-11-10 20:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:31 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:31 - 2014-11-10 19:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:31 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:28 - 2014-11-22 08:32 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
2014-11-18 12:12 - 2014-11-18 15:19 - 00000000 ____D () C:\Users\pamboe\AppData\Local\Vosteran
2014-11-18 12:12 - 2014-11-18 12:12 - 00003322 _____ () C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup
2014-11-18 12:12 - 2014-11-18 12:12 - 00000000 ____D () C:\Users\pamboe\AppData\Roaming\WSE_Vosteran
2014-11-18 12:11 - 2014-11-18 12:11 - 01055936 _____ (Adobe) C:\Users\pamboe\Downloads\flash_setup.exe
2014-11-15 11:32 - 2014-11-22 14:57 - 00000000 ____D () C:\Users\pamboe\Documents\Spatial Analysis
2014-11-13 07:59 - 2014-11-13 07:59 - 00003294 _____ () C:\Windows\System32\Tasks\{C4D953EB-9C30-4728-B003-7F035CB99F85}
2014-11-12 10:26 - 2014-11-12 10:26 - 00000000 __SHD () C:\Users\pamboe\AppData\Local\EmieBrowserModeList
2014-11-12 08:58 - 2014-11-07 12:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 08:58 - 2014-11-05 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 08:58 - 2014-11-05 20:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 08:58 - 2014-11-05 20:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 08:58 - 2014-11-05 20:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 08:58 - 2014-11-05 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 08:58 - 2014-11-05 20:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 08:58 - 2014-11-05 20:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 08:58 - 2014-11-05 20:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:58 - 2014-11-05 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 08:58 - 2014-11-05 19:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:58 - 2014-11-05 19:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 08:58 - 2014-11-05 19:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 08:58 - 2014-11-05 19:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 08:58 - 2014-11-05 19:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 08:58 - 2014-11-05 18:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 08:58 - 2014-11-05 10:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 08:58 - 2014-11-05 10:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 08:58 - 2014-11-05 10:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 08:58 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 08:58 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 08:58 - 2014-10-17 19:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 08:58 - 2014-10-17 18:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 08:58 - 2014-10-13 19:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 08:58 - 2014-10-13 19:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 08:58 - 2014-10-13 19:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 08:58 - 2014-10-13 19:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 08:58 - 2014-10-13 19:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 08:58 - 2014-10-13 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 08:58 - 2014-10-13 18:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 08:58 - 2014-10-13 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 08:58 - 2014-10-13 18:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 08:58 - 2014-10-13 18:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 08:58 - 2014-10-13 18:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 08:58 - 2014-10-09 17:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 08:58 - 2014-10-02 19:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 08:58 - 2014-10-02 19:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 08:58 - 2014-10-02 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 08:58 - 2014-10-02 19:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 08:58 - 2014-10-02 19:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 08:58 - 2014-10-02 18:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 08:58 - 2014-10-02 18:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 08:58 - 2014-10-02 18:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 08:57 - 2014-11-07 12:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 08:57 - 2014-11-05 21:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 08:57 - 2014-11-05 21:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 08:57 - 2014-11-05 20:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 08:57 - 2014-11-05 20:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 08:57 - 2014-11-05 20:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 08:57 - 2014-11-05 20:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 08:57 - 2014-11-05 20:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 08:57 - 2014-11-05 20:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 08:57 - 2014-11-05 20:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 08:57 - 2014-11-05 20:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 08:57 - 2014-11-05 20:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 08:57 - 2014-11-05 20:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 08:57 - 2014-11-05 20:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 08:57 - 2014-11-05 20:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 08:57 - 2014-11-05 20:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 08:57 - 2014-11-05 20:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 08:57 - 2014-11-05 20:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 08:57 - 2014-11-05 20:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 08:57 - 2014-11-05 20:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 08:57 - 2014-11-05 20:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 08:57 - 2014-11-05 20:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 08:57 - 2014-11-05 19:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 08:57 - 2014-11-05 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 08:57 - 2014-11-05 19:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 08:57 - 2014-11-05 19:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 08:57 - 2014-11-05 19:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 08:57 - 2014-11-05 19:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 08:57 - 2014-11-05 19:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 08:57 - 2014-11-05 19:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 08:57 - 2014-11-05 19:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 08:57 - 2014-11-05 19:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 08:57 - 2014-11-05 19:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 08:57 - 2014-11-05 19:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 08:57 - 2014-11-05 19:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 08:57 - 2014-11-05 19:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 08:57 - 2014-11-05 19:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 08:57 - 2014-11-05 18:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 08:57 - 2014-11-05 18:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 08:57 - 2014-11-05 18:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 08:57 - 2014-08-20 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 08:57 - 2014-08-20 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 08:57 - 2014-08-20 23:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 08:57 - 2014-08-20 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 08:57 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 08:57 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 10:26 - 2011-02-26 10:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 10:25 - 2014-08-29 14:25 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-11-25 10:08 - 2011-08-18 14:31 - 00000000 ____D () C:\Users\pamboe\Documents\moms stuff
2014-11-25 10:05 - 2014-02-12 18:35 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-6582711-4271374768-1986247805-1000.job
2014-11-25 10:04 - 2010-10-25 01:41 - 01856509 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 10:03 - 2012-03-30 06:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 07:42 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 07:42 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 07:37 - 2014-08-28 17:38 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{81CE3737-D8FB-430C-B5D9-EA353C57A498}
2014-11-25 07:37 - 2009-07-13 22:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 07:35 - 2011-04-17 12:52 - 00000000 ____D () C:\Users\pamboe\AppData\Roaming\ZumoDrive
2014-11-25 07:33 - 2011-02-26 10:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 07:32 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-25 07:32 - 2009-07-13 21:51 - 00167813 _____ () C:\Windows\setupact.log
2014-11-25 07:26 - 2010-10-25 01:51 - 01069196 _____ () C:\Windows\PFRO.log
2014-11-24 11:34 - 2012-02-06 14:28 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-24 11:34 - 2011-02-07 18:39 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-23 17:42 - 2014-09-01 10:17 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForpamboe
2014-11-23 17:42 - 2014-09-01 10:17 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForpamboe.job
2014-11-20 16:21 - 2014-08-22 16:23 - 00000000 ____D () C:\Users\pamboe\AppData\Local\NPE
2014-11-20 10:46 - 2010-10-25 02:13 - 00000000 ____D () C:\ProgramData\Norton
2014-11-20 09:06 - 2011-05-25 19:38 - 00000000 ____D () C:\Users\pamboe\Documents\Peoples
2014-11-20 07:22 - 2009-07-13 22:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-18 17:29 - 2012-08-25 19:46 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-18 12:25 - 2009-07-13 19:34 - 00000580 _____ () C:\Windows\win.ini
2014-11-15 07:26 - 2013-08-10 20:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 07:15 - 2011-02-10 06:19 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 13:21 - 2011-02-26 10:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 13:21 - 2011-02-26 10:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 08:04 - 2013-10-21 06:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 08:03 - 2014-08-11 06:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-13 08:02 - 2013-06-23 09:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-12 14:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 09:52 - 2011-02-06 11:25 - 00142104 _____ () C:\Users\pamboe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 09:31 - 2009-07-13 21:45 - 00472472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 09:27 - 2014-05-06 08:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 09:09 - 2011-02-11 20:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 17:58 - 2012-03-30 06:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 17:58 - 2012-03-30 06:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 17:58 - 2011-06-02 05:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 12:01 - 2014-08-27 13:26 - 00000000 ____D () C:\Users\pamboe\Documents\Fire
2014-11-07 16:45 - 2013-09-03 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-30 11:09 - 2014-02-12 18:35 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-6582711-4271374768-1986247805-1000
2014-10-30 09:41 - 2012-10-11 06:28 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPAMBOE-HP$
2014-10-30 09:41 - 2012-09-13 06:22 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForPAMBOE-HP$.job
2014-10-28 06:42 - 2014-08-14 15:54 - 00000000 ____D () C:\Users\pamboe\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\pamboe\AppData\Local\Temp\siinst.exe
C:\Users\pamboe\AppData\Local\Temp\strings.dll
C:\Users\pamboe\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\pamboe\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\pamboe\AppData\Local\Temp\_is7021.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-15 19:38

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by pamboe at 2014-11-25 10:57:10
Running from C:\Users\pamboe\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders of the World (HKLM-x32\...\BFG-7 Wonders of the World) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Packages (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Adobe Flash Packages) (Version:  - ) <==== ATTENTION
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ArcGIS 10.1 for Desktop (HKLM-x32\...\ArcGIS 10.1 for Desktop) (Version: 10.1.3035 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.1 for Desktop (x32 Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.1 License Manager (HKLM-x32\...\ArcGIS 10.1 License Manager) (Version: 10.1.3035 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.1 License Manager (x32 Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) Hidden
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - ) <==== ATTENTION
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bluebeard's Castle (HKLM-x32\...\BFG-Bluebeard's Castle) (Version:  - )
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-7860DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Bubble Town (HKLM-x32\...\Bubble Town_is1) (Version:  - Games Of The Month)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3320 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Heritage: Guardians of Hope Collector's Edition (HKLM-x32\...\BFG-Dark Heritage - Guardians of Hope Collector's Edition) (Version:  - )
Dark Tales: Edgar Allan Poe's The Gold Bug Collector's Edition (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poe's The Gold Bug Collector's Edition) (Version:  - )
Dark Tales: Edgar Allan Poe's The Masque of the Red Death Collector's Edition (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poes The Masque of the Red Death Collectors Edition) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Extended Update (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fences Pro (HKLM-x32\...\Fences Pro) (Version: 1.0.1.312.19219 - Stardock Corporation)
Fences Pro (Version: 1.0.1.312 - Stardock Corporation) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FoxTab PDF Converter (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\FoxTab PDF Converter) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
Grim Facade: Mystery of Venice Collector’s Edition (HKLM-x32\...\BFG-Grim Facade - Mystery of Venice Collectors Edition) (Version:  - )
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: The Palm of Zoroaster (HKLM-x32\...\BFG-House of 1000 Doors - The Palm of Zoroaster) (Version:  - )
HP 3D DriveGuard (HKLM\...\{C84FFB07-C687-45CF-91C8-868DB8D8C8CD}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
HP Documentation (HKLM-x32\...\{4D1193CC-0658-4C98-B1FF-86CBC5BFB27C}) (Version: 1.2.0.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{09BDCC02-80F2-4EFB-8F1B-A807D2C38E31}) (Version: 1.0.1.2 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4604 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{BE6725F2-6D15-477C-86C6-4522B8569D62}) (Version: 3.1.2.2 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.3303 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}) (Version: 1.0.9.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.4042 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP SimplePass Identity Protection (HKLM\...\{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}) (Version: 5.20.205 - DigitalPersona, Inc.)
HP Software Framework (HKLM-x32\...\{31EEA563-3544-4EA1-8773-BCBF83F9627A}) (Version: 4.1.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Hulu Desktop (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{929685C0-FC01-45E1-8B39-2948E8FF861E}) (Version: 1.2.21.0 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: Trail of the Midnight Heart (HKLM-x32\...\BFG-Jewel Quest Mysteries - Trail of the Midnight Heart) (Version:  - )
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest: The Sapphire Dragon (HKLM-x32\...\BFG-Jewel Quest - The Sapphire Dragon) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3220 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{10427BCB-0742-43BE-81E2-3920972946F5}) (Version: 1.18.23.1 - LightScribe)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Midnight Mysteries: Devil on the Mississippi Collector's Edition (HKLM-x32\...\BFG-Midnight Mysteries - Devil on the Mississippi Collector's Edition) (Version:  - )
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery Case Files &reg;: 13th Skull ™ Collector's Edition (HKLM-x32\...\BFG-Mystery Case Files - 13th Skull Collector's Edition) (Version:  - )
Mystery Case Files: Return to Ravenhearst ™ (HKLM-x32\...\BFG-Mystery Case Files - Return to Ravenhearst) (Version:  - )
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mystery Trackers: Four Aces Collector's Edition (HKLM-x32\...\BFG-Mystery Trackers - Four Aces Collector's Edition) (Version:  - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4419 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3320 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden
Redemption Cemetery: Grave Testimony Collector’s Edition (HKLM-x32\...\BFG-Redemption Cemetery - Grave Testimony Collector’s Edition) (Version:  - )
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Sable Maze: Sullivan River Collector's Edition (HKLM-x32\...\BFG-Sable Maze - Sullivan River Collector's Edition) (Version:  - )
Scansoft PDF Professional (x32 Version:  - ) Hidden
Secrets of the Dark: Mystery of the Ancestral Estate (HKLM-x32\...\BFG-Secrets of the Dark - Mystery of the Ancestral Estate) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Surface: Mystery of Another World Collector's Edition (HKLM-x32\...\BFG-Surface - Mystery of Another World Collector's Edition) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Agency of Anomalies: The Last Performance Collector's Edition (HKLM-x32\...\BFG-The Agency of Anomalies - The Last Performance Collector's Edition) (Version:  - )
The Path of Hercules (HKLM-x32\...\BFG-The Path of Hercules) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Witches' Legacy: The Charleston Curse (HKLM-x32\...\BFG-Witches' Legacy - The Charleston Curse) (Version:  - )
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-6582711-4271374768-1986247805-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\pamboe\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

13-11-2014 15:00:35 Removed Java 8 Update 25
15-11-2014 14:14:27 Windows Update
17-11-2014 02:00:07 Windows Backup
19-11-2014 16:05:03 Windows Update
24-11-2014 03:31:50 Windows Backup
24-11-2014 22:31:13 Installed WOT for Internet Explorer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04600276-B883-4F7A-B559-36EA4D5EDB30} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
Task: {06C991DD-5DDC-43B3-AD1A-041FC10A2780} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0748D015-AC8A-49F0-874E-11CE9BAAEA13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {0B94E545-E5E9-44DF-A124-0D3D285A7053} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {134F5DD9-240C-4D70-87BD-BF8FDF61655F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {53C9881F-E0B5-4034-9319-022C049A7109} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-03] (CyberLink)
Task: {5F683AEB-871F-4E9B-87A4-88F7AF101D66} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {6AE0CC4F-D590-4104-A1A7-A3B489B8780A} - System32\Tasks\G2MUpdateTask-S-1-5-21-6582711-4271374768-1986247805-1000 => C:\Users\pamboe\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6E32F781-D67E-4125-94AA-B9736C46A90B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {70153CC8-4815-43AA-B450-4995F922C777} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {9529E688-8861-479A-A6DE-58F2C39CE4BB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9BA2DF80-AA97-4A73-9383-2C2DF605BE8A} - System32\Tasks\UpdaterEX => C:\Users\pamboe\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {AE4BCE80-B5C5-4B1C-9342-55CE40ED0E98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {B52BAFC4-82A2-4BE1-B599-B331D88FD69D} - System32\Tasks\HPCeeScheduleForpamboe => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C676CCB2-9FA9-4E5D-A6A4-C593901006F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C6AF76E6-52A1-4D12-BFC2-741E4EA20357} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D396C0AB-ECC3-4528-815B-6D4EAC1DA9D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {DBCE5917-6444-4767-AF3C-AF458D778A34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DCA466FC-7A9E-4FA6-A1D7-5322BE3EB03A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {F1C4B649-7F56-486A-AEAA-5BAA93308408} - System32\Tasks\HPCeeScheduleForPAMBOE-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-6582711-4271374768-1986247805-1000.job => C:\Users\pamboe\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPAMBOE-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForpamboe.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\pamboe\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-01-17 10:14 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2012-12-26 18:34 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-01-28 18:33 - 2005-04-21 21:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2010-07-29 19:39 - 2010-07-29 19:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-08-31 17:16 - 2010-08-31 17:16 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-07-21 14:33 - 2010-07-21 14:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2011-04-16 09:59 - 2011-04-16 09:59 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-04-16 09:59 - 2011-04-16 09:59 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-04-16 09:59 - 2011-04-16 09:59 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-11-25 07:35 - 2014-11-25 07:35 - 00199168 ____N () C:\Users\pamboe\AppData\Local\Temp\WindowsAPI.dll6294571907641470348.lib
2014-11-25 07:35 - 2014-11-25 07:35 - 00379904 _____ () C:\Users\pamboe\AppData\Local\Temp\libsqlitejdbc-7937841557289159080.lib
2013-01-28 18:33 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-09-02 14:40 - 2013-09-02 14:40 - 01430488 _____ () C:\Program Files (x86)\WOT\WOT.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0E636D62
AlternateDataStreams: C:\ProgramData\Temp:13019F4B
AlternateDataStreams: C:\ProgramData\Temp:1709732A
AlternateDataStreams: C:\ProgramData\Temp:26991AB9
AlternateDataStreams: C:\ProgramData\Temp:37C279BE
AlternateDataStreams: C:\ProgramData\Temp:48862C37
AlternateDataStreams: C:\ProgramData\Temp:55E3C0E0
AlternateDataStreams: C:\ProgramData\Temp:58481C6F
AlternateDataStreams: C:\ProgramData\Temp:5ECEFF17
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2
AlternateDataStreams: C:\ProgramData\Temp:6ED8B881
AlternateDataStreams: C:\ProgramData\Temp:71004506
AlternateDataStreams: C:\ProgramData\Temp:89A5891E
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:95D421DF
AlternateDataStreams: C:\ProgramData\Temp:9C3AAD57
AlternateDataStreams: C:\ProgramData\Temp:B88DC997
AlternateDataStreams: C:\ProgramData\Temp:C0A9D0E7
AlternateDataStreams: C:\ProgramData\Temp:C22674B6
AlternateDataStreams: C:\ProgramData\Temp:C8E3A625
AlternateDataStreams: C:\ProgramData\Temp:CE3AADB7
AlternateDataStreams: C:\ProgramData\Temp:D434342F
AlternateDataStreams: C:\ProgramData\Temp:D93AABC7
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E2295807
AlternateDataStreams: C:\ProgramData\Temp:E402E439
AlternateDataStreams: C:\ProgramData\Temp:EBF0842B
AlternateDataStreams: C:\ProgramData\Temp:ED2D63E4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-6582711-4271374768-1986247805-500 - Administrator - Disabled)
Guest (S-1-5-21-6582711-4271374768-1986247805-501 - Limited - Disabled)
pamboe (S-1-5-21-6582711-4271374768-1986247805-1000 - Administrator - Enabled) => C:\Users\pamboe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2014 07:18:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 340c

Start Time: 01d0085351344b9c

Termination Time: 93

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/24/2014 03:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17420, time stamp: 0x545ad233
Faulting module name: npctrl.dll_unloaded, version: 0.0.0.0, time stamp: 0x537304f8
Exception code: 0xc000041d
Fault offset: 0x68a25e82
Faulting process id: 0x1168
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/24/2014 03:45:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17420, time stamp: 0x545ad233
Faulting module name: npctrl.dll_unloaded, version: 0.0.0.0, time stamp: 0x537304f8
Exception code: 0xc0000005
Fault offset: 0x68a25e82
Faulting process id: 0x1168
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/22/2014 02:00:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b6c

Start Time: 01d00695797bceeb

Termination Time: 200

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/22/2014 01:47:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a24

Start Time: 01d006940aaefc46

Termination Time: 50

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/19/2014 03:23:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program N360.exe version 12.11.4.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bec

Start Time: 01d00446f380dc51

Termination Time: 0

Application Path: C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe

Report Id: ad7bee68-703a-11e4-9b3e-e02a82305596

Error: (11/17/2014 11:35:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1668

Start Time: 01d0027248f48464

Termination Time: 80

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/17/2014 11:24:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 541c

Start Time: 01d0028fde84ddec

Termination Time: 50

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/11/2014 00:57:38 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/11/2014 00:56:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (11/25/2014 07:34:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (11/25/2014 07:28:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ArcGIS License Manager service failed to start due to the following error:
%%1053

Error: (11/25/2014 07:28:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ArcGIS License Manager service to connect.

Error: (11/24/2014 07:14:26 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (11/23/2014 02:01:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (11/23/2014 07:08:16 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (11/22/2014 03:30:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (11/22/2014 07:17:35 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (11/21/2014 08:40:05 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (11/21/2014 07:12:36 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Microsoft Office Sessions:
=========================
Error: (11/24/2014 07:18:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17420340c01d0085351344b9c93C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/24/2014 03:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17420545ad233npctrl.dll_unloaded0.0.0.0537304f8c000041d68a25e82116801d007f117f8894aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEnpctrl.dll906a4694-742b-11e4-9d8f-e02a82305596

Error: (11/24/2014 03:45:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17420545ad233npctrl.dll_unloaded0.0.0.0537304f8c000000568a25e82116801d007f117f8894aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEnpctrl.dll8cafbec6-742b-11e4-9d8f-e02a82305596

Error: (11/22/2014 02:00:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174201b6c01d00695797bceeb200C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/22/2014 01:47:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174201a2401d006940aaefc4650C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/19/2014 03:23:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: N360.exe12.11.4.4bec01d00446f380dc510C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exead7bee68-703a-11e4-9b3e-e02a82305596

Error: (11/17/2014 11:35:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17420166801d0027248f4846480C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/17/2014 11:24:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17420541c01d0028fde84ddec50C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/11/2014 00:57:38 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll19

Error: (11/11/2014 00:56:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exeC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe19

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 3893.86 MB
Available physical RAM: 1237.16 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 4735.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:436.31 GB) (Free:320.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:29.16 GB) (Free:4.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DE1C2D32)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=436.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 November 2014 - 02:58 PM

Hi pamaboe,

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Babylon toolbar on IE
=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt


Start
CloseProcesses:
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://Vosteran.com/...cr=228883032=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://Vosteran.com/...cr=228883032=
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://Vosteran.com/...cr=228883032=
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://search.babylo...0000026c7e031b9
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {A1302744-6479-4C7D-8D4F-089017AD3E42} URL = http://websearch.ask...EC-7329832C5971
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=4
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://speedial.com/...cr=917010994=
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U142&ocid=U142DHP&dt=072213", "hxxp://www.google.com/", "hxxp://speedial.com/?f=7&a=defoffer_spd_irspd_14_35_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtAtDyDyDzyyC0DtBzyzytN0D0Tzu0SzyyBtBtN1L2XzutBtFtBtCtFtCtCtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtAzy0DtB0ByByCtG0EzzyC0EtGzytBzy0AtG0A0AtDyEtGyBtByC0D0EtAtD0C0DtAyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0Ezz0DtD0AyDyEtGzytCyBtDtGtB0DyB0BtGzzyB0AzztGyEtA0F0Dzz0CzyzyzytBzz0E2Q&cr=917010994&ir=", "hxxp://Vosteran.com/?f=7&a=vst_coinis_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtAtDyDyDzyyC0DtBzyzytN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0AtBzzzyyByCtBtGyB0F0D0AtGyC0A0F0DtG0F0FtBtBtGyByCyC0AyE0B0CyBzztB0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDyCyB0B0F0FyBtG0CyC0EyBtGyE0CtD0BtGzz0BzyyCtG0CyC0FzzzztDtC0D0A0B0EyE2Q&cr=228883032&ir="
CHR Extension: (Speedial) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-08-29]
2014-11-18 14:28 - 2014-11-22 08:32 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
2014-11-18 12:12 - 2014-11-18 15:19 - 00000000 ____D () C:\Users\pamboe\AppData\Local\Vosteran
2014-11-18 12:12 - 2014-11-18 12:12 - 00000000 ____D () C:\Users\pamboe\AppData\Roaming\WSE_Vosteran
Extended Update (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
FoxTab PDF Converter (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\FoxTab PDF Converter) (Version:  - ) <==== ATTENTION
Task: {04600276-B883-4F7A-B559-36EA4D5EDB30} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
Task: {9BA2DF80-AA97-4A73-9383-2C2DF605BE8A} - System32\Tasks\UpdaterEX => C:\Users\pamboe\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\pamboe\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • new FRST.txt
  • How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 pamaboe

pamaboe

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 25 November 2014 - 08:27 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by pamboe at 2014-11-25 18:44:18 Run:1
Running from C:\Users\pamboe\Desktop
Loaded Profile: pamboe (Available profiles: pamboe)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers:
[DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://Vosteran.com/...cr=228883032=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes:
HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://Vosteran.com/...cr=228883032=
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://Vosteran.com/...cr=228883032=
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://search.babylo...0000026c7e031b9
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {A1302744-6479-4C7D-8D4F-089017AD3E42} URL = http://websearch.ask...EC-7329832C5971
SearchScopes:
HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=4
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://speedial.com/...cr=917010994=
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U142&ocid=U142DHP&dt=072213", "hxxp://www.google.com/",
"hxxp://speedial.com/?f=7&a=defoffer_spd_irspd_14_35_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtAtDyDyDzyyC0DtBzyzytN0D0Tzu0SzyyBtBtN1L2XzutBtFtBtCtFtCtCtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtAzy0DtB0ByByCtG0EzzyC0EtGzytBzy0AtG0A0AtDyEtGyBtByC0D0EtAtD0C0DtAyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0Ezz0DtD0AyDyEtGzytCyBtDtGtB0DyB0BtGzzyB0AzztGyEtA0F0Dzz0CzyzyzytBzz0E2Q&cr=917010994&ir=", "hxxp://Vosteran.com/?f=7&a=vst_coinis_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtAtDyDyDzyyC0DtBzyzytN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0AtBzzzyyByCtBtGyB0F0D0AtGyC0A0F0DtG0F0FtBtBtGyByCyC0AyE0B0CyBzztB0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDyCyB0B0F0FyBtG0CyC0EyBtGyE0CtD0BtGzz0BzyyCtG0CyC0FzzzztDtC0D0A0B0EyE2Q&cr=228883032&ir="
CHR Extension: (Speedial) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-08-29]
2014-11-18 14:28 - 2014-11-22 08:32 - 00000000
____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
2014-11-18 12:12 - 2014-11-18 15:19 - 00000000 ____D () C:\Users\pamboe\AppData\Local\Vosteran
2014-11-18 12:12 - 2014-11-18 12:12 - 00000000 ____D () C:\Users\pamboe\AppData\Roaming\WSE_Vosteran
Extended Update (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
FoxTab PDF Converter (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\FoxTab PDF Converter) (Version:  - ) <==== ATTENTION
Task: {04600276-B883-4F7A-B559-36EA4D5EDB30} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
Task: {9BA2DF80-AA97-4A73-9383-2C2DF605BE8A} - System32\Tasks\UpdaterEX => C:\Users\pamboe\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\pamboe\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <====
ATTENTION
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers:" => Key not found.
"HKCR\CLSID\ShellIconOverlayIdentifiers:" => Key not found.
[DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key deleted successfully.
"HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
"HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
SearchScopes: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://Vosteran.com/...cr=228883032= => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-6582711-4271374768-1986247805-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
"HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found.
"HKU\S-1-5-21-6582711-4271374768-1986247805-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKU\S-1-5-21-6582711-4271374768-1986247805-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key deleted successfully.
"HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key not found.
"HKU\S-1-5-21-6582711-4271374768-1986247805-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A1302744-6479-4C7D-8D4F-089017AD3E42}" => Key deleted successfully.
"HKCR\CLSID\{A1302744-6479-4C7D-8D4F-089017AD3E42}" => Key not found.
SearchScopes: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=4 => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-6582711-4271374768-1986247805-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
"HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}" => Key not found.
"HKCR\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => Value not found.
"HKCR\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}" => Key not found.
Chrome StartupUrls deleted successfully.
"hxxp://speedial.com/?f=7&a=defoffer_spd_irspd_14_35_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtAtDyDyDzyyC0DtBzyzytN0D0Tzu0SzyyBtBtN1L2XzutBtFtBtCtFtCtCtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtAzy0DtB0ByByCtG0EzzyC0EtGzytBzy0AtG0A0AtDyEtGyBtByC0D0EtAtD0C0DtAyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0Ezz0DtD0AyDyEtGzytCyBtDtGtB0DyB0BtGzzyB0AzztGyEtA0F0Dzz0CzyzyzytBzz0E2Q&cr=917010994&ir=", "hxxp://Vosteran.com/?f=7&a=vst_coinis_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtAtDyDyDzyyC0DtBzyzytN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0AtBzzzyyByCtBtGyB0F0D0AtGyC0A0F0DtG0F0FtBtBtGyByCyC0AyE0B0CyBzztB0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDyCyB0B0F0FyBtG0CyC0EyBtGyE0CtD0BtGzz0BzyyCtG0CyC0FzzzztDtC0D0A0B0EyE2Q&cr=228883032&ir=" => Error: No automatic fix found for this entry.
C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd => Moved successfully.
"2014-11-18 14:28 - 2014-11-22 08:32 - 00000000" => File/Directory not found.
____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009 => Error: No automatic fix found for this entry.
C:\Users\pamboe\AppData\Local\Vosteran => Moved successfully.
C:\Users\pamboe\AppData\Roaming\WSE_Vosteran => Moved successfully.
Extended Update (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION => Error: No automatic fix found for this entry.
FoxTab PDF Converter (HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\FoxTab PDF Converter) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04600276-B883-4F7A-B559-36EA4D5EDB30}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04600276-B883-4F7A-B559-36EA4D5EDB30}" => Key deleted successfully.
C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperFastPC_AutorunOnStartup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BA2DF80-AA97-4A73-9383-2C2DF605BE8A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BA2DF80-AA97-4A73-9383-2C2DF605BE8A}" => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully.
C:\Windows\Tasks\UpdaterEX.job => Moved successfully.
ATTENTION => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 452.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

# AdwCleaner v4.102 - Report created 25/11/2014 at 19:01:52
# Updated 23/11/2014 by Xplode
# Database : 2014-11-25.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : pamboe - PAMBOE-HP
# Running from : C:\Users\pamboe\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Driver Support
Folder Deleted : C:\Users\pamboe\AppData\Local\Babylon
Folder Deleted : C:\Users\pamboe\AppData\Roaming\Babylon
Folder Deleted : C:\Users\pamboe\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\pamboe\AppData\Roaming\Mozilla\Firefox\Profiles\wgie2o9a.default-1409603847068\user.js
File Deleted : C:\Users\pamboe\AppData\Roaming\Mozilla\Firefox\Profiles\wgie2o9a.default-1409603847068\searchplugins\Vosteran.xml
File Deleted : C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKCU\Software\CoinisRS
Key Deleted : HKCU\Software\Vosteran Browser
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v29.0.1 (en-US)

-\\ Google Chrome v39.0.2171.65

[C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EAKD%5EOSJ000%5EYY%5EUS&gct=&o=APN10450&tpid=ORJ-V7&itbv=12.6.0.11&doi=2013-10-21&apn_uid=C2724FCA-8ED9-4964-9C46-FDD6AFB7958F&apn_ptnrs=AKD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_30.0.1599.101&psv=&trgb=CR&q={searchTerms}
[C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
[C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtAtDyDyDzyyC0DtBzyzytN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0AtBzzzyyByCtBtGyB0F0D0AtGyC0A0F0DtG0F0FtBtBtGyByCyC0AyE0B0CyBzztB0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDyCyB0B0F0FyBtG0CyC0EyBtGyE0CtD0BtGzz0BzyyCtG0CyC0FzzzztDtC0D0A0B0EyE2Q&cr=228883032&ir=
[C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtAtDyDyDzyyC0DtBzyzytN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0AtBzzzyyByCtBtGyB0F0D0AtGyC0A0F0DtG0F0FtBtBtGyByCyC0AyE0B0CyBzztB0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDyCyB0B0F0FyBtG0CyC0EyBtGyE0CtD0BtGzz0BzyyCtG0CyC0FzzzztDtC0D0A0B0EyE2Q&cr=228883032&ir=

*************************

AdwCleaner[R0].txt - [7072 octets] - [25/11/2014 18:58:59]
AdwCleaner[S0].txt - [6563 octets] - [25/11/2014 19:01:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6623 octets] ##########

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by pamboe on Tue 11/25/2014 at 19:11:08.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

 

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{001CEFD0-A5F1-4712-B707-66CC68596E0E}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{00863ED7-E6EE-4419-81AF-6219D7641C65}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{0A719F80-B6F1-4F48-B684-67E5FF1D5637}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{0AD7DBBE-0021-4A94-907E-59284536E10A}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{0CCDDE11-8406-4114-B3AB-C3608F728813}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{0CDA06D4-ACA3-43F0-A274-660445CAD256}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{17213951-5748-48D4-89A1-D3E3D77FFF8C}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{188158F5-64CD-4949-9946-A02008E46570}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{191ED115-7316-46BC-ADA7-A3167E5A3CF3}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{1BBBAB83-8FB9-4A82-ADC2-277F9A4A3E26}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{20F87BAC-B17D-432B-8138-794179902C89}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{232F9818-33C5-47AE-991A-57D8C57B1540}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{26519263-9FCC-495E-A35E-990AAC5D2398}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{28B4B4DB-6D8A-48C5-B755-7B6F6F9290EF}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{2E50FDA7-9B18-4930-9FF4-1CB9B7A8B8F3}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{2E97244D-1B73-42C7-BC4C-422E6CF7E640}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{32021441-B4C5-4581-91BD-57EFC2819EE5}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{3A1BADAD-32BB-4F29-8A1C-93594DA81333}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{3C7209F4-CA58-4E8F-B66E-97663575B652}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{3CBCEAA8-DEFF-4CB2-B2DB-DB5EE232DBC4}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{3EDB824B-14BE-4FD5-9C4E-9CADC7C9FC34}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{3F1DE981-EC54-4753-A8DB-694BCEBB2BE5}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{3F7D1A01-CC74-4C29-9814-13F48A873E06}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{4082624E-1CDE-4E5B-B106-EC1D2B48BEFE}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{40B6C9DD-45F6-4C8E-9D44-F147E6067D20}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{4B67C768-493C-4798-B039-31AECAD6EE2D}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{4E69CBCF-2E90-4D47-8889-891879A2729B}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{51DFCE46-771A-40D0-8A61-9E65911589A3}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{550B94A3-5012-4767-8DBA-A1D49D3A119B}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{58AFE219-0E07-4391-BAF0-8424439D8FDD}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{5B10C902-2426-4FC2-A6A1-816EBAA95555}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{5BC83DD6-9AAE-4BA3-A75D-E72C0938142D}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{5DAFD560-510D-4A4C-AE09-93B45FE0B76A}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{6114027A-EE90-4644-B4E6-92467CAB30ED}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{6220956A-578E-492B-A187-E42CF20DF8E6}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{634E5239-E5DB-4702-BD8E-660773E36CA4}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{64ED6677-60BA-4497-8B93-CE5DE1CFE29B}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{6A5A17E4-EBB6-4FE5-A92E-2A6E8ED2A0AC}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{6D0763CA-17FE-470E-81C3-5543A6AF702D}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{708F9FA6-405D-444C-A1FD-A509A7200CFC}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{74AED3D7-2E31-4FAD-9A9B-3E8E596C6905}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{793DEE51-AEA3-4C37-9CE0-E7DA52C2E0C3}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{7A87F3D6-7649-43A5-86F3-5B8822B42311}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{7B260DBB-A25B-41A6-ADD8-8588D33FB2C6}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{874D9D1A-325D-496A-AD1A-E0AF8E613A9D}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{89218760-9B3C-4741-9D82-CA4D06B25DBB}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{89294AD1-B66B-4C58-931F-7CC4303FFCF4}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{89F7C5FF-A4A9-4C5E-A64C-DCF2E1F4344B}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{944F3750-CFCA-4FB4-AC6E-FF2A8419A9AA}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{9515CEC1-E650-426E-ABF7-CEBF8AA6EF15}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{96163B23-ED15-4FE5-9F01-8DDF144266D1}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{9729E2D5-203C-458B-804B-E51D8D32FECA}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{981609BD-15E5-4686-8473-3811EBAE4B2D}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{988D88C7-5F4E-4429-99DC-180111045B03}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{999D889A-ECFE-49BA-B89F-0CE1A702D7A5}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{9EAAA474-2080-4CB8-A73A-120CDE93670D}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{A412CF13-D0A4-4F24-80EA-16AB611EB69F}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{AA3722A4-24CF-4C9E-B9AE-346561382EB2}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{ACE139D4-92B5-4BD0-84A1-4C95C1586264}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{AD600527-12D2-4ED7-9E7F-434F03708165}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{B44ED302-5102-4FDE-AF66-53746A7704EF}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{B6CF148E-8465-4BD4-B6A0-BCA73EEC193E}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{B8E5556E-F960-43D4-AF12-3F92C30C6EAD}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{BEF0D306-51FB-4944-944A-DDFF83DF81C7}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{BFFD4902-CEF3-4A02-9185-AEAF1396E706}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{C0FD389E-B9CE-4127-8CE1-405A9D86B86B}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{C258D8EA-624C-49AA-925C-ADDAF9F97289}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{C4FCB60B-0D68-499D-8CC7-2DC944FD8D3C}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{CD900194-1695-4737-B92C-23C336D6F5F5}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{D2F4B2F4-7EDA-42ED-8ED7-BD6C52D80228}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{D432C02D-BC55-46E2-8284-2C112D5FFB79}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{D44458EA-A58C-40E9-8640-D3FCD6AC2076}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{D450CEF3-632B-4562-9035-9C6F40FC5451}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{D56B85BA-2E96-430E-AEE8-B51FAFC5E5D5}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{D74C4740-3BC2-43AA-900C-8FFB58FA02FD}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{D8FE9249-0921-4BF9-9CB3-D6803954EDE1}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{DCACEFF6-3A14-43BC-AF4A-E4EA3E21221D}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{E19FEC9B-A29E-4F60-AEE3-6747DA5FFACE}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{E2078A79-B0B6-4410-AE3D-6F59997EF3D2}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{EA77C2B6-0943-428C-A4FF-51900711DFC4}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{EB147B25-1A0E-4EF3-B092-AF85C5EEF573}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{F0652686-5779-41C5-9E93-9950B3DAFFCE}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{F27573F6-47F3-4F5B-88A2-C2879929DBFD}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{F49F2E5D-2528-4F0F-92AB-6FA2C5C5DE97}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{F589C994-630C-40EC-AFB2-02D40C2C74AB}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{F789489C-6889-423E-9B04-2F30922C9777}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{F9FDFF81-B9BD-42FA-AE90-81D5269CA529}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{FD59DA75-5570-4AB6-A1E6-21ED453DD1AA}
Successfully deleted: [Empty Folder] C:\Users\pamboe\appdata\local\{FF23341B-3984-4093-8D9A-3771B1C5A5C5}

 

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\pamboe\AppData\Roaming\mozilla\firefox\profiles\wgie2o9a.default-1409603847068\extensions\staged

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/25/2014 at 19:16:23.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by pamboe (administrator) on PAMBOE-HP on 25-11-2014 19:19:19
Running from C:\Users\pamboe\Desktop
Loaded Profile: pamboe (Available profiles: pamboe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Flexera Software, Inc.) C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Flexera Software, Inc.) C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(ESRI) C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Zecter Inc.) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ZumoDrive] => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2076 2011-04-17] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-04-16] (Hewlett-Packard Company)
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Run: [ZumoDrive] => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2076 2011-04-17] ()
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-26] (Google Inc.)
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\...\MountPoints2: {a0d58479-377a-11e0-a106-e02a82305596} - H:\SISetup.exe
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\pamboe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
ShortcutTarget: JL Edwardian Advent Calendar.lnk -> C:\Program Files (x86)\JL Edwardian Advent Calendar\JL Edwardian Advent Calendar.exe (No File)
Startup: C:\Users\pamboe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-6582711-4271374768-1986247805-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/e...42&ocid=U142DHP
HKU\S-1-5-21-6582711-4271374768-1986247805-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...}&mfe=Notebooks
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...}&mfe=Notebooks
SearchScopes: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> {E8391765-F256-44F9-BC73-ECF60BE3C4D9} URL = http://www.google.co...1I7ADRA_enUS420
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-6582711-4271374768-1986247805-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\pamboe\AppData\Roaming\Mozilla\Firefox\Profiles\wgie2o9a.default-1409603847068
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-6582711-4271374768-1986247805-1000: @citrixonline.com/appdetectorplugin -> C:\Users\pamboe\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-6582711-4271374768-1986247805-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-05-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-31]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-25]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-18]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=U142&ocid=U142DHP&dt=072213
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\npcoplgn.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Profile: C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-25]
CHR Extension: (Google Search) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-25]
CHR Extension: (Google Maps) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-12-06]
CHR Extension: (FlashControl) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2013-12-06]
CHR Extension: (Google Wallet) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\pamboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [1408904 2012-04-20] (Flexera Software, Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-04-16] (Hewlett-Packard Company) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141125.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Marvell Semiconductor, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141125.004\ENG64.SYS [129752 2014-10-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141125.004\EX64.SYS [2137304 2014-10-30] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 19:16 - 2014-11-25 19:16 - 00010831 _____ () C:\Users\pamboe\Desktop\JRT.txt
2014-11-25 19:11 - 2014-11-25 19:11 - 00000000 ____D () C:\Windows\ERUNT
2014-11-25 19:09 - 2014-11-25 19:09 - 01707532 _____ (Thisisu) C:\Users\pamboe\Desktop\JRT.exe
2014-11-25 19:04 - 2014-11-25 19:04 - 00006743 _____ () C:\Users\pamboe\Desktop\AdwCleaner[S0].txt
2014-11-25 18:58 - 2014-11-25 19:01 - 00000000 ____D () C:\AdwCleaner
2014-11-25 18:55 - 2014-11-25 18:55 - 02148864 _____ () C:\Users\pamboe\Desktop\AdwCleaner.exe
2014-11-25 18:43 - 2014-11-25 18:43 - 02118144 _____ (Farbar) C:\Users\pamboe\Desktop\frst64.exe
2014-11-25 10:52 - 2014-11-25 10:58 - 00042866 _____ () C:\Users\pamboe\Desktop\Addition.txt
2014-11-25 10:51 - 2014-11-25 19:19 - 00031103 _____ () C:\Users\pamboe\Desktop\FRST.txt
2014-11-25 10:51 - 2014-11-25 19:19 - 00000000 ____D () C:\FRST
2014-11-25 08:27 - 2014-11-25 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-25 08:27 - 2014-11-25 08:27 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 08:27 - 2014-11-25 08:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 08:25 - 2014-11-25 10:58 - 00000000 ____D () C:\Users\pamboe\Desktop\mbar
2014-11-25 08:25 - 2014-11-25 08:25 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-25 07:54 - 2014-11-25 07:54 - 16448208 _____ (Malwarebytes Corp.) C:\Users\pamboe\Downloads\mbar-1.08.2.1001.exe
2014-11-25 07:48 - 2014-11-25 07:48 - 16448208 _____ (Malwarebytes Corp.) C:\Users\pamboe\Downloads\mbar-1.08.2.1001-a.exe
2014-11-24 20:33 - 2014-11-24 20:33 - 16448208 _____ (Malwarebytes Corp.) C:\Users\pamboe\Desktop\mbar-1_08_2_1001_exe
2014-11-24 18:33 - 2014-11-24 18:38 - 00001097 _____ () C:\Users\pamboe\Desktop\aswMBR.txt
2014-11-24 18:29 - 2014-11-24 18:29 - 05198336 _____ (AVAST Software) C:\Users\pamboe\Desktop\aswMBR.exe
2014-11-24 18:28 - 2014-11-24 18:28 - 05198336 _____ (AVAST Software) C:\Users\pamboe\Downloads\aswMBR.exe
2014-11-24 18:24 - 2014-11-25 09:09 - 00000000 ____D () C:\Users\pamboe\Documents\Clean computer
2014-11-24 18:17 - 2014-11-24 18:17 - 00854414 _____ () C:\Users\pamboe\Desktop\SecurityCheck.exe
2014-11-24 18:15 - 2014-11-24 18:15 - 00854414 _____ () C:\Users\pamboe\Downloads\SecurityCheck.exe
2014-11-24 17:01 - 2014-11-25 07:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-24 17:01 - 2014-11-24 17:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-24 17:01 - 2014-11-24 17:01 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-24 15:32 - 2014-11-24 15:32 - 00000000 ____D () C:\Program Files\WOT
2014-11-24 15:32 - 2014-11-24 15:32 - 00000000 ____D () C:\Program Files (x86)\WOT
2014-11-22 12:31 - 2014-11-22 12:31 - 00000000 ____D () C:\Users\pamboe\Documents\CG to Work
2014-11-20 10:50 - 2014-11-20 13:07 - 00000000 ____D () C:\NPE
2014-11-19 11:03 - 2014-11-19 11:03 - 00000000 _____ () C:\autoexec.bat
2014-11-19 11:02 - 2014-11-19 11:02 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-19 07:31 - 2014-11-10 20:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:31 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:31 - 2014-11-10 19:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:31 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 14:28 - 2014-11-22 08:32 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
2014-11-18 12:11 - 2014-11-18 12:11 - 01055936 _____ (Adobe) C:\Users\pamboe\Downloads\flash_setup.exe
2014-11-15 11:32 - 2014-11-22 14:57 - 00000000 ____D () C:\Users\pamboe\Documents\Spatial Analysis
2014-11-13 07:59 - 2014-11-13 07:59 - 00003294 _____ () C:\Windows\System32\Tasks\{C4D953EB-9C30-4728-B003-7F035CB99F85}
2014-11-12 10:26 - 2014-11-12 10:26 - 00000000 __SHD () C:\Users\pamboe\AppData\Local\EmieBrowserModeList
2014-11-12 08:58 - 2014-11-07 12:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 08:58 - 2014-11-05 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 08:58 - 2014-11-05 20:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 08:58 - 2014-11-05 20:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 08:58 - 2014-11-05 20:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 08:58 - 2014-11-05 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 08:58 - 2014-11-05 20:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 08:58 - 2014-11-05 20:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 08:58 - 2014-11-05 20:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:58 - 2014-11-05 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 08:58 - 2014-11-05 19:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:58 - 2014-11-05 19:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 08:58 - 2014-11-05 19:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 08:58 - 2014-11-05 19:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 08:58 - 2014-11-05 19:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 08:58 - 2014-11-05 18:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 08:58 - 2014-11-05 10:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 08:58 - 2014-11-05 10:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 08:58 - 2014-11-05 10:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 08:58 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 08:58 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 08:58 - 2014-10-17 19:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 08:58 - 2014-10-17 18:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 08:58 - 2014-10-13 19:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 08:58 - 2014-10-13 19:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 08:58 - 2014-10-13 19:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 08:58 - 2014-10-13 19:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 08:58 - 2014-10-13 19:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 08:58 - 2014-10-13 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 08:58 - 2014-10-13 18:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 08:58 - 2014-10-13 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 08:58 - 2014-10-13 18:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 08:58 - 2014-10-13 18:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 08:58 - 2014-10-13 18:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 08:58 - 2014-10-09 17:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 08:58 - 2014-10-02 19:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 08:58 - 2014-10-02 19:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 08:58 - 2014-10-02 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 08:58 - 2014-10-02 19:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 08:58 - 2014-10-02 19:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 08:58 - 2014-10-02 18:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 08:58 - 2014-10-02 18:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 08:58 - 2014-10-02 18:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 08:57 - 2014-11-07 12:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 08:57 - 2014-11-05 21:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 08:57 - 2014-11-05 21:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 08:57 - 2014-11-05 20:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 08:57 - 2014-11-05 20:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 08:57 - 2014-11-05 20:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 08:57 - 2014-11-05 20:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 08:57 - 2014-11-05 20:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 08:57 - 2014-11-05 20:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 08:57 - 2014-11-05 20:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 08:57 - 2014-11-05 20:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 08:57 - 2014-11-05 20:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 08:57 - 2014-11-05 20:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 08:57 - 2014-11-05 20:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 08:57 - 2014-11-05 20:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 08:57 - 2014-11-05 20:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 08:57 - 2014-11-05 20:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 08:57 - 2014-11-05 20:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 08:57 - 2014-11-05 20:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 08:57 - 2014-11-05 20:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 08:57 - 2014-11-05 20:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 08:57 - 2014-11-05 20:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 08:57 - 2014-11-05 19:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 08:57 - 2014-11-05 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 08:57 - 2014-11-05 19:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 08:57 - 2014-11-05 19:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 08:57 - 2014-11-05 19:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 08:57 - 2014-11-05 19:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 08:57 - 2014-11-05 19:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 08:57 - 2014-11-05 19:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 08:57 - 2014-11-05 19:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 08:57 - 2014-11-05 19:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 08:57 - 2014-11-05 19:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 08:57 - 2014-11-05 19:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 08:57 - 2014-11-05 19:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 08:57 - 2014-11-05 19:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 08:57 - 2014-11-05 19:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 08:57 - 2014-11-05 18:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 08:57 - 2014-11-05 18:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 08:57 - 2014-11-05 18:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 08:57 - 2014-09-19 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 08:57 - 2014-09-19 02:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 08:57 - 2014-08-20 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 08:57 - 2014-08-20 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 08:57 - 2014-08-20 23:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 08:57 - 2014-08-20 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 08:57 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 08:57 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 19:12 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 19:12 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 19:05 - 2014-02-12 18:35 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-6582711-4271374768-1986247805-1000.job
2014-11-25 19:04 - 2011-04-17 12:52 - 00000000 ____D () C:\Users\pamboe\AppData\Roaming\ZumoDrive
2014-11-25 19:03 - 2012-03-30 06:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 19:03 - 2011-02-26 10:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 19:03 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-25 19:03 - 2009-07-13 21:51 - 00167981 _____ () C:\Windows\setupact.log
2014-11-25 19:02 - 2010-10-25 01:51 - 01071286 _____ () C:\Windows\PFRO.log
2014-11-25 19:02 - 2010-10-25 01:41 - 01874711 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 18:58 - 2012-03-30 06:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 18:58 - 2012-03-30 06:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 18:58 - 2011-06-02 05:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 18:26 - 2011-02-26 10:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 17:41 - 2009-07-13 22:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 10:08 - 2011-08-18 14:31 - 00000000 ____D () C:\Users\pamboe\Documents\moms stuff
2014-11-25 07:37 - 2014-08-28 17:38 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{81CE3737-D8FB-430C-B5D9-EA353C57A498}
2014-11-24 11:34 - 2012-02-06 14:28 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-24 11:34 - 2011-02-07 18:39 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-23 17:42 - 2014-09-01 10:17 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForpamboe
2014-11-23 17:42 - 2014-09-01 10:17 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForpamboe.job
2014-11-20 16:21 - 2014-08-22 16:23 - 00000000 ____D () C:\Users\pamboe\AppData\Local\NPE
2014-11-20 10:46 - 2010-10-25 02:13 - 00000000 ____D () C:\ProgramData\Norton
2014-11-20 09:06 - 2011-05-25 19:38 - 00000000 ____D () C:\Users\pamboe\Documents\Peoples
2014-11-20 07:22 - 2009-07-13 22:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-18 17:29 - 2012-08-25 19:46 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-18 12:25 - 2009-07-13 19:34 - 00000580 _____ () C:\Windows\win.ini
2014-11-15 07:26 - 2013-08-10 20:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 07:15 - 2011-02-10 06:19 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 13:21 - 2011-02-26 10:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 13:21 - 2011-02-26 10:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 08:04 - 2013-10-21 06:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 08:03 - 2014-08-11 06:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-13 08:02 - 2013-06-23 09:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-12 14:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 09:52 - 2011-02-06 11:25 - 00142104 _____ () C:\Users\pamboe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 09:31 - 2009-07-13 21:45 - 00472472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 09:27 - 2014-05-06 08:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 09:09 - 2011-02-11 20:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 12:01 - 2014-08-27 13:26 - 00000000 ____D () C:\Users\pamboe\Documents\Fire
2014-11-07 16:45 - 2013-09-03 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-30 11:09 - 2014-02-12 18:35 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-6582711-4271374768-1986247805-1000
2014-10-30 09:41 - 2012-10-11 06:28 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPAMBOE-HP$
2014-10-30 09:41 - 2012-09-13 06:22 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForPAMBOE-HP$.job
2014-10-28 06:42 - 2014-08-14 15:54 - 00000000 ____D () C:\Users\pamboe\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\pamboe\AppData\Local\Temp\Quarantine.exe
C:\Users\pamboe\AppData\Local\Temp\sqlite3.dll
C:\Users\pamboe\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\pamboe\AppData\Local\Temp\swt-win32-3448.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-15 19:38

==================== End Of Log ============================



#12 pamaboe

pamaboe

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 25 November 2014 - 08:28 PM

You guys are amazing! Vosteran is gone, at least it appears that way. Maybe you will tell me differently though? :clap:



#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 26 November 2014 - 12:09 AM

Hi pamaboe ,

That looks much better, but we still have some work to do.

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 pamaboe

pamaboe

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 26 November 2014 - 10:32 PM

Wow that that last scan took alot of time!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/26/2014
Scan Time: 7:51:43 AM
Logfile: mbam-log-2014-11-16.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.26.04
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: pamboe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354440
Time Elapsed: 34 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.MaintainerSvc.A, C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009, Quarantined, [e973ba86d6a696a0432806355ca741bf],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

 

 

 

As far as the Eset log, it found 5 threat items, but did not create a text file, ran Eset a second time, nothing was found, do have a jpg of the Eset log, but not a text file.



#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 26 November 2014 - 11:42 PM

Hi pamaboe ,

How's the computer running, any symptoms?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users