Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infected with Vosteran - hoping for help here [Solved]

vosteran

  • This topic is locked This topic is locked
8 replies to this topic

#1 SisterIggy

SisterIggy

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 20 December 2014 - 11:13 AM

Hi Folks,

 

I found What the Tech through Norton Community, where several posters recommended it for help with removing Vosteran.  

 

I've run the recommended scans and have attached the results here.  Hoping that someone here is available and willing to help.

 

Thanks in advance for your help!

 

Best regards,

Caprice

Attached Files


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 20 December 2014 - 04:35 PM

:welcome:

 

Lets run some programs to clean you up and then we will go from there, run these in the order listed please and post the log from each one

 

 
 

 
 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 SisterIggy

    SisterIggy

      New Member

    • New Member
    • Pip
    • 4 posts

    Posted 21 December 2014 - 12:05 PM

    Thanks very much Ken! 

     

    No problems with the first 2 tools, but Malwarebyte's AntiMalware didn't allow me to COPY TO CLIPBOARD - I clicked and it just didn't work.  I tried downloading the log file too, but no dice.  I took a screenshot of the quarantined items, but it looks like I can't attach a file to my reply and I wasn't able to copy the image here.  The detailed results clearly show 2 Vosteran files that have been quarantined, but not sure how to get the results to you.

     

    Here are the 2 logs that I do have though: 

     

    # AdwCleaner v4.105 - Report created 21/12/2014 at 07:51:45
    # Updated 08/12/2014 by Xplode
    # Database : 2014-12-16.1 [Live]
    # Operating System : Windows 8.1  (64 bits)
    # Username : Caprice - CAPRICE
    # Running from : C:\Users\Caprice\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Caprice\AppData\Local\Vosteran
    Folder Deleted : C:\Users\Caprice\AppData\Roaming\WSE_Vosteran
    File Deleted : C:\Users\Caprice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eBay.lnk
    File Deleted : C:\Users\Caprice\AppData\Roaming\Mozilla\Firefox\Profiles\i3pawdx6.default\user.js
    File Deleted : C:\Users\Caprice\AppData\Roaming\Mozilla\Firefox\Profiles\i3pawdx6.default\searchplugins\Vosteran.xml

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Vosteran Browser

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v34.0 (x86 en-US)

    [i3pawdx6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_frg01_14_47_ff&cd=2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEyDyE0ByEzyzz0E0B0BtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD[...]
    [i3pawdx6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_frg01_14_47_ff&cd=2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEyDyE0ByEzyzz0E0B0BtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytD[...]
    [i3pawdx6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
    [i3pawdx6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
    [i3pawdx6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_frg01_14_47_ff&cd=2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEyDyE0ByEzyzz0E0B0BtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzy[...]

    *************************

    AdwCleaner[R0].txt - [3431 octets] - [20/12/2014 23:30:36]
    AdwCleaner[S0].txt - [2993 octets] - [21/12/2014 07:51:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3053 octets] ##########

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 8.1 x64
    Ran by Caprice on Sun 12/21/2014 at  8:06:40.26
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Caprice\AppData\Roaming\mozilla\firefox\profiles\i3pawdx6.default\prefs.js

    user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_frg01_14_47_ff&cd=2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEyDyE0ByEzyzz0E0B0BtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFt
    user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
    user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_frg01_14_47_ff&cd=2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEyDyE0ByEzyzz0E0B0BtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFy
    Emptied folder: C:\Users\Caprice\AppData\Roaming\mozilla\firefox\profiles\i3pawdx6.default\minidumps [10 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 12/21/2014 at  8:12:06.97
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    #4 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 21 December 2014 - 01:33 PM

    Thats fine, just go ahead and run a new scan with FRST, be sure to check mark Additions and post both logs please



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 SisterIggy

    SisterIggy

      New Member

    • New Member
    • Pip
    • 4 posts

    Posted 21 December 2014 - 08:44 PM

    Okey-doke.  Here's what I got:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
    Ran by Caprice (administrator) on CAPRICE on 21-12-2014 18:11:14
    Running from C:\Users\Caprice\Downloads
    Loaded Profile: Caprice (Available profiles: Caprice)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Caprice\AppData\Local\Citrix\GoToMeeting\2031\g2mstart.exe
    (Google Inc.) C:\Users\Caprice\AppData\Local\Google\Update\GoogleUpdate.exe
    (Google Inc.) C:\Users\Caprice\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Caprice\AppData\Local\Citrix\GoToMeeting\2031\g2mcomm.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Caprice\AppData\Local\Citrix\GoToMeeting\2031\g2mlauncher.exe
    () C:\Program Files (x86)\JL Christmas Market\JL Christmas Market.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\groove.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-23] (Realtek Semiconductor)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    HKU\S-1-5-21-928018381-13728776-844392014-1001\...\Run: [GoToMeeting] => C:\Users\Caprice\AppData\Local\Citrix\GoToMeeting\2031\g2mstart.exe [40304 2014-12-05] (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\S-1-5-21-928018381-13728776-844392014-1001\...\Run: [Google Update] => C:\Users\Caprice\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-12-02] (Google Inc.)
    HKU\S-1-5-21-928018381-13728776-844392014-1001\...\Run: [Google+ Auto Backup] => C:\Users\Caprice\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
    Startup: C:\Users\Caprice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Christmas Market.lnk
    ShortcutTarget: JL Christmas Market.lnk -> C:\Program Files (x86)\JL Christmas Market\JL Christmas Market.exe ()
    Startup: C:\Users\Caprice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk
    ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
    HKU\S-1-5-21-928018381-13728776-844392014-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    HKU\S-1-5-21-928018381-13728776-844392014-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
    HKU\S-1-5-21-928018381-13728776-844392014-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKU\S-1-5-21-928018381-13728776-844392014-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-928018381-13728776-844392014-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
    SearchScopes: HKU\S-1-5-21-928018381-13728776-844392014-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Caprice\AppData\Roaming\Mozilla\Firefox\Profiles\i3pawdx6.default
    FF Homepage: www.tensoft.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin HKU\S-1-5-21-928018381-13728776-844392014-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Caprice\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-928018381-13728776-844392014-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Caprice\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-928018381-13728776-844392014-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Caprice\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2014-12-21]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-11]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
    R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    S2 0314751411242123mcinstcleanup; C:\Users\Caprice\AppData\Local\Temp\031475~1.EXE -cleanup -nolog [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141219.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141221.002\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141221.002\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
    S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2014-08-25] (Symantec Corporation)
    R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-11] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    U3 McAPExe; No ImagePath
    U3 McMPFSvc; No ImagePath
    U3 McNaiAnn; No ImagePath
    U3 mcpltsvc; No ImagePath
    U3 McProxy; No ImagePath
    U3 mfecore; No ImagePath
    U3 MSK80Service; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-21 08:57 - 2014-12-21 08:57 - 02173952 _____ () C:\Users\Caprice\Downloads\AdwCleaner(1).exe
    2014-12-21 08:51 - 2014-12-21 08:51 - 00000049 _____ () C:\Users\Caprice\Desktop\Malwarebytes' Anti-Malware.txt
    2014-12-21 08:27 - 2014-12-21 08:27 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-21 08:21 - 2014-12-21 16:25 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-21 08:20 - 2014-12-21 15:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-21 08:20 - 2014-12-21 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-21 08:20 - 2014-12-21 08:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-21 08:20 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-12-21 08:20 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-12-21 08:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-12-21 08:17 - 2014-12-21 08:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Caprice\Downloads\mbam-setup-2.0.4.1028.exe
    2014-12-21 08:12 - 2014-12-21 08:12 - 00001299 _____ () C:\Users\Caprice\Desktop\JRT.txt
    2014-12-21 08:06 - 2014-12-21 08:06 - 00000000 ____D () C:\windows\ERUNT
    2014-12-21 08:04 - 2014-12-21 08:04 - 01707646 _____ (Thisisu) C:\Users\Caprice\Downloads\JRT.exe
    2014-12-21 08:02 - 2014-12-21 08:02 - 00003149 _____ () C:\Users\Caprice\Desktop\AdwCleaner[S0].txt
    2014-12-20 23:30 - 2014-12-21 09:05 - 00000000 ____D () C:\AdwCleaner
    2014-12-20 23:28 - 2014-12-20 23:29 - 02166272 _____ () C:\Users\Caprice\Downloads\AdwCleaner.exe
    2014-12-20 08:57 - 2014-12-20 08:58 - 00031205 _____ () C:\Users\Caprice\Downloads\Addition.txt
    2014-12-20 08:56 - 2014-12-21 18:11 - 00021113 _____ () C:\Users\Caprice\Downloads\FRST.txt
    2014-12-20 08:55 - 2014-12-21 18:11 - 00000000 ____D () C:\FRST
    2014-12-20 08:54 - 2014-12-20 08:54 - 02122240 _____ (Farbar) C:\Users\Caprice\Downloads\FRST64.exe
    2014-12-20 08:22 - 2014-12-20 08:22 - 05198336 _____ (AVAST Software) C:\Users\Caprice\Downloads\aswMBR.exe
    2014-12-19 13:21 - 2014-10-30 14:37 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
    2014-12-19 13:21 - 2014-10-30 14:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
    2014-12-19 09:22 - 2014-12-19 09:22 - 903432210 _____ () C:\windows\MEMORY.DMP
    2014-12-19 09:22 - 2014-12-19 09:22 - 00284880 _____ () C:\windows\Minidump\121914-33937-01.dmp
    2014-12-19 09:22 - 2014-12-19 09:22 - 00000000 ____D () C:\windows\Minidump
    2014-12-15 09:41 - 2014-12-15 09:41 - 17316504 _____ (Microsoft Corporation) C:\Users\Caprice\Downloads\LMSetup(1).exe
    2014-12-15 09:30 - 2014-12-15 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Meeting 2007
    2014-12-15 09:29 - 2014-12-15 09:29 - 17316504 _____ (Microsoft Corporation) C:\Users\Caprice\Downloads\LMSetup.exe
    2014-12-15 09:29 - 2014-12-15 09:29 - 00000000 ____D () C:\ProgramData\Applications
    2014-12-15 09:19 - 2014-12-15 09:20 - 00638888 _____ (Oracle Corporation) C:\Users\Caprice\Downloads\jxpiinstall(1).exe
    2014-12-15 09:19 - 2014-12-15 09:19 - 00000000 ____D () C:\ProgramData\Sun
    2014-12-15 09:19 - 2014-12-15 09:18 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-12-15 09:18 - 2014-12-15 09:19 - 00000000 ____D () C:\ProgramData\Oracle
    2014-12-15 09:18 - 2014-12-15 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-12-15 09:18 - 2014-12-15 09:18 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-12-15 09:17 - 2014-12-15 09:17 - 00638888 _____ (Oracle Corporation) C:\Users\Caprice\Downloads\jxpiinstall.exe
    2014-12-11 21:25 - 2014-12-11 21:25 - 00094003 _____ () C:\Users\Caprice\Downloads\Master (1)
    2014-12-11 21:25 - 2014-12-11 21:25 - 00094003 _____ () C:\Users\Caprice\Downloads\Master
    2014-12-11 11:34 - 2014-12-11 11:34 - 00000000 ____D () C:\windows\system32\appraiser
    2014-12-10 08:11 - 2014-11-09 18:29 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupStatusProvider.dll
    2014-12-10 08:11 - 2014-11-09 17:51 - 00028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\DeviceSetupStatusProvider.dll
    2014-12-10 08:10 - 2014-12-03 15:37 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-12-10 08:10 - 2014-12-03 15:09 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2014-12-10 08:10 - 2014-12-02 15:09 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-12-10 08:10 - 2014-12-02 15:09 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2014-12-10 08:10 - 2014-12-02 15:09 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-12-10 08:10 - 2014-12-02 15:09 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-12-10 08:10 - 2014-12-02 15:09 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-12-10 08:10 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-12-10 08:10 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-12-10 08:10 - 2014-11-06 20:16 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-12-10 08:10 - 2014-11-06 19:26 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 08:10 - 2014-10-31 15:57 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
    2014-12-10 08:10 - 2014-10-31 15:47 - 00790528 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll
    2014-12-10 08:10 - 2014-10-30 15:39 - 01970432 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2014-12-10 08:10 - 2014-10-30 15:38 - 01612992 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
    2014-12-10 08:10 - 2014-10-12 18:43 - 00238912 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
    2014-12-10 08:10 - 2014-10-12 18:43 - 00153920 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
    2014-12-10 08:10 - 2014-10-12 18:43 - 00086336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
    2014-12-10 08:10 - 2014-10-12 18:43 - 00039744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys
    2014-12-10 08:09 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-12-10 08:09 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-12-10 08:09 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2014-12-10 08:09 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-12-10 08:09 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-12-10 08:09 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-12-10 08:09 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-12-10 08:09 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-12-10 08:09 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2014-12-10 08:09 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2014-12-10 08:09 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-12-10 08:09 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-12-10 08:09 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-12-10 08:09 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2014-12-10 08:09 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-12-10 08:09 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2014-12-10 08:09 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-12-10 08:09 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-12-10 08:09 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-12-10 08:09 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-12-10 08:09 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-12-10 08:09 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-12-10 08:09 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2014-12-10 08:09 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-12-10 08:09 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-12-10 08:09 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2014-12-10 08:09 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-12-10 08:09 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2014-12-10 08:09 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-12-10 08:09 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-12-10 08:09 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-12-10 08:09 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-12-10 08:09 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-12-10 08:09 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-12-10 08:09 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-12-10 08:09 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-12-10 08:09 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-12-02 21:41 - 2014-12-02 21:42 - 00000000 ____D () C:\Users\Caprice\AppData\Roaming\com.jacquielawson.marketadventcalendar2014
    2014-12-02 21:41 - 2014-12-02 21:41 - 00001012 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JL Christmas Market.lnk
    2014-12-02 21:41 - 2014-12-02 21:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
    2014-12-02 21:41 - 2014-12-02 21:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
    2014-12-02 21:41 - 2014-12-02 21:41 - 00000000 ____D () C:\ProgramData\Adobe
    2014-12-02 21:41 - 2014-12-02 21:41 - 00000000 ____D () C:\Program Files (x86)\JL Christmas Market
    2014-12-02 21:41 - 2014-12-02 21:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-12-02 09:03 - 2014-12-02 09:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-12-02 07:49 - 2014-12-02 07:49 - 00000880 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928018381-13728776-844392014-1001Core1d00e4784e9103d.job
    2014-12-02 07:48 - 2014-12-02 07:49 - 00000880 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928018381-13728776-844392014-1001Core.job
    2014-12-02 07:48 - 2014-12-02 07:48 - 00000000 ____D () C:\Users\Caprice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-12-01 06:56 - 2014-12-02 07:48 - 00000000 ____D () C:\Users\Caprice\AppData\Local\Google
    2014-12-01 06:56 - 2014-12-01 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2014-12-01 06:56 - 2014-12-01 06:56 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-12-01 06:55 - 2014-12-01 06:55 - 17385800 _____ (Google Inc.) C:\Users\Caprice\Downloads\picasa39-setup.exe
    2014-11-25 13:55 - 2014-11-25 13:55 - 00001079 _____ () C:\Users\Caprice\Downloads\20145325161119.csv
    2014-11-24 07:27 - 2014-11-24 07:28 - 01546856 _____ (Skype Technologies S.A.) C:\Users\Caprice\Downloads\SkypeSetup.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-21 18:10 - 2014-09-10 20:43 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-12-21 18:00 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\sru
    2014-12-21 17:55 - 2014-11-19 09:06 - 00004978 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CAPRICE-Caprice Caprice
    2014-12-21 17:28 - 2014-09-25 08:07 - 00000590 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-928018381-13728776-844392014-1001.job
    2014-12-21 15:20 - 2014-09-08 09:02 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{A1B0E98A-3542-442F-B6B5-06F14C0811B1}
    2014-12-21 10:17 - 2014-09-08 09:09 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-928018381-13728776-844392014-1001
    2014-12-21 09:29 - 2014-09-08 09:04 - 00000000 __RDO () C:\Users\Caprice\SkyDrive
    2014-12-21 09:17 - 2013-08-24 13:32 - 00110508 _____ () C:\windows\PFRO.log
    2014-12-21 09:17 - 2013-08-22 06:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-12-21 09:17 - 2013-08-22 05:25 - 00524288 ___SH () C:\windows\system32\config\BBI
    2014-12-21 08:16 - 2014-09-08 08:58 - 01093135 _____ () C:\windows\WindowsUpdate.log
    2014-12-21 08:16 - 2013-08-24 13:59 - 00908670 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-12-21 07:41 - 2014-09-08 09:02 - 00000000 ____D () C:\Users\Caprice\AppData\Local\Packages
    2014-12-20 08:35 - 2013-08-22 07:20 - 00000000 ____D () C:\windows\CbsTemp
    2014-12-19 13:44 - 2014-10-28 08:16 - 00000000 ____D () C:\Users\Caprice\Documents\Caprice-home
    2014-12-19 10:33 - 2014-09-08 09:02 - 00000000 ____D () C:\Users\Caprice
    2014-12-19 09:26 - 2013-08-22 05:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2014-12-19 09:20 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\LiveKernelReports
    2014-12-19 08:47 - 2014-11-16 23:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-12-18 21:00 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\AppReadiness
    2014-12-18 06:59 - 2014-10-17 07:58 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForCaprice.job
    2014-12-18 06:59 - 2014-09-10 18:49 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
    2014-12-18 06:58 - 2014-09-10 18:49 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-12-15 09:30 - 2014-09-17 15:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2014-12-14 11:07 - 2014-09-25 08:07 - 00003592 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-928018381-13728776-844392014-1001
    2014-12-14 00:22 - 2013-08-22 06:46 - 00022566 _____ () C:\windows\setupact.log
    2014-12-13 08:50 - 2014-09-22 19:22 - 00000000 ____D () C:\Users\Caprice\AppData\Local\CrashDumps
    2014-12-12 07:59 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\rescache
    2014-12-11 21:14 - 2013-08-22 07:36 - 00000000 ___HD () C:\windows\ELAMBKUP
    2014-12-11 11:34 - 2014-09-14 11:23 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-12-11 11:34 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS
    2014-12-11 11:34 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
    2014-12-11 11:33 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-12-10 08:39 - 2014-09-11 08:58 - 00000000 ____D () C:\windows\system32\MRT
    2014-12-10 08:35 - 2014-09-11 08:58 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-12-09 10:10 - 2014-09-10 20:43 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-08 07:13 - 2013-08-24 13:38 - 00891920 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-02 21:39 - 2014-09-08 09:02 - 00000000 ____D () C:\Users\Caprice\AppData\Roaming\Adobe
    2014-12-02 21:38 - 2014-09-10 20:42 - 00000000 ____D () C:\Users\Caprice\AppData\Local\Adobe
    2014-12-02 21:27 - 2014-09-09 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-26 13:10 - 2014-11-17 21:22 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-26 13:10 - 2014-11-17 21:22 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-23 12:46 - 2014-11-16 23:09 - 00000000 ____D () C:\Users\Caprice\AppData\Roaming\Apple Computer
    2014-11-21 23:46 - 2014-11-19 09:13 - 00000000 ___RD () C:\Users\Caprice\OneDrive - Tensoft, Inc-

    Some content of TEMP:
    ====================
    C:\Users\Caprice\AppData\Local\Temp\Quarantine.exe
    C:\Users\Caprice\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-17 08:33

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
    Ran by Caprice at 2014-12-21 18:12:08
    Running from C:\Users\Caprice\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    AMD Catalyst Install Manager (HKLM\...\{EE691BD9-2B2C-6BFB-6389-ABAF5AD2A4A1}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
    Google+ Auto Backup (HKU\S-1-5-21-928018381-13728776-844392014-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
    GoToMeeting 6.4.8.2093 (HKU\S-1-5-21-928018381-13728776-844392014-1001\...\GoToMeeting) (Version: 6.4.8.2093 - CitrixOnline)
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 0.0.13.0 - Brother Industries, Ltd.)
    House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-928018381-13728776-844392014-1001\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
    HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
    Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
    Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Jacquie Lawson Christmas Market (HKLM-x32\...\com.jacquielawson.marketadventcalendar2014) (Version: 1.0.1 - MicroCourt Limited)
    Jacquie Lawson Christmas Market (x32 Version: 1.0.1 - MicroCourt Limited) Hidden
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft Office Live Meeting 2007 (HKLM-x32\...\{0309B99E-C7EA-414C-AC53-A78061277595}) (Version: 8.0.6362.223 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
    Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-928018381-13728776-844392014-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Caprice\AppData\Local\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-928018381-13728776-844392014-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Caprice\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-928018381-13728776-844392014-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Caprice\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    ==================== Restore Points  =========================

    10-12-2014 08:29:14 Windows Update
    15-12-2014 09:29:50 Installed Microsoft Office Live Meeting 2007
    18-12-2014 20:59:06 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {094D5E67-B893-48D0-9258-C1B88CA3C572} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
    Task: {1113AA51-F9CC-4453-9D2A-9B3FD258A463} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CAPRICE-Caprice Caprice => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
    Task: {161F9508-CEB4-40E6-889F-E9C92ADA7978} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-04] (CyberLink)
    Task: {37D45B29-E787-4159-98E3-5F68D91790E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {399C3F30-8906-4413-9FDE-7A41BCF043FF} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
    Task: {4F135059-7F71-4EB2-81A3-D45DFA76363B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {52FE5978-D23C-4D31-B59B-F860C285EA0A} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {55A1C57D-956E-401A-9A1A-721986DB24FE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-20] (Symantec Corporation)
    Task: {75D6F695-81B5-47B0-AB2E-E07F8F3127CB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {7FFA49E4-E456-4896-BA49-196A0084CF05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {8BABC759-21E2-4BA7-98D9-E10C6D563F90} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {9A9AFA75-A472-4298-AF7D-B6DB06A78011} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {A49CB46E-AA18-4384-90F2-3BAC2D524DC2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {A68166B9-F06E-4916-9D1B-5B911DF6980C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {AE430C78-B7F0-4E5A-A3A5-18B7D0A1B461} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {C2864253-A32E-4F77-B79C-90D4156B572E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
    Task: {CD11E4DD-D34B-45F7-AB33-A3D2B8BB05BE} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
    Task: {EE6CBD31-3B59-477D-9731-39B102607F86} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {F9BC062C-AC05-40B9-AF7C-10E69F24E79E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
    Task: {FE1B9631-489E-413C-8676-EBDB605C9D6B} - System32\Tasks\G2MUpdateTask-S-1-5-21-928018381-13728776-844392014-1001 => C:\Users\Caprice\AppData\Local\Citrix\GoToMeeting\2093\g2mupdate.exe [2014-12-14] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {FE718139-55E7-42B3-B9A5-863EB7F8CA39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-928018381-13728776-844392014-1001.job => C:\Users\Caprice\AppData\Local\Citrix\GoToMeeting\2093\g2mupdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928018381-13728776-844392014-1001Core.job => C:\Users\Caprice\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928018381-13728776-844392014-1001Core1d00e4784e9103d.job => C:\Users\Caprice\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\HPCeeScheduleForCaprice.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-09-26 11:26 - 2013-09-26 11:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    2013-09-26 11:32 - 2013-09-26 11:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
    2013-09-26 11:28 - 2013-09-26 11:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2013-09-26 11:25 - 2013-09-26 11:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2013-09-26 11:25 - 2013-09-26 11:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2013-09-26 11:25 - 2013-09-26 11:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2013-09-26 11:39 - 2013-09-26 11:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2013-09-26 11:39 - 2013-09-26 11:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2014-09-17 15:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-09-17 15:55 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-09-26 11:34 - 2013-09-26 11:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2014-12-02 21:41 - 2014-12-02 21:41 - 00142336 _____ () C:\Program Files (x86)\JL Christmas Market\JL Christmas Market.exe
    2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-09-17 15:49 - 2014-09-23 03:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2014-08-12 14:29 - 2014-08-12 14:29 - 03219456 _____ () C:\Users\Caprice\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
    2014-09-20 10:44 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2014-09-17 15:48 - 2014-11-15 10:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2014-09-17 15:49 - 2014-09-23 03:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
    2013-11-12 04:42 - 2013-08-04 23:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2014-09-17 15:48 - 2014-11-15 10:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2014-10-23 08:45 - 2014-11-15 10:36 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
    2014-09-17 15:51 - 2014-10-14 08:29 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
    2014-09-17 15:48 - 2014-10-23 08:46 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
    2014-09-17 15:48 - 2014-11-15 10:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
    2014-12-02 09:03 - 2014-12-02 09:03 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Caprice\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-928018381-13728776-844392014-500 - Administrator - Disabled)
    Caprice (S-1-5-21-928018381-13728776-844392014-1001 - Administrator - Enabled) => C:\Users\Caprice
    Guest (S-1-5-21-928018381-13728776-844392014-501 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/21/2014 03:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 16640

    Error: (12/21/2014 03:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 16640

    Error: (12/21/2014 03:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/21/2014 03:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 14890

    Error: (12/21/2014 03:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 14890

    Error: (12/21/2014 03:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/21/2014 03:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13250

    Error: (12/21/2014 03:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 13250

    Error: (12/21/2014 03:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/21/2014 03:17:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11656


    System errors:
    =============
    Error: (12/21/2014 10:43:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (12/21/2014 08:28:52 AM) (Source: DCOM) (EventID: 10010) (User: CAPRICE)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/21/2014 08:28:21 AM) (Source: DCOM) (EventID: 10010) (User: CAPRICE)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/21/2014 08:27:51 AM) (Source: DCOM) (EventID: 10010) (User: CAPRICE)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/21/2014 08:27:21 AM) (Source: DCOM) (EventID: 10010) (User: CAPRICE)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/21/2014 08:23:05 AM) (Source: DCOM) (EventID: 10010) (User: CAPRICE)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/21/2014 08:22:35 AM) (Source: DCOM) (EventID: 10010) (User: CAPRICE)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/21/2014 08:22:05 AM) (Source: DCOM) (EventID: 10010) (User: CAPRICE)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/21/2014 08:21:35 AM) (Source: DCOM) (EventID: 10010) (User: CAPRICE)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/21/2014 08:21:05 AM) (Source: DCOM) (EventID: 10010) (User: CAPRICE)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Microsoft Office Sessions:
    =========================
    Error: (12/21/2014 03:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 16640

    Error: (12/21/2014 03:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 16640

    Error: (12/21/2014 03:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/21/2014 03:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 14890

    Error: (12/21/2014 03:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 14890

    Error: (12/21/2014 03:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/21/2014 03:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13250

    Error: (12/21/2014 03:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 13250

    Error: (12/21/2014 03:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/21/2014 03:17:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11656


    ==================== Memory info ===========================

    Processor: AMD A6-5200 APU with Radeon™ HD Graphics
    Percentage of memory in use: 24%
    Total physical RAM: 7622.43 MB
    Available physical RAM: 5754.04 MB
    Total Pagefile: 15302.43 MB
    Available Pagefile: 12174.71 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:914.83 GB) (Free:845.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:15.2 GB) (Free:1.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (BACKUP) (Fixed) (Total:465.75 GB) (Free:213.04 GB) NTFS
    Drive g: (DATA) (Fixed) (Total:465.75 GB) (Free:0.01 GB) NTFS
    Drive h: () (Removable) (Total:0.48 GB) (Free:0.32 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: A7750EEE)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 488.7 MB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 2 (Size: 465.8 GB) (Disk ID: 83267D78)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

    ========================================================
    Disk: 3 (Size: 465.8 GB) (Disk ID: 83267D7B)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

    ==================== End Of Log ============================



    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 22 December 2014 - 06:08 AM

    Good Morning,

     

    A quick fix, you have FRST running from your downloads folder , I am attaching a Fixlist file, you need to download it in the same directory as FRST or the fix wont work, after you download it open up FRST and click on FIX, it will reboot your system and you will have a FIXLOG in the same directory, post it please

     

    Then tell me how you feel your system is running now ?

    Attached Files



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 SisterIggy

    SisterIggy

      New Member

    • New Member
    • Pip
    • 4 posts

    Posted 22 December 2014 - 01:17 PM

    Thanks Ken - definitely running  better now.  Here's the FIXLOG:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
    Ran by Caprice at 2014-12-22 10:58:02 Run:1
    Running from C:\Users\Caprice\Downloads
    Loaded Profile: Caprice (Available profiles: Caprice)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    Task: {399C3F30-8906-4413-9FDE-7A41BCF043FF} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
    C:\Program Files (x86)\iSpeedPC
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{399C3F30-8906-4413-9FDE-7A41BCF043FF}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{399C3F30-8906-4413-9FDE-7A41BCF043FF}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ISpeedPC_Daily => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISpeedPC_Daily" => Key deleted successfully.
    "C:\Program Files (x86)\iSpeedPC" => File/Directory not found.

    =========  ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 794.1 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====



    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 22 December 2014 - 01:55 PM

    Great, sounds good :)  I will keep this thread open for you for a couple of days in case of any returning problems, if the thread is closed you can PM me to reopen it or start a new topic

     

     

    Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
  •  
     
    ==========================================================
     
     
    Please download DelFix and save the file to your Desktop.
     
    DelFix_zps139e2ea1.jpg
     
  • Windows XP Double Click DelFix.exe to run the program. 
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
  • Checkmark " Remove Disinfection Tools"
  • Click the Run button
  •  
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
    ==========================================================
     
     
     
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
  • Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
  •  
     
    Safe Surfn
    Ken


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 27 December 2014 - 06:14 PM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
    and start a New Topic.

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics




    Also tagged with one or more of these keywords: vosteran

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users