Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another victim of the COM Surrogate/DLLhost.exe*32 virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 jdchandler514

jdchandler514

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 02 November 2014 - 12:02 AM

About a week ago, Norton 360 notified that it had blocked a Trojan.Powelik attack.  Since then the CPU usage keeps getting taken over by dllhost.exe*32, with increased intrusions being blocked by Norton's.  I have recently blocked the dllhost.exe*32 in the Norton Firewall which has greatly reduced these occurrences.

Would appreciate help in permanently removing this virus.

Thank you,

-jdc

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.67.2
Run by Jeff at 20:55:37 on 2014-11-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.1038 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EPSON096A97] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SF5CF.tmp" /EF "HKCU"
uRun: [Epson Stylus NX510(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SC963.tmp" /EF "HKCU"
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [VantagePointLite.exe] "C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Jeff\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\REGIST~1.LNK - C:\Program Files (x86)\UBISOFT\Myst IV - Revelation\support\register\na\RegistrationReminder.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{51F40E4F-8010-43EA-B9A3-96F0E4F7AB46} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{51F40E4F-8010-43EA-B9A3-96F0E4F7AB46}\348414E444C454250275942554C4543535 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{51F40E4F-8010-43EA-B9A3-96F0E4F7AB46}\368616E646C65627 : DHCPNameServer = 74.128.17.114 74.128.19.102
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-10-4 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-10-4 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [2014-10-27 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-10-4 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141101.001\IDSviA64.sys [2014-10-31 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-10-4 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-10-4 593112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-10-20 38456]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-20 245792]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-3 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-11-02 02:34:02 40034920 ----atw- C:\Windows\SysWow64\00011294.tmp
2014-11-02 00:11:30 40034920 ----atw- C:\Windows\SysWow64\00018183.tmp
2014-11-01 22:32:56 -------- d-----w- C:\Users\Jeff\AppData\Local\{766574E7-1705-40F3-9449-6279E2E88751}
2014-11-01 05:05:18 -------- d-----w- C:\Users\Jeff\AppData\Local\{96938CA2-8DED-4886-BF73-24ADF896AD29}
2014-10-31 03:00:05 -------- d-----w- C:\Users\Jeff\AppData\Local\{9C0566E5-5744-41FD-BCB6-BC47C6448046}
2014-10-30 02:41:19 -------- d-----w- C:\Users\Jeff\AppData\Local\{EF74DA3D-FDED-4EEC-B0CE-BC247E9541C7}
2014-10-25 16:14:06 -------- d-----w- C:\Users\Jeff\AppData\Local\{E7BC2147-3236-48D8-B0F4-5D1613CA456B}
2014-10-24 04:50:34 0 ----a-w- C:\Windows\SysWow64\sho449F.tmp
2014-10-24 03:19:07 -------- d-----w- C:\Users\Jeff\AppData\Local\{11491873-D472-4736-BEDD-47129F8A893D}
2014-10-23 03:06:35 -------- d-----w- C:\Users\Jeff\AppData\Local\{A7169280-B69D-4156-8452-C65383E414A1}
2014-10-22 03:02:03 -------- d-----w- C:\Users\Jeff\AppData\Local\{FF0D0836-C5A6-4F3F-83C7-40136CD43162}
2014-10-21 02:33:48 -------- d-----w- C:\Users\Jeff\AppData\Local\{D51081B2-F54F-459C-A973-6F5F06354E3F}
2014-10-20 02:24:57 -------- d-----w- C:\Program Files\iPod
2014-10-20 02:24:54 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-20 02:24:54 -------- d-----w- C:\Program Files\iTunes
2014-10-20 02:24:54 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-19 19:58:56 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-19 19:57:27 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-10-19 19:57:27 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-10-19 19:57:26 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-10-19 19:57:26 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-10-19 19:57:13 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-19 19:57:07 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-19 19:57:06 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-19 19:56:53 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-10-19 19:56:52 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-19 19:56:50 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-19 19:56:50 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-19 19:56:50 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-19 19:56:50 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-19 19:56:49 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-19 19:56:49 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-19 19:56:30 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-19 19:56:28 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-19 19:45:13 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-19 19:45:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-19 14:51:23 -------- d-----w- C:\Users\Jeff\AppData\Local\{58D0255F-2CE0-49A0-AF32-6E414F5DF2AA}
2014-10-18 19:23:19 -------- d-----w- C:\Users\Jeff\AppData\Local\{46F78A17-620D-4326-977D-4730E80E9938}
2014-10-17 03:58:09 -------- d-----w- C:\Users\Jeff\AppData\Local\{9C1F551F-95A2-4774-8FD0-AFB99DC23F07}
2014-10-16 03:17:09 -------- d-----w- C:\Users\Jeff\AppData\Local\{4602D628-636C-4925-9025-A79EC4DB85B7}
2014-10-15 03:17:26 -------- d-----w- C:\Users\Jeff\AppData\Local\{EA7FC297-9B56-40B4-A506-41099235249E}
2014-10-14 03:16:46 -------- d-----w- C:\Users\Jeff\AppData\Local\{38A43B5B-5222-4CF5-B1C3-D3F4286B72A2}
2014-10-12 17:40:23 -------- d-----w- C:\Users\Jeff\AppData\Local\{A2F9885C-A5A0-40EE-9FB2-11B4025F8F14}
2014-10-12 04:35:59 -------- d-----w- C:\Users\Jeff\AppData\Local\{7E7CA60B-05A3-4CE0-9EB3-386932AA22B1}
2014-10-11 16:34:24 -------- d-----w- C:\Users\Jeff\AppData\Local\{76A4C6D2-5469-41C4-A2C6-AAF6CA14E55F}
2014-10-11 04:34:04 -------- d-----w- C:\Users\Jeff\AppData\Local\{FDE4840D-4892-410C-9A6F-95DEAAF773DF}
2014-10-10 03:25:59 -------- d-----w- C:\Users\Jeff\AppData\Local\{F875C4D9-B078-4720-8BFA-7F06DFA9B7FF}
2014-10-09 03:35:50 -------- d-----w- C:\Users\Jeff\AppData\Local\{0E70DE85-A6DE-4C6F-B9FD-7EE163EDB625}
2014-10-08 03:13:08 -------- d-----w- C:\Users\Jeff\AppData\Local\{011C7B08-9364-4E54-B7BF-9AAD3F483EC0}
2014-10-07 03:14:46 -------- d-----w- C:\Users\Jeff\AppData\Local\{6CF0C233-F31C-4612-BB81-70A4B3621673}
2014-10-05 15:15:03 -------- d-----w- C:\Users\Jeff\AppData\Local\{8E45E986-A041-4892-92CB-8AD6A4BF4F99}
2014-10-05 14:21:13 0 ----a-w- C:\Windows\SysWow64\sho55E4.tmp
2014-10-05 06:31:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-05 03:14:32 -------- d-----w- C:\Users\Jeff\AppData\Local\{F9F7CBAD-D504-4AE8-8F27-AB007E9E3205}
2014-10-05 00:56:54 593112 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2014-10-05 00:56:54 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2014-10-05 00:56:54 1148120 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2014-10-05 00:56:53 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2014-10-05 00:56:53 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-10-05 00:56:52 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-10-05 00:56:51 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2014-10-05 00:56:51 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2014-10-05 00:56:20 -------- d-----w- C:\Windows\System32\drivers\N360x64\1506000.020
2014-10-04 15:14:16 -------- d-----w- C:\Users\Jeff\AppData\Local\{FB6DDDBB-1A17-4C64-B236-B777C6D0CF7A}
2014-10-04 03:12:50 -------- d-----w- C:\Users\Jeff\AppData\Local\{4EECCE56-E845-4C7A-9AA4-4462CCD5D8B4}
2014-10-03 03:28:02 -------- d-----w- C:\Users\Jeff\AppData\Local\{50F1B2F6-DE5E-4B80-9630-0087B333FAC7}
.
==================== Find3M  ====================
.
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-05 14:32:05 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-05 14:32:05 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-20 19:39:51 0 ----a-w- C:\Windows\SysWow64\sho76C8.tmp
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 20:58:55.69 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:45 PM

Posted 02 November 2014 - 07:21 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 jdchandler514

jdchandler514
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 02 November 2014 - 11:30 AM

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Jeff (administrator) on JEFF-HP on 02-11-2014 09:22:48
Running from C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP8S8LIG
Loaded Profile: Jeff (Available profiles: Jeff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Magellan Navigation, Inc.) C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-01-23] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe [577792 2010-02-22] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [EPSON096A97] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [Epson Stylus NX510(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-07-10] (The Weather Channel)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [VantagePointLite.exe] => C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe [171520 2013-06-18] (Magellan Navigation, Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\MountPoints2: {4275c7ab-1086-11e0-8346-806e6f6e6963} - E:\win32\autorun\m4ck.exe
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
ShortcutTarget: Registration .LNK -> C:\Program Files (x86)\UBISOFT\Myst IV - Revelation\support\register\na\RegistrationReminder.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=bdt3&ocid=bdtdhp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0D1F19A0-09F6-4EC2-B265-E48808163BB0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0D1F19A0-09F6-4EC2-B265-E48808163BB0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {0D1F19A0-09F6-4EC2-B265-E48808163BB0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.claro-search.com/?q={searchTerms}&affID=116293&tt=4112_3&babsrc=SP_clro&mntrId=e24b91780000000000002eac4cb7143c
SearchScopes: HKCU - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869
SearchScopes: HKCU - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Claro LTD Helper Object -> {000F18F2-09EB-4A59-82B2-5AE4184C39C3} -> C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-11-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014-05-18]

Chrome:
=======
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-08-10]
CHR Extension: (Norton Identity Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-07]
CHR Extension: (SWOOOP) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblimahfbhdcengjfbdpdngcfcghladf [2014-08-10]
CHR Extension: (Skype Click to Call) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-05]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-18]
CHR Extension: (SiriusXM) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbdoippffioahmjdapnadeelifajhco [2014-08-10]
CHR Extension: (Google Wallet) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (9-Ball Pool) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\oafdgpdaojfjhcolidaakebmnbibdbpb [2014-08-10]
CHR Extension: (Vid-Saver) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc [2012-10-10]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [pgmfkblbflahhponhjmkcnpjinenhlnc] - C:\Users\Jeff\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx [2012-09-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [45312 2010-02-22] (NewTech Infosystems, Inc.)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141101.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141101.003\ENG64.SYS [129752 2014-10-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141101.003\EX64.SYS [2137304 2014-10-11] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 08:56 - 2014-11-02 09:22 - 00000000 ____D () C:\FRST
2014-11-02 08:33 - 2014-11-02 08:33 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{F2B1B913-48CC-4D55-9271-0D97949E9413}
2014-11-01 19:59 - 2014-11-01 19:59 - 00007414 _____ () C:\Users\Jeff\Desktop\attach.txt
2014-11-01 19:59 - 2014-11-01 19:58 - 00024779 _____ () C:\Users\Jeff\Desktop\dds.txt
2014-11-01 15:32 - 2014-11-01 15:33 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{766574E7-1705-40F3-9449-6279E2E88751}
2014-10-31 22:05 - 2014-10-31 22:05 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{96938CA2-8DED-4886-BF73-24ADF896AD29}
2014-10-30 20:00 - 2014-10-30 20:00 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{9C0566E5-5744-41FD-BCB6-BC47C6448046}
2014-10-29 19:41 - 2014-10-29 19:41 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{EF74DA3D-FDED-4EEC-B0CE-BC247E9541C7}
2014-10-27 20:35 - 2014-10-27 20:35 - 32601272 _____ (Microsoft Corporation) C:\Users\Jeff\Downloads\Windows-KB890830-x64-V5.17.exe
2014-10-25 14:40 - 2014-10-25 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-10-25 14:40 - 2014-10-25 14:40 - 00000000 ____D () C:\Users\Administrator
2014-10-25 09:14 - 2014-10-25 09:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{E7BC2147-3236-48D8-B0F4-5D1613CA456B}
2014-10-23 21:50 - 2014-10-23 21:50 - 00000000 _____ () C:\Windows\SysWOW64\sho449F.tmp
2014-10-23 20:19 - 2014-10-23 20:19 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{11491873-D472-4736-BEDD-47129F8A893D}
2014-10-22 20:06 - 2014-10-22 20:06 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{A7169280-B69D-4156-8452-C65383E414A1}
2014-10-21 20:02 - 2014-10-21 20:02 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{FF0D0836-C5A6-4F3F-83C7-40136CD43162}
2014-10-20 19:33 - 2014-10-20 19:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{D51081B2-F54F-459C-A973-6F5F06354E3F}
2014-10-19 19:25 - 2014-10-19 19:25 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-19 19:25 - 2014-10-19 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\Program Files\iTunes
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-19 19:24 - 2014-10-19 19:24 - 00000000 ____D () C:\Program Files\iPod
2014-10-19 12:59 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 12:59 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-19 12:59 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-19 12:59 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-19 12:59 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-19 12:59 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 12:59 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 12:59 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 12:59 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 12:59 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-19 12:59 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 12:59 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 12:59 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 12:59 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 12:59 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 12:59 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 12:59 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 12:59 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 12:59 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 12:59 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 12:59 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-19 12:59 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 12:59 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 12:59 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 12:59 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-19 12:59 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 12:59 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 12:59 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-19 12:59 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 12:59 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-19 12:59 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 12:59 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-19 12:59 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-19 12:59 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-19 12:59 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-19 12:59 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-19 12:59 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-19 12:59 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 12:59 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 12:59 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 12:59 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-19 12:59 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 12:59 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-19 12:59 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-19 12:59 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-19 12:59 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 12:59 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-19 12:59 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 12:59 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-19 12:59 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-19 12:59 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 12:59 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-19 12:58 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-19 12:58 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-19 12:58 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-19 12:58 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-19 12:58 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 12:58 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 12:58 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-19 12:58 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-19 12:58 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-19 12:58 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 12:58 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 12:57 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 12:57 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-19 12:57 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-19 12:57 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-19 12:57 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-19 12:56 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-19 12:56 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-19 12:56 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 12:56 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 12:45 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 12:45 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-19 07:51 - 2014-10-19 07:51 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{58D0255F-2CE0-49A0-AF32-6E414F5DF2AA}
2014-10-18 12:23 - 2014-10-18 12:23 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{46F78A17-620D-4326-977D-4730E80E9938}
2014-10-16 20:58 - 2014-10-16 20:58 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{9C1F551F-95A2-4774-8FD0-AFB99DC23F07}
2014-10-15 20:17 - 2014-10-15 20:17 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{4602D628-636C-4925-9025-A79EC4DB85B7}
2014-10-14 20:17 - 2014-10-14 20:17 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{EA7FC297-9B56-40B4-A506-41099235249E}
2014-10-13 20:16 - 2014-10-13 20:16 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{38A43B5B-5222-4CF5-B1C3-D3F4286B72A2}
2014-10-12 10:40 - 2014-10-12 10:40 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{A2F9885C-A5A0-40EE-9FB2-11B4025F8F14}
2014-10-11 21:35 - 2014-10-11 21:36 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{7E7CA60B-05A3-4CE0-9EB3-386932AA22B1}
2014-10-11 09:34 - 2014-10-11 09:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{76A4C6D2-5469-41C4-A2C6-AAF6CA14E55F}
2014-10-10 21:34 - 2014-10-10 21:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{FDE4840D-4892-410C-9A6F-95DEAAF773DF}
2014-10-09 20:25 - 2014-10-09 20:26 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{F875C4D9-B078-4720-8BFA-7F06DFA9B7FF}
2014-10-08 20:35 - 2014-10-08 20:36 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{0E70DE85-A6DE-4C6F-B9FD-7EE163EDB625}
2014-10-07 20:13 - 2014-10-07 20:13 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{011C7B08-9364-4E54-B7BF-9AAD3F483EC0}
2014-10-06 20:14 - 2014-10-06 20:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{6CF0C233-F31C-4612-BB81-70A4B3621673}
2014-10-05 08:15 - 2014-10-05 08:15 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{8E45E986-A041-4892-92CB-8AD6A4BF4F99}
2014-10-05 07:32 - 2014-10-05 07:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-10-05 07:21 - 2014-10-05 07:21 - 00000000 _____ () C:\Windows\SysWOW64\sho55E4.tmp
2014-10-04 23:35 - 2014-10-04 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-04 23:31 - 2014-10-19 19:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-04 20:14 - 2014-10-04 20:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{F9F7CBAD-D504-4AE8-8F27-AB007E9E3205}
2014-10-04 08:14 - 2014-10-04 08:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{FB6DDDBB-1A17-4C64-B236-B777C6D0CF7A}
2014-10-03 20:12 - 2014-10-03 20:13 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{4EECCE56-E845-4C7A-9AA4-4462CCD5D8B4}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 09:21 - 2011-09-10 19:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 08:36 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 08:36 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 08:34 - 2010-10-20 01:48 - 01172818 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 08:34 - 2009-07-13 22:13 - 00789658 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 08:28 - 2011-09-10 19:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 08:28 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 08:28 - 2009-07-13 21:51 - 00100689 _____ () C:\Windows\setupact.log
2014-11-01 22:27 - 2010-12-31 20:38 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6794F8C3-98D5-4D21-9237-E909E4BD6877}
2014-10-30 19:41 - 2011-06-08 21:37 - 00000000 ____D () C:\Users\Jeff\AppData\Local\CrashDumps
2014-10-29 21:24 - 2014-09-12 14:12 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJeff
2014-10-29 21:24 - 2014-09-12 14:12 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJeff.job
2014-10-29 20:23 - 2012-09-03 19:29 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 20:06 - 2010-12-25 17:23 - 00653146 _____ () C:\Windows\PFRO.log
2014-10-25 09:23 - 2011-11-06 17:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-25 09:23 - 2010-12-26 08:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-25 09:16 - 2011-09-10 19:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 09:16 - 2011-09-10 19:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 19:24 - 2010-12-26 07:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-19 14:59 - 2009-07-13 21:45 - 00280344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 14:54 - 2014-05-10 11:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-19 14:52 - 2010-12-25 18:15 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\SoftGrid Client
2014-10-19 13:13 - 2013-08-10 20:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-13 20:12 - 2010-12-25 10:42 - 00063104 _____ () C:\Users\Jeff\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-12 19:44 - 2011-01-16 20:13 - 09564160 _____ () C:\Users\Jeff\Desktop\Jeff's Quicken Data.QDF-backup
2014-10-05 07:32 - 2012-04-14 20:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-05 07:32 - 2011-05-13 20:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-05 07:24 - 2012-05-28 17:57 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-05 07:24 - 2011-02-26 11:28 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-05 07:23 - 2014-05-18 18:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-05 07:23 - 2011-02-26 11:29 - 00002279 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-05 07:23 - 2009-07-13 22:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-03 09:02 - 2011-01-09 12:26 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\sysqcl1129139270.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-04 22:36

==================== End Of Log ============================

 

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Jeff at 2014-11-02 09:24:06
Running from C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP8S8LIG
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Claro LTD toolbar   (HKLM-x32\...\claro) (Version:  - Claro LTD) <==== ATTENTION
Comic Life (HKLM-x32\...\{6A1F0A1A-474C-4151-8534-5F61832D88CD}) (Version: 1.3.6 - plasq)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Myst IV - Revelation (HKLM-x32\...\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}) (Version: 1 - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 1.1.2.97 - NewTech Infosystems)
NTI Backup Now EZ (x32 Version: 1.1.2.97 - NewTech Infosystems) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.7.12055 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VantagePoint (HKLM-x32\...\InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}) (Version: 2.40.0000 - Magellan Navigation, Inc.)
VantagePoint (x32 Version: 2.40.0000 - Magellan Navigation, Inc.) Hidden
Vid-Saver (HKLM-x32\...\Vid-Saver) (Version: 1.23.151.151 - 215 Apps) <==== ATTENTION
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VisualBee for Microsoft PowerPoint (HKCU\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.5 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.4.15 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2318684821-694813368-435094682-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

04-10-2014 04:13:39 Norton 360 Registry Clean
19-10-2014 20:00:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2210219E-E9A0-4FB8-8355-07F59C16D841} - System32\Tasks\VisualBeeRecovery => C:\Users\Jeff\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe [2012-03-14] () <==== ATTENTION
Task: {2D3C3EF2-053D-4415-A9DB-18C8B71FF7A2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {43BBB1F6-ACBF-40F3-9574-FCB32755EC4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {4855D2CF-85FA-441E-85D1-8B5C3BBC5B44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6CD78C0F-D092-49FE-BD1C-6BFBC7F6F0C6} - System32\Tasks\{6C67D252-3009-430C-BCF8-C1CFF14F03BE} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {77C26244-F4B0-44CB-A049-FA8D08D82781} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {7BFFBBB6-5081-4685-A93C-DE42DF12182D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {83B5D545-BE16-4689-8110-35F8C434726B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8DD88B82-E3E4-48CB-AE1D-7D19B48BCC3D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2318684821-694813368-435094682-1001
Task: {98DA701F-486C-4ACB-B8D8-3F16D18BF68A} - System32\Tasks\HPCeeScheduleForJeff => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B6066C4A-83D7-4264-A5F1-B57214E398C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BF223815-FB0B-4478-9AEF-E2A7A390124C} - System32\Tasks\{5B2F5122-6F6C-4AA5-98A7-5C645738191A} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=12002
Task: {C70D92CF-3A7B-40BA-A8BE-CEDD690D17AA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D86E820B-DAF1-416B-BD0E-880BF3D9C24C} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {E91E67F0-B1DA-4A03-B5CA-ADC5EEC53592} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EFC7F689-800C-4E86-B827-23CBF93D4475} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJeff.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-06-10 16:42 - 2010-06-10 16:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-20 01:46 - 2010-10-20 01:46 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-09-29 17:37 - 2008-09-29 17:37 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll
2009-04-09 17:25 - 2009-04-09 17:25 - 00049664 _____ () C:\Program Files (x86)\Magellan\VantagePoint\VPLite\RAPIWrapper.dll
2012-01-29 09:40 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2012-01-29 09:40 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-09-05 03:17 - 2014-09-05 10:55 - 00132808 _____ () C:\Users\Jeff\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2318684821-694813368-435094682-500 - Administrator - Disabled)
Guest (S-1-5-21-2318684821-694813368-435094682-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2318684821-694813368-435094682-1002 - Limited - Enabled)
Jeff (S-1-5-21-2318684821-694813368-435094682-1001 - Administrator - Enabled) => C:\Users\Jeff

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 08:57:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cbc

Start Time: 01cff6b43f566be6

Termination Time: 21

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/30/2014 08:56:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2584

Start Time: 01cff4ba2970cb74

Termination Time: 47

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/30/2014 07:41:28 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Bing Desktop Application because of this error.

Program: Bing Desktop Application
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (10/30/2014 07:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BingDesktop.exe, version: 1.3.470.0, time stamp: 0x538d5e95
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000096
Fault offset: 0x00048665
Faulting process id: 0x10d8
Faulting application start time: 0xBingDesktop.exe0
Faulting application path: BingDesktop.exe1
Faulting module path: BingDesktop.exe2
Report Id: BingDesktop.exe3

Error: (10/29/2014 07:35:22 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Bing Desktop Application because of this error.

Program: Bing Desktop Application
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (10/29/2014 07:35:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BingDesktop.exe, version: 1.3.470.0, time stamp: 0x538d5e95
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000096
Fault offset: 0x000485fe
Faulting process id: 0x128
Faulting application start time: 0xBingDesktop.exe0
Faulting application path: BingDesktop.exe1
Faulting module path: BingDesktop.exe2
Report Id: BingDesktop.exe3

Error: (10/25/2014 02:24:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TWCApp.exe version 7.5.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: df8

Start Time: 01cff0967f4279a0

Termination Time: 3617

Application Path: C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Report Id:

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7858988

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7858988

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (11/02/2014 08:31:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/02/2014 08:29:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/01/2014 11:07:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.

Error: (11/01/2014 03:32:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/01/2014 03:29:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (11/01/2014 03:26:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/01/2014 03:25:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/31/2014 10:15:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.

Error: (10/31/2014 10:05:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (10/31/2014 10:05:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Microsoft Office Sessions:
=========================
Error: (11/02/2014 08:57:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17344cbc01cff6b43f566be621C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/30/2014 08:56:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17344258401cff4ba2970cb7447C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/30/2014 07:41:28 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Bing Desktop Application000000000

Error: (10/30/2014 07:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BingDesktop.exe1.3.470.0538d5e95ole32.dll6.1.7601.175144ce7b96fc00000960004866510d801cff4b3f807cc71C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exeC:\Windows\syswow64\ole32.dll697cd585-60a7-11e4-869b-6431505d804d

Error: (10/29/2014 07:35:22 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Bing Desktop Application000000000

Error: (10/29/2014 07:35:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BingDesktop.exe1.3.470.0538d5e95ole32.dll6.1.7601.175144ce7b96fc0000096000485fe12801cff3e9d5bbe26bC:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exeC:\Windows\syswow64\ole32.dll64f0afb2-5fdd-11e4-9263-6431505d804d

Error: (10/25/2014 02:24:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TWCApp.exe7.5.3.0df801cff0967f4279a03617C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7858988

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7858988

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: AMD Athlon™ II P340 Dual-Core Processor
Percentage of memory in use: 58%
Total physical RAM: 2810.9 MB
Available physical RAM: 1168.71 MB
Total Pagefile: 5619.98 MB
Available Pagefile: 3344.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.47 GB) (Free:172.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.32 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 82337274)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:45 PM

Posted 02 November 2014 - 11:57 AM

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.


Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKU\S-1-5-21-2318684821-694813368-435094682-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {0D1F19A0-09F6-4EC2-B265-E48808163BB0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0D1F19A0-09F6-4EC2-B265-E48808163BB0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKCU - {0D1F19A0-09F6-4EC2-B265-E48808163BB0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    2014-11-02 08:33 - 2014-11-02 08:33 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{F2B1B913-48CC-4D55-9271-0D97949E9413}
    2014-11-01 15:32 - 2014-11-01 15:33 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{766574E7-1705-40F3-9449-6279E2E88751}
    2014-10-31 22:05 - 2014-10-31 22:05 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{96938CA2-8DED-4886-BF73-24ADF896AD29}
    2014-10-30 20:00 - 2014-10-30 20:00 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{9C0566E5-5744-41FD-BCB6-BC47C6448046}
    2014-10-29 19:41 - 2014-10-29 19:41 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{EF74DA3D-FDED-4EEC-B0CE-BC247E9541C7}
    2014-10-25 09:14 - 2014-10-25 09:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{E7BC2147-3236-48D8-B0F4-5D1613CA456B}
    2014-10-23 21:50 - 2014-10-23 21:50 - 00000000 _____ () C:\Windows\SysWOW64\sho449F.tmp
    2014-10-23 20:19 - 2014-10-23 20:19 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{11491873-D472-4736-BEDD-47129F8A893D}
    2014-10-22 20:06 - 2014-10-22 20:06 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{A7169280-B69D-4156-8452-C65383E414A1}
    2014-10-21 20:02 - 2014-10-21 20:02 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{FF0D0836-C5A6-4F3F-83C7-40136CD43162}
    2014-10-20 19:33 - 2014-10-20 19:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{D51081B2-F54F-459C-A973-6F5F06354E3F}
    2014-10-19 07:51 - 2014-10-19 07:51 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{58D0255F-2CE0-49A0-AF32-6E414F5DF2AA}
    2014-10-18 12:23 - 2014-10-18 12:23 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{46F78A17-620D-4326-977D-4730E80E9938}
    2014-10-16 20:58 - 2014-10-16 20:58 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{9C1F551F-95A2-4774-8FD0-AFB99DC23F07}
    2014-10-15 20:17 - 2014-10-15 20:17 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{4602D628-636C-4925-9025-A79EC4DB85B7}
    2014-10-14 20:17 - 2014-10-14 20:17 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{EA7FC297-9B56-40B4-A506-41099235249E}
    2014-10-13 20:16 - 2014-10-13 20:16 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{38A43B5B-5222-4CF5-B1C3-D3F4286B72A2}
    2014-10-12 10:40 - 2014-10-12 10:40 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{A2F9885C-A5A0-40EE-9FB2-11B4025F8F14}
    2014-10-11 21:35 - 2014-10-11 21:36 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{7E7CA60B-05A3-4CE0-9EB3-386932AA22B1}
    2014-10-11 09:34 - 2014-10-11 09:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{76A4C6D2-5469-41C4-A2C6-AAF6CA14E55F}
    2014-10-10 21:34 - 2014-10-10 21:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{FDE4840D-4892-410C-9A6F-95DEAAF773DF}
    2014-10-09 20:25 - 2014-10-09 20:26 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{F875C4D9-B078-4720-8BFA-7F06DFA9B7FF}
    2014-10-08 20:35 - 2014-10-08 20:36 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{0E70DE85-A6DE-4C6F-B9FD-7EE163EDB625}
    2014-10-07 20:13 - 2014-10-07 20:13 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{011C7B08-9364-4E54-B7BF-9AAD3F483EC0}
    2014-10-06 20:14 - 2014-10-06 20:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{6CF0C233-F31C-4612-BB81-70A4B3621673}
    2014-10-05 08:15 - 2014-10-05 08:15 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{8E45E986-A041-4892-92CB-8AD6A4BF4F99}
    2014-10-05 07:21 - 2014-10-05 07:21 - 00000000 _____ () C:\Windows\SysWOW64\sho55E4.tmp
    2014-10-04 20:14 - 2014-10-04 20:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{F9F7CBAD-D504-4AE8-8F27-AB007E9E3205}
    2014-10-04 08:14 - 2014-10-04 08:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{FB6DDDBB-1A17-4C64-B236-B777C6D0CF7A}
    2014-10-03 20:12 - 2014-10-03 20:13 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{4EECCE56-E845-4C7A-9AA4-4462CCD5D8B4}
    C:\ProgramData\sysqcl1129139270.dat
    Task: {2210219E-E9A0-4FB8-8355-07F59C16D841} - System32\Tasks\VisualBeeRecovery => C:\Users\Jeff\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe [2012-03-14] () <==== ATTENTION
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 jdchandler514

jdchandler514
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 02 November 2014 - 01:09 PM

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Jeff at 2014-11-02 10:43:21 Run:1
Running from C:\Users\Jeff\Desktop
Loaded Profile: Jeff (Available profiles: Jeff)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0D1F19A0-09F6-4EC2-B265-E48808163BB0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0D1F19A0-09F6-4EC2-B265-E48808163BB0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {0D1F19A0-09F6-4EC2-B265-E48808163BB0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2014-11-02 08:33 - 2014-11-02 08:33 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{F2B1B913-48CC-4D55-9271-0D97949E9413}
2014-11-01 15:32 - 2014-11-01 15:33 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{766574E7-1705-40F3-9449-6279E2E88751}
2014-10-31 22:05 - 2014-10-31 22:05 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{96938CA2-8DED-4886-BF73-24ADF896AD29}
2014-10-30 20:00 - 2014-10-30 20:00 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{9C0566E5-5744-41FD-BCB6-BC47C6448046}
2014-10-29 19:41 - 2014-10-29 19:41 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{EF74DA3D-FDED-4EEC-B0CE-BC247E9541C7}
2014-10-25 09:14 - 2014-10-25 09:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{E7BC2147-3236-48D8-B0F4-5D1613CA456B}
2014-10-23 21:50 - 2014-10-23 21:50 - 00000000 _____ () C:\Windows\SysWOW64\sho449F.tmp
2014-10-23 20:19 - 2014-10-23 20:19 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{11491873-D472-4736-BEDD-47129F8A893D}
2014-10-22 20:06 - 2014-10-22 20:06 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{A7169280-B69D-4156-8452-C65383E414A1}
2014-10-21 20:02 - 2014-10-21 20:02 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{FF0D0836-C5A6-4F3F-83C7-40136CD43162}
2014-10-20 19:33 - 2014-10-20 19:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{D51081B2-F54F-459C-A973-6F5F06354E3F}
2014-10-19 07:51 - 2014-10-19 07:51 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{58D0255F-2CE0-49A0-AF32-6E414F5DF2AA}
2014-10-18 12:23 - 2014-10-18 12:23 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{46F78A17-620D-4326-977D-4730E80E9938}
2014-10-16 20:58 - 2014-10-16 20:58 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{9C1F551F-95A2-4774-8FD0-AFB99DC23F07}
2014-10-15 20:17 - 2014-10-15 20:17 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{4602D628-636C-4925-9025-A79EC4DB85B7}
2014-10-14 20:17 - 2014-10-14 20:17 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{EA7FC297-9B56-40B4-A506-41099235249E}
2014-10-13 20:16 - 2014-10-13 20:16 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{38A43B5B-5222-4CF5-B1C3-D3F4286B72A2}
2014-10-12 10:40 - 2014-10-12 10:40 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{A2F9885C-A5A0-40EE-9FB2-11B4025F8F14}
2014-10-11 21:35 - 2014-10-11 21:36 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{7E7CA60B-05A3-4CE0-9EB3-386932AA22B1}
2014-10-11 09:34 - 2014-10-11 09:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{76A4C6D2-5469-41C4-A2C6-AAF6CA14E55F}
2014-10-10 21:34 - 2014-10-10 21:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{FDE4840D-4892-410C-9A6F-95DEAAF773DF}
2014-10-09 20:25 - 2014-10-09 20:26 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{F875C4D9-B078-4720-8BFA-7F06DFA9B7FF}
2014-10-08 20:35 - 2014-10-08 20:36 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{0E70DE85-A6DE-4C6F-B9FD-7EE163EDB625}
2014-10-07 20:13 - 2014-10-07 20:13 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{011C7B08-9364-4E54-B7BF-9AAD3F483EC0}
2014-10-06 20:14 - 2014-10-06 20:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{6CF0C233-F31C-4612-BB81-70A4B3621673}
2014-10-05 08:15 - 2014-10-05 08:15 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{8E45E986-A041-4892-92CB-8AD6A4BF4F99}
2014-10-05 07:21 - 2014-10-05 07:21 - 00000000 _____ () C:\Windows\SysWOW64\sho55E4.tmp
2014-10-04 20:14 - 2014-10-04 20:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{F9F7CBAD-D504-4AE8-8F27-AB007E9E3205}
2014-10-04 08:14 - 2014-10-04 08:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{FB6DDDBB-1A17-4C64-B236-B777C6D0CF7A}
2014-10-03 20:12 - 2014-10-03 20:13 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{4EECCE56-E845-4C7A-9AA4-4462CCD5D8B4}
C:\ProgramData\sysqcl1129139270.dat
Task: {2210219E-E9A0-4FB8-8355-07F59C16D841} - System32\Tasks\VisualBeeRecovery => C:\Users\Jeff\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe [2012-03-14] () <==== ATTENTION
*****************

Processes closed successfully.
"HKU\S-1-5-21-2318684821-694813368-435094682-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2318684821-694813368-435094682-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D1F19A0-09F6-4EC2-B265-E48808163BB0}" => Key deleted successfully.
"HKCR\CLSID\{0D1F19A0-09F6-4EC2-B265-E48808163BB0}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0D1F19A0-09F6-4EC2-B265-E48808163BB0}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0D1F19A0-09F6-4EC2-B265-E48808163BB0}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D1F19A0-09F6-4EC2-B265-E48808163BB0}" => Key deleted successfully.
"HKCR\CLSID\{0D1F19A0-09F6-4EC2-B265-E48808163BB0}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
"HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Jeff\AppData\Local\{F2B1B913-48CC-4D55-9271-0D97949E9413} => Moved successfully.
C:\Users\Jeff\AppData\Local\{766574E7-1705-40F3-9449-6279E2E88751} => Moved successfully.
C:\Users\Jeff\AppData\Local\{96938CA2-8DED-4886-BF73-24ADF896AD29} => Moved successfully.
C:\Users\Jeff\AppData\Local\{9C0566E5-5744-41FD-BCB6-BC47C6448046} => Moved successfully.
C:\Users\Jeff\AppData\Local\{EF74DA3D-FDED-4EEC-B0CE-BC247E9541C7} => Moved successfully.
C:\Users\Jeff\AppData\Local\{E7BC2147-3236-48D8-B0F4-5D1613CA456B} => Moved successfully.
C:\Windows\SysWOW64\sho449F.tmp => Moved successfully.
C:\Users\Jeff\AppData\Local\{11491873-D472-4736-BEDD-47129F8A893D} => Moved successfully.
C:\Users\Jeff\AppData\Local\{A7169280-B69D-4156-8452-C65383E414A1} => Moved successfully.
C:\Users\Jeff\AppData\Local\{FF0D0836-C5A6-4F3F-83C7-40136CD43162} => Moved successfully.
C:\Users\Jeff\AppData\Local\{D51081B2-F54F-459C-A973-6F5F06354E3F} => Moved successfully.
C:\Users\Jeff\AppData\Local\{58D0255F-2CE0-49A0-AF32-6E414F5DF2AA} => Moved successfully.
C:\Users\Jeff\AppData\Local\{46F78A17-620D-4326-977D-4730E80E9938} => Moved successfully.
C:\Users\Jeff\AppData\Local\{9C1F551F-95A2-4774-8FD0-AFB99DC23F07} => Moved successfully.
C:\Users\Jeff\AppData\Local\{4602D628-636C-4925-9025-A79EC4DB85B7} => Moved successfully.
C:\Users\Jeff\AppData\Local\{EA7FC297-9B56-40B4-A506-41099235249E} => Moved successfully.
C:\Users\Jeff\AppData\Local\{38A43B5B-5222-4CF5-B1C3-D3F4286B72A2} => Moved successfully.
C:\Users\Jeff\AppData\Local\{A2F9885C-A5A0-40EE-9FB2-11B4025F8F14} => Moved successfully.
C:\Users\Jeff\AppData\Local\{7E7CA60B-05A3-4CE0-9EB3-386932AA22B1} => Moved successfully.
C:\Users\Jeff\AppData\Local\{76A4C6D2-5469-41C4-A2C6-AAF6CA14E55F} => Moved successfully.
C:\Users\Jeff\AppData\Local\{FDE4840D-4892-410C-9A6F-95DEAAF773DF} => Moved successfully.
C:\Users\Jeff\AppData\Local\{F875C4D9-B078-4720-8BFA-7F06DFA9B7FF} => Moved successfully.
C:\Users\Jeff\AppData\Local\{0E70DE85-A6DE-4C6F-B9FD-7EE163EDB625} => Moved successfully.
C:\Users\Jeff\AppData\Local\{011C7B08-9364-4E54-B7BF-9AAD3F483EC0} => Moved successfully.
C:\Users\Jeff\AppData\Local\{6CF0C233-F31C-4612-BB81-70A4B3621673} => Moved successfully.
C:\Users\Jeff\AppData\Local\{8E45E986-A041-4892-92CB-8AD6A4BF4F99} => Moved successfully.
C:\Windows\SysWOW64\sho55E4.tmp => Moved successfully.
C:\Users\Jeff\AppData\Local\{F9F7CBAD-D504-4AE8-8F27-AB007E9E3205} => Moved successfully.
C:\Users\Jeff\AppData\Local\{FB6DDDBB-1A17-4C64-B236-B777C6D0CF7A} => Moved successfully.
C:\Users\Jeff\AppData\Local\{4EECCE56-E845-4C7A-9AA4-4462CCD5D8B4} => Moved successfully.
C:\ProgramData\sysqcl1129139270.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2210219E-E9A0-4FB8-8355-07F59C16D841}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2210219E-E9A0-4FB8-8355-07F59C16D841}" => Key deleted successfully.
C:\Windows\System32\Tasks\VisualBeeRecovery => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBeeRecovery" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Jeff (administrator) on JEFF-HP on 02-11-2014 11:02:09
Running from C:\Users\Jeff\Desktop
Loaded Profile: Jeff (Available profiles: Jeff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Magellan Navigation, Inc.) C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-01-23] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe [577792 2010-02-22] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [EPSON096A97] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [Epson Stylus NX510(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-07-10] (The Weather Channel)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [VantagePointLite.exe] => C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe [171520 2013-06-18] (Magellan Navigation, Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\MountPoints2: {4275c7ab-1086-11e0-8346-806e6f6e6963} - E:\win32\autorun\m4ck.exe
Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
ShortcutTarget: Registration .LNK -> C:\Program Files (x86)\UBISOFT\Myst IV - Revelation\support\register\na\RegistrationReminder.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=bdt3&ocid=bdtdhp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.claro-search.com/?q={searchTerms}&affID=116293&tt=4112_3&babsrc=SP_clro&mntrId=e24b91780000000000002eac4cb7143c
SearchScopes: HKCU - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Claro LTD Helper Object -> {000F18F2-09EB-4A59-82B2-5AE4184C39C3} -> C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-11-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014-05-18]

Chrome:
=======
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-08-10]
CHR Extension: (Norton Identity Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-07]
CHR Extension: (SWOOOP) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblimahfbhdcengjfbdpdngcfcghladf [2014-08-10]
CHR Extension: (Skype Click to Call) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-05]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-18]
CHR Extension: (SiriusXM) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbdoippffioahmjdapnadeelifajhco [2014-08-10]
CHR Extension: (Google Wallet) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (9-Ball Pool) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\oafdgpdaojfjhcolidaakebmnbibdbpb [2014-08-10]
CHR Extension: (Vid-Saver) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc [2012-10-10]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [pgmfkblbflahhponhjmkcnpjinenhlnc] - C:\Users\Jeff\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx [2012-09-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [45312 2010-02-22] (NewTech Infosystems, Inc.)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141101.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141101.003\ENG64.SYS [129752 2014-10-11] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141101.003\EX64.SYS [2137304 2014-10-11] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 11:02 - 2014-11-02 11:04 - 00024363 _____ () C:\Users\Jeff\Desktop\FRST.txt
2014-11-02 10:40 - 2014-11-02 10:40 - 02114560 _____ (Farbar) C:\Users\Jeff\Desktop\FRST64.exe
2014-11-02 10:04 - 2014-11-02 10:04 - 40034920 ____T () C:\Windows\SysWOW64\00003117.tmp
2014-11-02 10:04 - 2014-11-02 10:04 - 40034920 ____T () C:\Windows\SysWOW64\00001598.tmp
2014-11-02 08:56 - 2014-11-02 11:02 - 00000000 ____D () C:\FRST
2014-11-01 19:59 - 2014-11-01 19:59 - 00007414 _____ () C:\Users\Jeff\Desktop\attach.txt
2014-11-01 19:59 - 2014-11-01 19:58 - 00024779 _____ () C:\Users\Jeff\Desktop\dds.txt
2014-10-27 20:35 - 2014-10-27 20:35 - 32601272 _____ (Microsoft Corporation) C:\Users\Jeff\Downloads\Windows-KB890830-x64-V5.17.exe
2014-10-25 14:40 - 2014-10-25 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-10-25 14:40 - 2014-10-25 14:40 - 00000000 ____D () C:\Users\Administrator
2014-10-19 19:25 - 2014-10-19 19:25 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-19 19:25 - 2014-10-19 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\Program Files\iTunes
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-19 19:24 - 2014-10-19 19:24 - 00000000 ____D () C:\Program Files\iPod
2014-10-19 12:59 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 12:59 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-19 12:59 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-19 12:59 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-19 12:59 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-19 12:59 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 12:59 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 12:59 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 12:59 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 12:59 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-19 12:59 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 12:59 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 12:59 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 12:59 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 12:59 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 12:59 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 12:59 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 12:59 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 12:59 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 12:59 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 12:59 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-19 12:59 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 12:59 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 12:59 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 12:59 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-19 12:59 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 12:59 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 12:59 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-19 12:59 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 12:59 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-19 12:59 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 12:59 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-19 12:59 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-19 12:59 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-19 12:59 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-19 12:59 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-19 12:59 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-19 12:59 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 12:59 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 12:59 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 12:59 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-19 12:59 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 12:59 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-19 12:59 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-19 12:59 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-19 12:59 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 12:59 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-19 12:59 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 12:59 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-19 12:59 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-19 12:59 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 12:59 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-19 12:58 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-19 12:58 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-19 12:58 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-19 12:58 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-19 12:58 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 12:58 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 12:58 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-19 12:58 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-19 12:58 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-19 12:58 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 12:58 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 12:57 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 12:57 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-19 12:57 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-19 12:57 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-19 12:57 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-19 12:56 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-19 12:56 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-19 12:56 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 12:56 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 12:45 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 12:45 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-05 07:32 - 2014-10-05 07:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-10-04 23:35 - 2014-10-04 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-04 23:31 - 2014-10-19 19:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 10:54 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 10:54 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 10:52 - 2009-07-13 22:13 - 00789658 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 10:51 - 2010-10-20 01:48 - 01176558 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 10:46 - 2011-09-10 19:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 10:46 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 10:46 - 2009-07-13 21:51 - 00100745 _____ () C:\Windows\setupact.log
2014-11-02 10:21 - 2011-09-10 19:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 22:27 - 2010-12-31 20:38 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6794F8C3-98D5-4D21-9237-E909E4BD6877}
2014-10-30 19:41 - 2011-06-08 21:37 - 00000000 ___HD () C:\Users\Jeff\AppData\Local\CrashDumps
2014-10-29 21:24 - 2014-09-12 14:12 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJeff
2014-10-29 21:24 - 2014-09-12 14:12 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJeff.job
2014-10-29 20:23 - 2012-09-03 19:29 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 20:06 - 2010-12-25 17:23 - 00653146 _____ () C:\Windows\PFRO.log
2014-10-25 09:23 - 2011-11-06 17:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-25 09:23 - 2010-12-26 08:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-25 09:16 - 2011-09-10 19:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 09:16 - 2011-09-10 19:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 19:24 - 2010-12-26 07:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-19 14:59 - 2009-07-13 21:45 - 00280344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 14:54 - 2014-05-10 11:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-19 14:52 - 2010-12-25 18:15 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\SoftGrid Client
2014-10-19 13:13 - 2013-08-10 20:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-13 20:12 - 2010-12-25 10:42 - 00063104 ____H () C:\Users\Jeff\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-12 19:44 - 2011-01-16 20:13 - 09564160 _____ () C:\Users\Jeff\Desktop\Jeff's Quicken Data.QDF-backup
2014-10-05 07:32 - 2012-04-14 20:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-05 07:32 - 2011-05-13 20:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-05 07:24 - 2012-05-28 17:57 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-05 07:24 - 2011-02-26 11:28 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-05 07:23 - 2014-05-18 18:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-05 07:23 - 2011-02-26 11:29 - 00002279 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-05 07:23 - 2009-07-13 22:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-03 09:02 - 2011-01-09 12:26 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-04 22:36

==================== End Of Log ============================

 

 

Not sure if you need it or not but here is a new Addition.txt as well:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Jeff at 2014-11-02 11:04:50
Running from C:\Users\Jeff\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Claro LTD toolbar   (HKLM-x32\...\claro) (Version:  - Claro LTD) <==== ATTENTION
Comic Life (HKLM-x32\...\{6A1F0A1A-474C-4151-8534-5F61832D88CD}) (Version: 1.3.6 - plasq)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Myst IV - Revelation (HKLM-x32\...\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}) (Version: 1 - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 1.1.2.97 - NewTech Infosystems)
NTI Backup Now EZ (x32 Version: 1.1.2.97 - NewTech Infosystems) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.7.12055 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VantagePoint (HKLM-x32\...\InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}) (Version: 2.40.0000 - Magellan Navigation, Inc.)
VantagePoint (x32 Version: 2.40.0000 - Magellan Navigation, Inc.) Hidden
Vid-Saver (HKLM-x32\...\Vid-Saver) (Version: 1.23.151.151 - 215 Apps) <==== ATTENTION
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VisualBee for Microsoft PowerPoint (HKCU\...\VisualBee for Microsoft PowerPoint) (Version: V3.6 - VisualBee.com)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.5 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.4.15 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

04-10-2014 04:13:39 Norton 360 Registry Clean
19-10-2014 20:00:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D3C3EF2-053D-4415-A9DB-18C8B71FF7A2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {43BBB1F6-ACBF-40F3-9574-FCB32755EC4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {4855D2CF-85FA-441E-85D1-8B5C3BBC5B44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6CD78C0F-D092-49FE-BD1C-6BFBC7F6F0C6} - System32\Tasks\{6C67D252-3009-430C-BCF8-C1CFF14F03BE} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {77C26244-F4B0-44CB-A049-FA8D08D82781} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {7BFFBBB6-5081-4685-A93C-DE42DF12182D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {83B5D545-BE16-4689-8110-35F8C434726B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8DD88B82-E3E4-48CB-AE1D-7D19B48BCC3D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2318684821-694813368-435094682-1001
Task: {98DA701F-486C-4ACB-B8D8-3F16D18BF68A} - System32\Tasks\HPCeeScheduleForJeff => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B6066C4A-83D7-4264-A5F1-B57214E398C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BF223815-FB0B-4478-9AEF-E2A7A390124C} - System32\Tasks\{5B2F5122-6F6C-4AA5-98A7-5C645738191A} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=12002
Task: {C70D92CF-3A7B-40BA-A8BE-CEDD690D17AA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D86E820B-DAF1-416B-BD0E-880BF3D9C24C} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {E91E67F0-B1DA-4A03-B5CA-ADC5EEC53592} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EFC7F689-800C-4E86-B827-23CBF93D4475} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJeff.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-09-29 17:37 - 2008-09-29 17:37 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll
2009-04-09 17:25 - 2009-04-09 17:25 - 00049664 _____ () C:\Program Files (x86)\Magellan\VantagePoint\VPLite\RAPIWrapper.dll
2012-01-29 09:40 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2012-01-29 09:40 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-09-05 03:17 - 2014-09-05 10:55 - 00132808 _____ () C:\Users\Jeff\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2318684821-694813368-435094682-500 - Administrator - Disabled)
Guest (S-1-5-21-2318684821-694813368-435094682-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2318684821-694813368-435094682-1002 - Limited - Enabled)
Jeff (S-1-5-21-2318684821-694813368-435094682-1001 - Administrator - Enabled) => C:\Users\Jeff

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 08:57:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cbc

Start Time: 01cff6b43f566be6

Termination Time: 21

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/30/2014 08:56:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2584

Start Time: 01cff4ba2970cb74

Termination Time: 47

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/30/2014 07:41:28 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Bing Desktop Application because of this error.

Program: Bing Desktop Application
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (10/30/2014 07:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BingDesktop.exe, version: 1.3.470.0, time stamp: 0x538d5e95
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000096
Fault offset: 0x00048665
Faulting process id: 0x10d8
Faulting application start time: 0xBingDesktop.exe0
Faulting application path: BingDesktop.exe1
Faulting module path: BingDesktop.exe2
Report Id: BingDesktop.exe3

Error: (10/29/2014 07:35:22 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Bing Desktop Application because of this error.

Program: Bing Desktop Application
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (10/29/2014 07:35:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BingDesktop.exe, version: 1.3.470.0, time stamp: 0x538d5e95
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000096
Fault offset: 0x000485fe
Faulting process id: 0x128
Faulting application start time: 0xBingDesktop.exe0
Faulting application path: BingDesktop.exe1
Faulting module path: BingDesktop.exe2
Report Id: BingDesktop.exe3

Error: (10/25/2014 02:24:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TWCApp.exe version 7.5.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: df8

Start Time: 01cff0967f4279a0

Termination Time: 3617

Application Path: C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Report Id:

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7858988

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7858988

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (11/02/2014 10:47:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/02/2014 10:43:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/02/2014 10:43:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/02/2014 10:43:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Wireless Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2014 10:43:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/02/2014 10:43:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2014 10:43:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/02/2014 10:43:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2014 10:43:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RtVOsdService Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/02/2014 10:43:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (11/02/2014 08:57:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17344cbc01cff6b43f566be621C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/30/2014 08:56:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17344258401cff4ba2970cb7447C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/30/2014 07:41:28 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Bing Desktop Application000000000

Error: (10/30/2014 07:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BingDesktop.exe1.3.470.0538d5e95ole32.dll6.1.7601.175144ce7b96fc00000960004866510d801cff4b3f807cc71C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exeC:\Windows\syswow64\ole32.dll697cd585-60a7-11e4-869b-6431505d804d

Error: (10/29/2014 07:35:22 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Bing Desktop Application000000000

Error: (10/29/2014 07:35:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BingDesktop.exe1.3.470.0538d5e95ole32.dll6.1.7601.175144ce7b96fc0000096000485fe12801cff3e9d5bbe26bC:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exeC:\Windows\syswow64\ole32.dll64f0afb2-5fdd-11e4-9263-6431505d804d

Error: (10/25/2014 02:24:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TWCApp.exe7.5.3.0df801cff0967f4279a03617C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7858988

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7858988

Error: (10/25/2014 11:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: AMD Athlon™ II P340 Dual-Core Processor
Percentage of memory in use: 54%
Total physical RAM: 2810.9 MB
Available physical RAM: 1290.39 MB
Total Pagefile: 5619.98 MB
Available Pagefile: 3605.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.47 GB) (Free:172.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.32 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 82337274)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:45 PM

Posted 02 November 2014 - 01:26 PM

Hi,

Step 1

Please uninstall some programs:
  • Windows 7w7.png: Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:
                                     Claro LTD toolbar
                                          Vid-Saver
  • Reboot your computer.
Step 2

Please download and install mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif


Step 3


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 jdchandler514

jdchandler514
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 02 November 2014 - 06:09 PM

Here is the Malwarebytes log file.  Will send the ESET Online Scanner log once completed.

Note: Initially ran without Rootkits checked, but reran and came up with no threats: 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/2/2014
Scan Time: 11:58:20 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.02.05
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jeff

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344081
Time Elapsed: 34 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.Babylon.A, HKU\S-1-5-21-2318684821-694813368-435094682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [2cd1de582d4f9d9965bca705fe0434cc],
PUP.Optional.Claro.A, HKU\S-1-5-21-2318684821-694813368-435094682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}, Quarantined, [44b98caa7903ef476c3936742ed4827e],
PUP.Optional.Claro.A, HKU\S-1-5-21-2318684821-694813368-435094682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}, Quarantined, [44b98caa7903ef476c3936742ed4827e],
PUP.Optional.Claro.A, HKU\S-1-5-21-2318684821-694813368-435094682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}, Quarantined, [84795bdbdca084b2a8fc654521e147b9],
PUP.Optional.Claro.A, HKU\S-1-5-21-2318684821-694813368-435094682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}, Quarantined, [84795bdbdca084b2a8fc654521e147b9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2318684821-694813368-435094682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [50adcb6b5b21a4927a0ce5a722e27f81],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2318684821-694813368-435094682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [906d221480fc00361e3186cbfc0757a9],
PUP.Optional.Visualbee, HKU\S-1-5-21-2318684821-694813368-435094682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VisualBee for Microsoft PowerPoint, Quarantined, [e7162a0c77052412d4d410ea26dccd33],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\GuideFiles, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.VisualBee, C:\ProgramData\VisualBee, Quarantined, [3bc2a88e7507dd597308f3253bc8ef11],

Files: 774
PUP.Optional.Babylon.A, C:\ProgramData\VisualBee\VisualBeeSoftware.exe, Quarantined, [ea13d1657ffd86b027d875a9b14fc13f],
PUP.Optional.ArcadeYum.A, C:\Users\Jeff\Downloads\ArcadeYumGames.exe, Quarantined, [738a78be0775f244a902b21828d953ad],
PUP.Optional.Babylon.A, C:\Users\Jeff\AppData\Local\VisualBeeExe\MyBabylonTB.exe, Quarantined, [aa5368ce0e6e48eee41b7ca22cd49769],
PUP.Optional.CrossRider.A, C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0.localstorage-journal, Quarantined, [8f6ef73f76062115942960ee649f1be5],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\ClientComServices.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\ClientSoftwareUpdate.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\ClientUtilities.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\conduitinstaller.exe, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Demo.pptx, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\DocumentFormat.OpenXml.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Domain.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\IComService.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\IDBService.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Ionic.Zip.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Microsoft.Office.Interop.SmartTag.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Advisor.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Analysis.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Analyzer.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Builder.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Cleaner.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Database.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Designer.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Downloader.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Engine.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_EngineGlobals.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Extractor.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_ExtraGlobals.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_HunposHelper.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_ImageManipulator.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_MessageForm.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Presentation.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_SendLogFile.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Share.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_SmartArtLib.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_WordNetHelper.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_ZoomPanel.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\SlideShareAPI.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\uninst.exe, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VBeeAbout.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VBeeAccount.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VBeeClient.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VBeeClient.dll.config, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VBeeClient.dll.manifest, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VBeeClient.vsto, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VBeeEnhance.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VBeeLibrary.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VBeeMyLogo.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VBeeWebSearch.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\WordNetClasses.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\ISwUpdateService.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Design.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\N_Normalizer.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\adj.exc, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\adv.exc, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\cntlist, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\cntlist.rev, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\cygwin1.dll, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\data.adj, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\data.adv, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\data.noun, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\data.verb, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\english.model, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\frames.vrb, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\hunpos-tag.exe, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\index.adj, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\index.adv, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\index.noun, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\index.sense, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\index.verb, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\log.grind.2.1, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\noun.exc, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\sentidx.vrb, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\sents.vrb, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\verb.exc, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\Dic-Eng\verb.Framestext, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\GuideFiles\License.rtf, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\GuideFiles\ProcessGuide.rtf, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeExe\GuideFiles\SelectSlidesGuide.rtf, Quarantined, [e7162a0c77052412d4d410ea26dccd33],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 colors 01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 colors 01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 colors 01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 05_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 05_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 05_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 06_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 06_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 06_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 07_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 07_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 08_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 08_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 08_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_blue_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_blue_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_blue_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_book_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_book_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_book_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_pink_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_pink_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_pink_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\3 Colors 07_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\BaloonGirl_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\BaloonGirl_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\BaloonGirl_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ChineseDoll_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ChineseDoll_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ChineseDoll_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Christmas1_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Christmas1_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Christmas1_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Christmas2_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Christmas2_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Christmas2_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics05_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics05_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics05_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics06_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics06_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Comics06_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Classic_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Classic_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Classic_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Desert_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Desert_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Desert_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Earth_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Earth_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Earth_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Flower_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Flower_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Flower_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Sky_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Sky_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Sky_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Sport_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Sport_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Sport_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Urban_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Urban_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Guga_Urban_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\HandShake_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\HandShake_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\HandShake_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_A_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_A_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_A_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_B_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_B_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_B_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_C_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_C_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_C_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_D_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_D_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Large_title_D_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\logo.png, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Painting_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Painting_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Painting_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Background.png, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Background_v35.png, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy1.png, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy2.png, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy3.png, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ShipsComing_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ShipsComing_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ShipsComing_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Simple 04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\SunFlower_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\SunFlower_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\SunFlower_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T105_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T105_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T105_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T107_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T107_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T107_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T109_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T109_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T109_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T115_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T115_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T115_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T116_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T116_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T116_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T119_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T119_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T119_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T120_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T120_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T120_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T121_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T121_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T121_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T202_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T202_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T202_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T203_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T203_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T203_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T205_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T205_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T205_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T207_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T207_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T207_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T211_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T211_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T211_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T213_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T213_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T213_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T218_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T218_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T218_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T219_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T219_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T219_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T220_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T220_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T220_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T301_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T301_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T301_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T302_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T302_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T302_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T303_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T303_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T303_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T304_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T304_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T304_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T305_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T305_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T305_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T306_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T306_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T306_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T307_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T307_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T307_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T308_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T308_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T308_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T309_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T309_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T309_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T311_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T311_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T311_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T312_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T312_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T312_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T313_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T313_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T313_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T314_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T314_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T314_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T316_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T316_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T316_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T317_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T317_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T317_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T318_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T318_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T318_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T319_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T319_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T319_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T320_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T320_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T320_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T322_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T322_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T322_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T324_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T324_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T324_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T325_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T325_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T325_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T326_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T326_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T326_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T327_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T327_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\T327_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Teenage_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Teenage_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp05_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp05_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp05_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp06_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp06_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp06_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp07_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp07_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp08_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp08_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp08_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp09_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp09_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp09_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp10_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp10_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp10_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp11_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp11_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp11_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp12_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp12_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp12_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Teenage_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp07_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp13_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp18_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11E_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11J_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\VisualBeeLogo.png, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y103_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y307_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y319_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y327_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp13_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp13_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp14_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp14_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp14_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp15_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp15_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp15_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp16_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp16_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp16_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp17_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp17_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp17_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp18_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp18_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp19_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp19_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp19_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp20_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp20_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ThinkUp20_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11A_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11A_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11A_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11B_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11B_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11B_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11C_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11C_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11C_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11D_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11D_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11D_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11E_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11E_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11F_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11F_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11F_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11G_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11G_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11G_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11H_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11H_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11H_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11I_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11I_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11I_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11J_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11J_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11K_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11K_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11K_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11L_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11L_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11L_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11M_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11M_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11M_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11N_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11N_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Typo11N_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Watching_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Watching_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Watching_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\WeddingSoon_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\WeddingSoon_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\WeddingSoon_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\WindGirl_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\WindGirl_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\WindGirl_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y101_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y101_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y101_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y103_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y103_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y305_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y305_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y305_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y306_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y306_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y306_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y307_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y307_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y308_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y308_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y308_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y312_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y312_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y312_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y319_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y319_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y323_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y323_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y323_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y324_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y324_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y324_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y327_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y327_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y330_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y330_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y330_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y332_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y332_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y332_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y333_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y333_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y333_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y335_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y335_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y335_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y336_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y336_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\Y336_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplate_Background.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\myTemplate_Button.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_smart.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_text.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_thumb.jpg, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\checksum.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\Layouts.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\LayoutsSchema.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\PublicImages.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\PublicImagesKeywords.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\PublicImagesKeywordsSchema.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\PublicImagesSchema.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\Schemes.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\SchemesSchema.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\Slides.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\SlidesKeywords.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\SlidesKeywordsSchema.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.Visualbee, C:\Users\Jeff\AppData\Local\VisualBeeClient\LocalDB\SlidesSchema.vdb, Quarantined, [e419320478044aec4a5fa555b64c1ee2],
PUP.Optional.VisualBee, C:\ProgramData\VisualBee\VisualBeeDB.exe, Quarantined, [3bc2a88e7507dd597308f3253bc8ef11],

Physical Sectors: 0
(No malicious items detected)

(end)



#8 jdchandler514

jdchandler514
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 02 November 2014 - 07:35 PM

Didn't find the log file from ESET Online Scanner, but no threats were found.

 

Here are the logs from the FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Jeff (administrator) on JEFF-HP on 02-11-2014 17:23:21
Running from C:\Users\Jeff\Desktop
Loaded Profile: Jeff (Available profiles: Jeff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Magellan Navigation, Inc.) C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-01-23] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe [577792 2010-02-22] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [EPSON096A97] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [Epson Stylus NX510(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-07-10] (The Weather Channel)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [VantagePointLite.exe] => C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe [171520 2013-06-18] (Magellan Navigation, Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\MountPoints2: {4275c7ab-1086-11e0-8346-806e6f6e6963} - E:\win32\autorun\m4ck.exe
Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
ShortcutTarget: Registration .LNK -> C:\Program Files (x86)\UBISOFT\Myst IV - Revelation\support\register\na\RegistrationReminder.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=bdt3&ocid=bdtdhp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-11-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014-05-18]

Chrome:
=======
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-08-10]
CHR Extension: (Norton Identity Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-07]
CHR Extension: (SWOOOP) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblimahfbhdcengjfbdpdngcfcghladf [2014-08-10]
CHR Extension: (Skype Click to Call) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-05]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-18]
CHR Extension: (SiriusXM) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbdoippffioahmjdapnadeelifajhco [2014-08-10]
CHR Extension: (Google Wallet) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (9-Ball Pool) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\oafdgpdaojfjhcolidaakebmnbibdbpb [2014-08-10]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [45312 2010-02-22] (NewTech Infosystems, Inc.)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141101.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141101.003\ENG64.SYS [129752 2014-10-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141101.003\EX64.SYS [2137304 2014-10-11] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
U0 tackcy; C:\Windows\System32\drivers\jiegp.sys [79064 2014-11-02] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 13:25 - 2014-11-02 13:25 - 02347384 _____ (ESET) C:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe
2014-11-02 13:25 - 2014-11-02 13:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-02 12:36 - 2014-11-02 12:36 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jiegp.sys
2014-11-02 11:57 - 2014-11-02 12:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 11:57 - 2014-11-02 11:57 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 11:57 - 2014-11-02 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 11:57 - 2014-11-02 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 11:57 - 2014-11-02 11:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 11:57 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 11:57 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 11:57 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 11:04 - 2014-11-02 11:05 - 00033634 _____ () C:\Users\Jeff\Desktop\Addition.txt
2014-11-02 11:02 - 2014-11-02 17:24 - 00023620 _____ () C:\Users\Jeff\Desktop\FRST.txt
2014-11-02 10:40 - 2014-11-02 10:40 - 02114560 _____ (Farbar) C:\Users\Jeff\Desktop\FRST64.exe
2014-11-02 10:04 - 2014-11-02 10:04 - 40034920 ____T () C:\Windows\SysWOW64\00003117.tmp
2014-11-02 10:04 - 2014-11-02 10:04 - 40034920 ____T () C:\Windows\SysWOW64\00001598.tmp
2014-11-02 08:56 - 2014-11-02 17:23 - 00000000 ____D () C:\FRST
2014-11-01 19:59 - 2014-11-01 19:59 - 00007414 _____ () C:\Users\Jeff\Desktop\attach.txt
2014-11-01 19:59 - 2014-11-01 19:58 - 00024779 _____ () C:\Users\Jeff\Desktop\dds.txt
2014-10-27 20:35 - 2014-10-27 20:35 - 32601272 _____ (Microsoft Corporation) C:\Users\Jeff\Downloads\Windows-KB890830-x64-V5.17.exe
2014-10-25 14:40 - 2014-10-25 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-10-25 14:40 - 2014-10-25 14:40 - 00000000 ____D () C:\Users\Administrator
2014-10-19 19:25 - 2014-10-19 19:25 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-19 19:25 - 2014-10-19 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\Program Files\iTunes
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-19 19:24 - 2014-10-19 19:24 - 00000000 ____D () C:\Program Files\iPod
2014-10-19 12:59 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 12:59 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-19 12:59 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-19 12:59 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-19 12:59 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-19 12:59 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 12:59 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 12:59 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 12:59 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 12:59 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-19 12:59 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 12:59 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 12:59 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 12:59 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 12:59 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 12:59 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 12:59 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 12:59 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 12:59 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 12:59 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 12:59 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-19 12:59 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 12:59 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 12:59 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 12:59 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-19 12:59 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 12:59 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 12:59 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-19 12:59 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 12:59 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-19 12:59 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 12:59 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-19 12:59 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-19 12:59 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-19 12:59 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-19 12:59 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-19 12:59 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-19 12:59 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 12:59 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 12:59 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 12:59 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-19 12:59 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 12:59 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-19 12:59 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-19 12:59 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-19 12:59 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 12:59 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-19 12:59 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 12:59 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-19 12:59 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-19 12:59 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 12:59 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-19 12:58 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-19 12:58 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-19 12:58 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-19 12:58 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-19 12:58 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 12:58 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 12:58 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-19 12:58 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-19 12:58 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-19 12:58 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 12:58 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 12:57 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 12:57 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-19 12:57 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-19 12:57 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-19 12:57 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-19 12:56 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-19 12:56 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-19 12:56 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 12:56 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 12:45 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 12:45 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-05 07:32 - 2014-10-05 07:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-10-04 23:35 - 2014-10-04 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-04 23:31 - 2014-10-19 19:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 17:21 - 2011-09-10 19:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 16:17 - 2010-10-20 01:48 - 01199402 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 16:06 - 2010-12-31 20:38 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6794F8C3-98D5-4D21-9237-E909E4BD6877}
2014-11-02 13:45 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 13:45 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 11:46 - 2009-07-13 22:13 - 00789658 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 11:42 - 2011-06-08 21:37 - 00000000 ___HD () C:\Users\Jeff\AppData\Local\CrashDumps
2014-11-02 11:41 - 2011-09-10 19:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 11:41 - 2010-12-25 17:23 - 00653710 _____ () C:\Windows\PFRO.log
2014-11-02 11:41 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 11:41 - 2009-07-13 21:51 - 00100801 _____ () C:\Windows\setupact.log
2014-10-29 21:24 - 2014-09-12 14:12 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJeff
2014-10-29 21:24 - 2014-09-12 14:12 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJeff.job
2014-10-29 20:23 - 2012-09-03 19:29 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 09:23 - 2011-11-06 17:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-25 09:23 - 2010-12-26 08:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-25 09:16 - 2011-09-10 19:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 09:16 - 2011-09-10 19:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 19:24 - 2010-12-26 07:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-19 14:59 - 2009-07-13 21:45 - 00280344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 14:54 - 2014-05-10 11:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-19 14:52 - 2010-12-25 18:15 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\SoftGrid Client
2014-10-19 13:13 - 2013-08-10 20:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-13 20:12 - 2010-12-25 10:42 - 00063104 ____H () C:\Users\Jeff\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-12 19:44 - 2011-01-16 20:13 - 09564160 _____ () C:\Users\Jeff\Desktop\Jeff's Quicken Data.QDF-backup
2014-10-05 07:32 - 2012-04-14 20:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-05 07:32 - 2011-05-13 20:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-05 07:24 - 2012-05-28 17:57 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-05 07:24 - 2011-02-26 11:28 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-05 07:23 - 2014-05-18 18:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-05 07:23 - 2011-02-26 11:29 - 00002279 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-05 07:23 - 2009-07-13 22:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-03 09:02 - 2011-01-09 12:26 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-04 22:36

==================== End Of Log ============================

 

 

 

 

 

Additional.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Jeff at 2014-11-02 17:25:22
Running from C:\Users\Jeff\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Comic Life (HKLM-x32\...\{6A1F0A1A-474C-4151-8534-5F61832D88CD}) (Version: 1.3.6 - plasq)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Myst IV - Revelation (HKLM-x32\...\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}) (Version: 1 - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 1.1.2.97 - NewTech Infosystems)
NTI Backup Now EZ (x32 Version: 1.1.2.97 - NewTech Infosystems) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.7.12055 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VantagePoint (HKLM-x32\...\InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}) (Version: 2.40.0000 - Magellan Navigation, Inc.)
VantagePoint (x32 Version: 2.40.0000 - Magellan Navigation, Inc.) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.5 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.4.15 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

04-10-2014 04:13:39 Norton 360 Registry Clean
19-10-2014 20:00:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D3C3EF2-053D-4415-A9DB-18C8B71FF7A2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {43BBB1F6-ACBF-40F3-9574-FCB32755EC4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {4855D2CF-85FA-441E-85D1-8B5C3BBC5B44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6CD78C0F-D092-49FE-BD1C-6BFBC7F6F0C6} - System32\Tasks\{6C67D252-3009-430C-BCF8-C1CFF14F03BE} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {77C26244-F4B0-44CB-A049-FA8D08D82781} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {7BFFBBB6-5081-4685-A93C-DE42DF12182D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {83B5D545-BE16-4689-8110-35F8C434726B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8DD88B82-E3E4-48CB-AE1D-7D19B48BCC3D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2318684821-694813368-435094682-1001
Task: {98DA701F-486C-4ACB-B8D8-3F16D18BF68A} - System32\Tasks\HPCeeScheduleForJeff => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B6066C4A-83D7-4264-A5F1-B57214E398C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BF223815-FB0B-4478-9AEF-E2A7A390124C} - System32\Tasks\{5B2F5122-6F6C-4AA5-98A7-5C645738191A} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=12002
Task: {C70D92CF-3A7B-40BA-A8BE-CEDD690D17AA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D86E820B-DAF1-416B-BD0E-880BF3D9C24C} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {E91E67F0-B1DA-4A03-B5CA-ADC5EEC53592} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EFC7F689-800C-4E86-B827-23CBF93D4475} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJeff.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-09-29 17:37 - 2008-09-29 17:37 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll
2009-04-09 17:25 - 2009-04-09 17:25 - 00049664 _____ () C:\Program Files (x86)\Magellan\VantagePoint\VPLite\RAPIWrapper.dll
2012-01-29 09:40 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2012-01-29 09:40 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-09-05 03:17 - 2014-09-05 10:55 - 00132808 _____ () C:\Users\Jeff\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2318684821-694813368-435094682-500 - Administrator - Disabled)
Guest (S-1-5-21-2318684821-694813368-435094682-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2318684821-694813368-435094682-1002 - Limited - Enabled)
Jeff (S-1-5-21-2318684821-694813368-435094682-1001 - Administrator - Enabled) => C:\Users\Jeff

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 05:16:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 05:16:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 05:16:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 01:26:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 01:26:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 01:26:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 01:25:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 01:25:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 01:25:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 01:25:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (11/02/2014 11:42:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/02/2014 10:47:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/02/2014 10:43:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/02/2014 10:43:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/02/2014 10:43:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Wireless Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2014 10:43:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/02/2014 10:43:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2014 10:43:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/02/2014 10:43:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2014 10:43:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RtVOsdService Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (11/02/2014 05:16:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe

Error: (11/02/2014 05:16:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe

Error: (11/02/2014 05:16:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe

Error: (11/02/2014 01:26:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe

Error: (11/02/2014 01:26:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe

Error: (11/02/2014 01:26:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe

Error: (11/02/2014 01:25:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe

Error: (11/02/2014 01:25:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe

Error: (11/02/2014 01:25:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe

Error: (11/02/2014 01:25:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe

==================== Memory info ===========================

Processor: AMD Athlon™ II P340 Dual-Core Processor
Percentage of memory in use: 64%
Total physical RAM: 2810.9 MB
Available physical RAM: 987.71 MB
Total Pagefile: 5619.98 MB
Available Pagefile: 3084.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.47 GB) (Free:171.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.32 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 82337274)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:45 PM

Posted 03 November 2014 - 03:40 AM

Step 1

frst.pngfrstsearch.png
  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
log.txt
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 jdchandler514

jdchandler514
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 05 November 2014 - 12:15 AM

Sorry haven't gotten back in a couple of days.  Life, work and a busted water heater have distracted me.

 

Reran the ESET Online Scanner and one threat was found, here's the log file:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=43fa95090bd78746a12c8e939473d417
# engine=20918
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-05 04:58:24
# local_time=2014-11-04 09:58:24 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 0 165739599 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 40110653 166706953 0 0
# scanned=330406
# found=1
# cleaned=0
# scan_time=15
sh=138511DCD0999BD1748447153EB7E870369B08F2 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Jeff\AppData\Local\Temp\1544\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUVPIF41\4ed143f4a60c5ad85e481a2b6225ca80fa5482f7[1].htm"

 

 



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:45 PM

Posted 05 November 2014 - 10:25 AM

Hi,

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 jdchandler514

jdchandler514
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 05 November 2014 - 11:59 PM

No more onslaughts of Com Surrogates eating up CPU resources.

Mainly a little concerned about possible "backdoors" that may have been created.

But computer seems to be running normally again.

Thank you very much for your assistance.

-jdc



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:45 PM

Posted 06 November 2014 - 06:51 AM

Hi,

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   50bytes   3 downloads


After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 jdchandler514

jdchandler514
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 07 November 2014 - 01:46 AM

Step 1:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Jeff at 2014-11-06 21:36:58 Run:2
Running from C:\Users\Jeff\Desktop
Loaded Profile: Jeff (Available profiles: Jeff)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
File: C:\Windows\SysWOW64\00001598.tmp
EmptyTemp:
*****************

========================= File: C:\Windows\SysWOW64\00001598.tmp ========================

MD5:
Creation and modification date: 2014-11-02 10:04 - 2014-11-02 10:04
Size: 40034920
Attributes: ---AT
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

EmptyTemp: => Removed 2.3 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

Step 2:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Jeff (administrator) on JEFF-HP on 06-11-2014 23:35:22
Running from C:\Users\Jeff\Desktop
Loaded Profile: Jeff (Available profiles: Jeff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Magellan Navigation, Inc.) C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-01-23] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe [577792 2010-02-22] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [EPSON096A97] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [Epson Stylus NX510(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-07-10] (The Weather Channel)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\Run: [VantagePointLite.exe] => C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe [171520 2013-06-18] (Magellan Navigation, Inc.)
HKU\S-1-5-21-2318684821-694813368-435094682-1001\...\MountPoints2: {4275c7ab-1086-11e0-8346-806e6f6e6963} - E:\win32\autorun\m4ck.exe
Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
ShortcutTarget: Registration .LNK -> C:\Program Files (x86)\UBISOFT\Myst IV - Revelation\support\register\na\RegistrationReminder.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=bdt3&ocid=bdtdhp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {36FC6F86-A524-40AF-B495-7B9BFEA41916} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {F26CD5EC-0443-45A7-AD20-B20D4BB0F67E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014-05-18]

Chrome:
=======
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-08-10]
CHR Extension: (Norton Identity Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-07]
CHR Extension: (SWOOOP) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblimahfbhdcengjfbdpdngcfcghladf [2014-08-10]
CHR Extension: (Skype Click to Call) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-05]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-18]
CHR Extension: (SiriusXM) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbdoippffioahmjdapnadeelifajhco [2014-08-10]
CHR Extension: (Google Wallet) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (9-Ball Pool) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\oafdgpdaojfjhcolidaakebmnbibdbpb [2014-08-10]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [45312 2010-02-22] (NewTech Infosystems, Inc.)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20141106.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141106.020\ENG64.SYS [129752 2014-10-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20141106.020\EX64.SYS [2137304 2014-10-11] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 23:33 - 2014-11-06 23:35 - 00023330 _____ () C:\Users\Jeff\Desktop\FRST.txt
2014-11-06 21:30 - 2014-11-06 21:30 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{633CD0C2-7D35-4413-9447-D95F5412C746}
2014-11-05 21:24 - 2014-11-05 21:24 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{7BA28D27-17F6-4781-B3AA-40ACBA082640}
2014-11-04 22:08 - 2014-11-04 22:08 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{C6C46D79-0D5C-4834-A896-015C725DC253}
2014-11-04 10:07 - 2014-11-04 10:08 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{587BADD0-70E7-4342-920B-EC38C5F3B9B7}
2014-11-03 21:30 - 2014-11-03 21:30 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{0C8BD1D6-44D9-4A6C-85F6-C2261ABDAE90}
2014-11-02 20:34 - 2014-11-02 20:34 - 00000000 ____D () C:\Users\Jeff\AppData\Local\{81AAAFD6-B88E-46E9-880D-50C142628181}
2014-11-02 18:06 - 2014-11-02 18:06 - 00000000 _____ () C:\Windows\SysWOW64\sho797A.tmp
2014-11-02 13:25 - 2014-11-02 13:25 - 02347384 _____ (ESET) C:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe
2014-11-02 13:25 - 2014-11-02 13:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-02 11:57 - 2014-11-02 12:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 11:57 - 2014-11-02 11:57 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 11:57 - 2014-11-02 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 11:57 - 2014-11-02 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 11:57 - 2014-11-02 11:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 11:57 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 11:57 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 11:57 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 10:40 - 2014-11-02 10:40 - 02114560 _____ (Farbar) C:\Users\Jeff\Desktop\FRST64.exe
2014-11-02 10:04 - 2014-11-02 10:04 - 40034920 ____T () C:\Windows\SysWOW64\00003117.tmp
2014-11-02 08:56 - 2014-11-06 23:35 - 00000000 ____D () C:\FRST
2014-10-27 20:35 - 2014-10-27 20:35 - 32601272 _____ (Microsoft Corporation) C:\Users\Jeff\Downloads\Windows-KB890830-x64-V5.17.exe
2014-10-25 14:40 - 2014-10-25 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-10-25 14:40 - 2014-10-25 14:40 - 00000000 ____D () C:\Users\Administrator
2014-10-19 19:25 - 2014-10-19 19:25 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-19 19:25 - 2014-10-19 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\Program Files\iTunes
2014-10-19 19:24 - 2014-10-19 19:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-19 19:24 - 2014-10-19 19:24 - 00000000 ____D () C:\Program Files\iPod
2014-10-19 12:59 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 12:59 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-19 12:59 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-19 12:59 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-19 12:59 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-19 12:59 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-19 12:59 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 12:59 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 12:59 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 12:59 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 12:59 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-19 12:59 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 12:59 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 12:59 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 12:59 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 12:59 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 12:59 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 12:59 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 12:59 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 12:59 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 12:59 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 12:59 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-19 12:59 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 12:59 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 12:59 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 12:59 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-19 12:59 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 12:59 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 12:59 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-19 12:59 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-19 12:59 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 12:59 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-19 12:59 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 12:59 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-19 12:59 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-19 12:59 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-19 12:59 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-19 12:59 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-19 12:59 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-19 12:59 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 12:59 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 12:59 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 12:59 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-19 12:59 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 12:59 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-19 12:59 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-19 12:59 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-19 12:59 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 12:59 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-19 12:59 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 12:59 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-19 12:59 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-19 12:59 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 12:59 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-19 12:58 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-19 12:58 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-19 12:58 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-19 12:58 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-19 12:58 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 12:58 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 12:58 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 12:58 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-19 12:58 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-19 12:58 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-19 12:58 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 12:58 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 12:57 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 12:57 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-19 12:57 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-19 12:57 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-19 12:57 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-19 12:57 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-19 12:57 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-19 12:56 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-19 12:56 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-19 12:56 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 12:56 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-19 12:56 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 12:45 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 12:45 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 23:21 - 2011-09-10 19:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 22:47 - 2009-07-13 22:13 - 00789658 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 22:46 - 2010-10-20 01:48 - 01293726 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 22:33 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 22:33 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 22:25 - 2014-09-12 14:12 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJeff
2014-11-06 22:25 - 2014-09-12 14:12 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJeff.job
2014-11-06 22:22 - 2011-09-10 19:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 22:22 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 22:22 - 2009-07-13 21:51 - 00101081 _____ () C:\Windows\setupact.log
2014-11-06 22:21 - 2010-12-25 17:23 - 00878370 _____ () C:\Windows\PFRO.log
2014-11-06 21:25 - 2010-12-31 20:38 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6794F8C3-98D5-4D21-9237-E909E4BD6877}
2014-11-05 21:21 - 2011-06-08 21:37 - 00000000 ___HD () C:\Users\Jeff\AppData\Local\CrashDumps
2014-11-02 21:31 - 2010-12-25 18:15 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\SoftGrid Client
2014-11-02 21:30 - 2011-01-16 20:13 - 09633792 _____ () C:\Users\Jeff\Desktop\Jeff's Quicken Data.QDF-backup
2014-10-29 20:23 - 2012-09-03 19:29 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 09:23 - 2011-11-06 17:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-25 09:23 - 2010-12-26 08:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-25 09:16 - 2011-09-10 19:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 09:16 - 2011-09-10 19:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 19:24 - 2014-10-04 23:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-19 19:24 - 2010-12-26 07:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-19 14:59 - 2009-07-13 21:45 - 00280344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 14:54 - 2014-05-10 11:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-19 13:13 - 2013-08-10 20:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-13 20:12 - 2010-12-25 10:42 - 00063104 ____H () C:\Users\Jeff\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-04 22:36

==================== End Of Log ============================

 

 

If you need it, here's the addition.txt as well:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Jeff at 2014-11-06 23:36:33
Running from C:\Users\Jeff\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Comic Life (HKLM-x32\...\{6A1F0A1A-474C-4151-8534-5F61832D88CD}) (Version: 1.3.6 - plasq)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Myst IV - Revelation (HKLM-x32\...\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}) (Version: 1 - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 1.1.2.97 - NewTech Infosystems)
NTI Backup Now EZ (x32 Version: 1.1.2.97 - NewTech Infosystems) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.7.12055 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VantagePoint (HKLM-x32\...\InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}) (Version: 2.40.0000 - Magellan Navigation, Inc.)
VantagePoint (x32 Version: 2.40.0000 - Magellan Navigation, Inc.) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.5 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.4.15 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

04-10-2014 04:13:39 Norton 360 Registry Clean
19-10-2014 20:00:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D3C3EF2-053D-4415-A9DB-18C8B71FF7A2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {43BBB1F6-ACBF-40F3-9574-FCB32755EC4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {4855D2CF-85FA-441E-85D1-8B5C3BBC5B44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6CD78C0F-D092-49FE-BD1C-6BFBC7F6F0C6} - System32\Tasks\{6C67D252-3009-430C-BCF8-C1CFF14F03BE} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {77C26244-F4B0-44CB-A049-FA8D08D82781} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {7BFFBBB6-5081-4685-A93C-DE42DF12182D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {83B5D545-BE16-4689-8110-35F8C434726B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8DD88B82-E3E4-48CB-AE1D-7D19B48BCC3D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2318684821-694813368-435094682-1001
Task: {98DA701F-486C-4ACB-B8D8-3F16D18BF68A} - System32\Tasks\HPCeeScheduleForJeff => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B6066C4A-83D7-4264-A5F1-B57214E398C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BF223815-FB0B-4478-9AEF-E2A7A390124C} - System32\Tasks\{5B2F5122-6F6C-4AA5-98A7-5C645738191A} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=12002
Task: {C70D92CF-3A7B-40BA-A8BE-CEDD690D17AA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D86E820B-DAF1-416B-BD0E-880BF3D9C24C} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {E91E67F0-B1DA-4A03-B5CA-ADC5EEC53592} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EFC7F689-800C-4E86-B827-23CBF93D4475} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJeff.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-09-29 17:37 - 2008-09-29 17:37 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll
2009-04-09 17:25 - 2009-04-09 17:25 - 00049664 _____ () C:\Program Files (x86)\Magellan\VantagePoint\VPLite\RAPIWrapper.dll
2012-01-29 09:40 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2012-01-29 09:40 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-09-05 03:17 - 2014-09-05 10:55 - 00132808 _____ () C:\Users\Jeff\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2318684821-694813368-435094682-500 - Administrator - Disabled)
Guest (S-1-5-21-2318684821-694813368-435094682-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2318684821-694813368-435094682-1002 - Limited - Enabled)
Jeff (S-1-5-21-2318684821-694813368-435094682-1001 - Administrator - Enabled) => C:\Users\Jeff

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 11:35:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 2.11.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b88

Start Time: 01cffa54b5a2ec54

Termination Time: 17

Application Path: C:\Users\Jeff\Desktop\FRST64.exe

Report Id: 239e6a23-6648-11e4-93c7-6431505d804d

Error: (11/06/2014 10:42:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2636

Error: (11/06/2014 10:42:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2636

Error: (11/06/2014 10:42:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 10:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061

Error: (11/06/2014 10:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1061

Error: (11/06/2014 10:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/05/2014 09:21:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BingDesktop.exe, version: 1.3.470.0, time stamp: 0x538d5e95
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0004866a
Faulting process id: 0x10b8
Faulting application start time: 0xBingDesktop.exe0
Faulting application path: BingDesktop.exe1
Faulting module path: BingDesktop.exe2
Report Id: BingDesktop.exe3

Error: (11/04/2014 10:01:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2014 09:09:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19650276

System errors:
=============
Error: (11/06/2014 10:23:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/06/2014 09:22:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/05/2014 10:26:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/05/2014 09:19:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/04/2014 09:09:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (11/04/2014 04:11:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (11/03/2014 10:41:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hidserv service.

Error: (11/03/2014 09:25:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/02/2014 06:09:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/02/2014 11:42:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (11/06/2014 11:35:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe2.11.2014.01b8801cffa54b5a2ec5417C:\Users\Jeff\Desktop\FRST64.exe239e6a23-6648-11e4-93c7-6431505d804d

Error: (11/06/2014 10:42:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2636

Error: (11/06/2014 10:42:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2636

Error: (11/06/2014 10:42:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2014 10:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061

Error: (11/06/2014 10:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1061

Error: (11/06/2014 10:42:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/05/2014 09:21:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BingDesktop.exe1.3.470.0538d5e95ole32.dll6.1.7601.175144ce7b96fc00000050004866a10b801cff978e95d0813C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exeC:\Windows\syswow64\ole32.dll69ec0a69-656c-11e4-8372-6431505d804d

Error: (11/04/2014 10:01:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (11/04/2014 09:09:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19650276

==================== Memory info ===========================

Processor: AMD Athlon™ II P340 Dual-Core Processor
Percentage of memory in use: 66%
Total physical RAM: 2810.9 MB
Available physical RAM: 952.19 MB
Total Pagefile: 5619.98 MB
Available Pagefile: 3527.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.47 GB) (Free:174.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.32 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 82337274)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:45 PM

Posted 07 November 2014 - 05:23 AM

OK,
 
Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   938bytes   5 downloads
 
 
Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users