Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Odd Vosteran Issue


  • Please log in to reply
4 replies to this topic

#1 bockery

bockery

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 13 January 2015 - 06:02 PM

Hi all - 

 

I  read through other Vosteran threads, and followed as closely as I could.  I ran AdwCleaner, MBAM, MBAR, Temp File Cleaner, and Junkware Removal, as well as ESET.

 

Loads of items were quarantined, and I would think I was clean, but then something weird happened:

 

I downloaded WordPress and unzipped it to find that an html doc inside was described as a "Vosteran HTML Document."  Does this mean there is something these programs didn't find and that Vosteran messed with the download or the extraction? I don't know what to do next.  Anyone have any ideas?


Edited by bockery, 13 January 2015 - 06:05 PM.


BC AdBot (Login to Remove)

 


#2 bockery

bockery
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 14 January 2015 - 12:35 AM

Quick update - I was doing some more research on other Vosteran threads, and I was downloading SecurityCheck and Farbar Service Scanner.

 

The only download option for file type on the Farbar Service Scanner was "Vosteran HTML Document."

 

Is it just a nomenclature setting that was changed or am I going to do more harm downloading FSS?



#3 bockery

bockery
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 14 January 2015 - 02:56 AM

Here are my logs from Security Check, Farbar Service Scanner, MiniToolBox, MBAM, MBAR, and Rkill:

 

Security Check Log:

 

Results of screen317's Security Check version 0.99.93

Windows Vista Service Pack 2 x64 (UAC is enabled)

Internet Explorer 9

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Java™ 6 Update 22

Java™ 6 Update 3

Java™ 6 Update 7

Java version 32-bit out of Date!

Adobe Flash Player 15.0.0.246 Flash Player out of Date!

Adobe Reader 8

Adobe Reader XI

Mozilla Firefox (Firefox,. Firefox out of Date!

Google Chrome 37.0.2062.120 Google Chrome out of date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

mcafee VIRUSS~1 mcvsshld.exe

Malwarebytes Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

 

 

FSS Log:

 

Farbar Service Scanner Version: 21-07-2014

Ran by James (administrator) on 14-01-2015 at 02:12:44

Running from "C:\Users\James\Downloads"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcsvc.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

 

MiniToolBox Log:

 

MiniToolBox by Farbar Version: 30-11-2014

Ran by James (administrator) on 14-01-2015 at 02:19:09

Running from "C:\Users\James\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

========================= FF Proxy Settings: ==============================

 

========================= Hosts content: =================================

 

::1 localhost

 

127.0.0.1 localhost

 

========================= IP Configuration: ================================

 

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)

Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

Host Name . . . . . . . . . . . . : James-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home

 

Wireless LAN adapter Wireless Network Connection:

 

Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

Physical Address. . . . . . . . . : 00-21-5C-17-C7-A1

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::95a8:16a3:3af3:7a83%11(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Tuesday, January 13, 2015 5:15:18 PM

Lease Expires . . . . . . . . . . : Wednesday, January 14, 2015 5:15:16 PM

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DHCPv6 IAID . . . . . . . . . . . : 285221212

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-03-13-DC-00-1E-68-8A-4F-A2

DNS Servers . . . . . . . . . . . : 192.168.1.1

71.252.0.12

NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Local Area Connection:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : university.liberty.edu

Description . . . . . . . . . . . : Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller

Physical Address. . . . . . . . . : 00-1E-68-8A-4F-A2

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 6:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.university.liberty.edu

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 7:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.home

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 11:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 12:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 02-00-54-55-4E-01

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1802:d27:3f57:fefb(Preferred)

Link-local IPv6 Address . . . . . : fe80::1802:d27:3f57:fefb%15(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter Local Area Connection* 13:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.Isolation.liberty.edu

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 15:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : isatap.home

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: Wireless_Broadband_Router.home

Address: 192.168.1.1

 

Name: google.com

Addresses: 2607:f8b0:4004:801::1009

74.125.228.35

74.125.228.33

74.125.228.36

74.125.228.32

74.125.228.39

74.125.228.37

74.125.228.46

74.125.228.41

74.125.228.34

74.125.228.40

74.125.228.38

 

 

Pinging google.com [74.125.228.8] with 32 bytes of data:

Reply from 74.125.228.8: bytes=32 time=305ms TTL=250

General failure.

 

Ping statistics for 74.125.228.8:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 305ms, Maximum = 305ms, Average = 305ms

Server: Wireless_Broadband_Router.home

Address: 192.168.1.1

 

Name: yahoo.com

Addresses: 98.139.183.24

206.190.36.45

98.138.253.109

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=118ms TTL=244

General failure.

 

Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 118ms, Maximum = 118ms, Average = 118ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

11 ...00 21 5c 17 c7 a1 ...... Intel® Wireless WiFi Link 4965AGN
10 ...00 1e 68 8a 4f a2 ...... Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.university.liberty.edu
16 ...00 00 00 00 00 00 00 e0 isatap.home
12 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.Isolation.liberty.edu
17 ...00 00 00 00 00 00 00 e0 isatap.home
===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.4 281

192.168.1.4 255.255.255.255 On-link 192.168.1.4 281

192.168.1.255 255.255.255.255 On-link 192.168.1.4 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.4 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.4 281

===========================================================================

Persistent Routes:

None

 

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

15 18 ::/0 On-link

1 306 ::1/128 On-link

15 18 2001::/32 On-link

15 266 2001:0:9d38:6abd:1802:d27:3f57:fefb/128

On-link

11 281 fe80::/64 On-link

15 266 fe80::/64 On-link

15 266 fe80::1802:d27:3f57:fefb/128

On-link

11 281 fe80::95a8:16a3:3af3:7a83/128

On-link

1 306 ff00::/8 On-link

15 266 ff00::/8 On-link

11 281 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (01/14/2015 00:28:19 AM) (Source: MatSvc) (User: )

Description: The MATS service encountered a web service failure. hr=0x80072EFD

 

Error: (01/14/2015 00:23:43 AM) (Source: MatSvc) (User: )

Description: The MATS service encountered a web service failure. hr=0x80072EFD

 

Error: (01/14/2015 00:23:19 AM) (Source: MatSvc) (User: )

Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E

.

 

Error: (01/14/2015 00:23:19 AM) (Source: MatSvc) (User: )

Description: The MATS service encountered a web service failure. hr=0x80072EFD

 

Error: (01/13/2015 09:14:30 PM) (Source: MatSvc) (User: )

Description: The MATS service encountered a web service failure. hr=0x80072EFD

 

Error: (01/13/2015 09:09:32 PM) (Source: MatSvc) (User: )

Description: The MATS service encountered a web service failure. hr=0x80072EFD

 

Error: (01/13/2015 05:52:45 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

 

Error: (01/13/2015 05:16:21 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/13/2015 04:58:29 PM) (Source: MatSvc) (User: )

Description: The MATS service encountered a web service failure. hr=0x80072EFD

 

Error: (01/13/2015 04:53:18 PM) (Source: MatSvc) (User: )

Description: The MATS service encountered a web service failure. hr=0x80072EFD

 

 

System errors:

=============

Error: (01/13/2015 05:13:05 PM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (01/13/2015 02:32:03 PM) (Source: DCOM) (User: )

Description: {209500FC-6B45-4693-8871-6296C4843751}

 

Error: (01/13/2015 00:15:20 PM) (Source: Service Control Manager) (User: )

Description: HP Network Devices Support1

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

Date: 2015-01-14 01:46:57.074

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2015-01-14 01:46:56.099

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2015-01-14 01:46:55.106

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2015-01-13 22:04:00.707

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2015-01-13 22:03:59.643

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2015-01-13 22:03:58.659

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2015-01-13 22:03:57.584

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2015-01-13 17:59:37.549

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2015-01-13 17:59:36.500

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

Date: 2015-01-13 17:59:35.556

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

 

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 2.2.5 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (x32 Version: 2.2.5 - Hewlett-Packard) Hidden

AIO_CDB_ToolboxIni64 (Version: 82.0.242.000 - Hewlett-Packard) Hidden

AIO_CDB_ToolboxIni64 (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

Apple Mobile Device Support (HKLM-x32\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{C3BC9ECF-563E-33AF-FF45-1688C1800F18}) (Version: 3.0.657.0 - ATI Technologies, Inc.)

ATI Catalyst Install Manager (HKLM-x32\...\{C3BC9ECF-563E-33AF-FF45-1688C1800F18}) (Version: 3.0.657.0 - ATI Technologies, Inc.)

Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)

Bluetooth Stack for Windows by Toshiba (HKLM-x32\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bonjour (HKLM-x32\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

ccc-utility64 (Version: 2008.0109.2141.38743 - ATI) Hidden

ccc-utility64 (x32 Version: 2008.0109.2141.38743 - ATI) Hidden

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.6.0 - Conexant)

Conexant HD Audio (HKLM-x32\...\CNXT_AUDIO_HDA) (Version: 4.36.6.0 - Conexant)

Dropbox (HKCU\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)

Dropbox (HKCU-x32\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)

FM Tuner Utility (Version: 1.05.0000 - NXP Semiconductor Ltd.) Hidden

FM Tuner Utility (x32 Version: 1.05.0000 - NXP Semiconductor Ltd.) Hidden

HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)

HP Customer Participation Program 8.0 (HKLM-x32\...\HPExtendedCapabilities) (Version: 8.0 - HP)

HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)

HP Imaging Device Functions 8.0 (HKLM-x32\...\HP Imaging Device Functions) (Version: 8.0 - HP)

HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)

HP OCR Software 8.0 (HKLM-x32\...\HPOCR) (Version: 8.0 - HP)

HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)

HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM-x32\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)

HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)

HP Solution Center 8.0 (HKLM-x32\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)

Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\ProInst) (Version: 11.5.0000 - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )

Intel® Matrix Storage Manager (HKLM-x32\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )

iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)

iTunes (HKLM-x32\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)

Marvell Miniport Driver (HKLM\...\{5254156F-AA77-499A-B7C1-D5581D44E788}) (Version: 10.51.4.3 - Marvell)

Marvell Miniport Driver (HKLM-x32\...\{5254156F-AA77-499A-B7C1-D5581D44E788}) (Version: 10.51.4.3 - Marvell)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

mCore (Version: 11.02.0000 - Intel Corporation) Hidden

mCore (x32 Version: 11.02.0000 - Intel Corporation) Hidden

mCPlug (Version: 11.00.0000 - Intel Corporation) Hidden

mCPlug (x32 Version: 11.00.0000 - Intel Corporation) Hidden

mHelp (Version: 11.02.0000 - Intel) Hidden

mHelp (x32 Version: 11.02.0000 - Intel) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM-x32\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (x32 Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (x32 Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (x32 Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)

Microsoft Fix it Center (HKLM-x32\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM-x32\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM-x32\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM-x32\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM-x32\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden

mMHouse (x32 Version: 11.02.0000 - Intel Corporation) Hidden

MobileMe Control Panel (HKLM\...\{E78A769A-592F-4154-8277-07CC3BDCAAD8}) (Version: 2.6.0.35 - Apple Inc.)

MobileMe Control Panel (HKLM-x32\...\{E78A769A-592F-4154-8277-07CC3BDCAAD8}) (Version: 2.6.0.35 - Apple Inc.)

mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden

mPfMgr (x32 Version: 11.02.0000 - Intel Corporation) Hidden

NetDeviceManager64 (Version: 82.0.173.000 - Hewlett-Packard) Hidden

NetDeviceManager64 (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden

O2Micro Flash Memory Card Reader Driver (x64) (HKLM\...\{3F2B4DAD-88CB-4F5B-86B2-DF3384063EFA}) (Version: 3.21 - O2Micro)

O2Micro Flash Memory Card Reader Driver (x64) (HKLM-x32\...\{3F2B4DAD-88CB-4F5B-86B2-DF3384063EFA}) (Version: 3.21 - O2Micro)

Spotify (HKCU\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)

Spotify (HKCU-x32\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)

Synaptics Pointing Device Driver (HKLM-x32\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1a for x64 - TOSHIBA Corporation)

TOSHIBA Disc Creator (HKLM-x32\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1a for x64 - TOSHIBA Corporation)

TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden

TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: 1.01.00 - TOSHIBA Corporation) Hidden

TOSHIBA Face Recognition (Version: 1.0.3.64 - TOSHIBA) Hidden

TOSHIBA Face Recognition (x32 Version: 1.0.3.64 - TOSHIBA) Hidden

TOSHIBA Hardware Setup (Version: 3.00.01.00 - TOSHIBA) Hidden

TOSHIBA Hardware Setup (x32 Version: 3.00.01.00 - TOSHIBA) Hidden

TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.5 - TOSHIBA)

TOSHIBA SD Memory Utilities (HKLM-x32\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.5 - TOSHIBA)

TOSHIBA Supervisor Password (Version: 3.00.01.00 - TOSHIBA) Hidden

TOSHIBA Supervisor Password (x32 Version: 3.00.01.00 - TOSHIBA) Hidden

TOSHIBA Value Added Package (Version: 1.1.14.64 - TOSHIBA Corporation) Hidden

TOSHIBA Value Added Package (x32 Version: 1.1.14.64 - TOSHIBA Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (x32 Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

 

========================= Devices: ================================

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C7200 series

Description: Photosmart C7200 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet H470

Description: Officejet H470

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4500 series

Description: Photosmart C4500 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Deskjet 6980 series

Description: Deskjet 6980 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4500 series

Description: Photosmart C4500 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4380 series

Description: Photosmart C4380 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: psc 2500 series

Description: psc 2500 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: hp

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C4500 series

Description: Photosmart C4500 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart C5100 series

Description: Photosmart C5100 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 72%

Total physical RAM: 4093.48 MB

Available physical RAM: 1132.81 MB

Total Pagefile: 8362.24 MB

Available Pagefile: 5451.45 MB

Total Virtual: 4095.88 MB

Available Virtual: 4005.02 MB

 

========================= Partitions: =====================================

 

1 Drive c: (SQ004675V06) (Fixed) (Total:184.84 GB) (Free:79.49 GB) NTFS

2 Drive d: () (Fixed) (Total:186.31 GB) (Free:186.27 GB) NTFS

4 Drive g: (DAN SHEVEL) (Removable) (Total:3.73 GB) (Free:2.03 GB) FAT32

 

========================= Users: ========================================

 

User accounts for \\JAMES-PC

 

Administrator Guest James

 

========================= Restore Points ==================================

 

08-10-2014 19:05:46 Windows Update

12-10-2014 17:15:36 Windows Update

11-01-2015 03:24:19 Removed Microsoft Forefront Client Security Antimalware Service

11-01-2015 03:26:12 Removed Microsoft Forefront Client Security Antimalware Service

11-01-2015 03:28:36 Removed Microsoft Forefront Client Security State Assessment Service

11-01-2015 03:29:51 Removed League of Legends

11-01-2015 03:32:04 Removed Napster

11-01-2015 03:32:31 Removed Napster Burn Engine

11-01-2015 05:32:37 Removed Safari

11-01-2015 08:00:44 Windows Update

12-01-2015 20:49:00 Scheduled Checkpoint

14-01-2015 00:06:21 Scheduled Checkpoint

 

**** End of log ****

 

 

MBAM Log 1:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/12/2015

Scan Time: 11:30:18 PM

Logfile:

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.01.13.04

Rootkit Database: v2015.01.07.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x64

File System: NTFS

User: James

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 355571

Time Elapsed: 47 min, 14 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 3

PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [648491655b2eb284766928ba6a98d030],

PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [648491655b2eb284766928ba6a98d030],

PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\vosteran.exe, Quarantined, [18d0da1ccebb1b1b3d929ece6c9710f0],

 

Registry Values: 1

PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [7a6e52a47d0cf83e8e4312de5ea64bb5]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 195

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Roaming\WSE_Vosteran, Delete-on-Reboot, [00e8f402ea9fa98d46e81d463ec55ca4],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Roaming\WSE_Vosteran\icons_3.7.1.4, Quarantined, [00e8f402ea9fa98d46e81d463ec55ca4],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Roaming\WSE_Vosteran\UpdateProc, Quarantined, [00e8f402ea9fa98d46e81d463ec55ca4],

PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran, Delete-on-Reboot, [72769462e4a541f585ab7be822e127d9],

PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\bh, Quarantined, [72769462e4a541f585ab7be822e127d9],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\Application, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\Application\31.0.1650.23, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\Application\31.0.1650.23\Extensions, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\Application\31.0.1650.23\Installer, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\Application\31.0.1650.23\Locales, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\Application\31.0.1650.23\VisualElements, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Cache, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\facebook\images\carousel\screenshots, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\data, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\gallery\images\blackfriday, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\weather, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\app\spots\weather\images, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\css, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\about, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\apps, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\clean, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\discovery, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\favorites, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\ftue, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\icons\pageAction, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\image-upload, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\loaders, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\notifications, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\phone, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\review-gifs\cat, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\search, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\bubbles, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\buttons, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\city, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\clean, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\disco, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\fishing, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\forest, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\mountains, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\planets, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\sea, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\space, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\strips, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\themes\sunset, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\img\user, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\lib, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\locales, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\ar, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\de, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\en, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\es, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\fr, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\he, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\it, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\ja, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\nl, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\pl, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\pt_BR, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\ru, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\_locales\tr, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, Delete-on-Reboot, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Extensions\Temp, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\Local Storage, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\Default\User StyleSheets, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran, C:\Users\James\AppData\Local\Vosteran\User Data\pnacl, Quarantined, [10d89d5991f89e987ab7c99a2dd604fc],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, Quarantined, [76723db92465ae88db1fc99a59aaa858],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots\facebook, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots\facebook\images, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots\facebook\images\carousel, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots\facebook\images\carousel\screenshots, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots\gallery, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots\gallery\data, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots\gallery\images, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots\gallery\images\blackfriday, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots\weather, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\app\spots\weather\images, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\css, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\about, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\apps, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\clean, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\discovery, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\favorites, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\ftue, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\icons, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\icons\pageAction, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\image-upload, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\loaders, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\notifications, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\phone, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\review-gifs, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\review-gifs\cat, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\search, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\bubbles, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\buttons, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\city, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\clean, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\disco, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\fishing, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\forest, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\mountains, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\planets, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\sea, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\space, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\strips, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\themes\sunset, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\img\user, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\js, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\lib, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\locales, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales, Delete-on-Reboot, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\ar, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\de, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\en, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\es, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\fr, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\he, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\it, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\ja, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\nl, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\pl, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\pt_BR, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\ru, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\tr, Quarantined, [3dab8670dbae1422abd854123bc8847c],

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_metadata, Quarantined, [3dab8670dbae1422abd854123bc8847c],

 

Files: 1

PUP.Optional.Vosteran.A, C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vosteran.lnk, Quarantined, [d612a84ed7b251e5b01dda92d330837d],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

MBAM Log 2:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/13/2015

Scan Time: 12:30:53 AM

Logfile:

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.01.13.05

Rootkit Database: v2015.01.07.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x64

File System: NTFS

User: James

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 345007

Time Elapsed: 41 min, 33 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

MBAM Log 3 (ran automatically overnight and quarantined items not found in 2nd scan):

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/13/2015

Scan Time: 3:58:43 AM

Logfile:

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.01.13.05

Rootkit Database: v2015.01.07.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x64

File System: NTFS

User: James

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 345011

Time Elapsed: 8 hr, 57 min, 15 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

PUP.Optional.BPlug, C:\Users\James\AppData\Local\Temp\is765589038\64C2F02D_stp.EXE, Quarantined, [f4f5f2043158d165cd66c00ca45d5ca4],

PUP.Optional.BPlug, C:\Users\James\AppData\Local\Temp\is765589038\3F43A633_stp.EXE, Quarantined, [be2b94621f6a92a4cc67804ca65b3cc4],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

MBAR Logs:

 

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

www.malwarebytes.org

 

Database version: v2015.01.13.05

 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

James :: JAMES-PC [administrator]

 

1/13/2015 2:11:56 AM

mbar-log-2015-01-13 (02-11-56).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 356148

Time elapsed: 37 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

 

Account is Administrative

 

Internet Explorer version: 9.0.8112.16421

 

Java version: 1.6.0_22

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 4292329472, free: 1794355200

 

Downloaded database version: v2015.01.13.05

Downloaded database version: v2015.01.07.01

Downloaded database version: v2014.12.06.01

Initializing...

======================

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.

Initializing...

======================

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.

Initializing...

======================

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.

Initializing...

======================

------------ Kernel report ------------

01/13/2015 02:11:27

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\gcxetgbt.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\acpi.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\intelide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\msrpc.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\system32\DRIVERS\tos_sps64.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\ecache.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\crcdisk.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\tunmp.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\NETw4v64.sys

\SystemRoot\system32\DRIVERS\yk60x64.sys

\SystemRoot\system32\DRIVERS\ohci1394.sys

\SystemRoot\system32\DRIVERS\1394BUS.SYS

\SystemRoot\system32\DRIVERS\o2sdx64.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\DRIVERS\o2mdx64.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\System32\Drivers\tosrfcom.sys

\SystemRoot\system32\DRIVERS\msiscsi.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\QIOMem.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\tosporte.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\CHDART64.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\smb.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\UVCFTR_S.SYS

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\system32\DRIVERS\mfencbdc.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\system32\DRIVERS\AegisP.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\drivers\mrxdav.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\system32\drivers\cfwids.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8007a6b060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000097\

Lower Device Object: 0xfffffa8007a77060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa80069e72e0

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8004b74050

Lower Device Driver Name: \Driver\iaStor\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80069e6510

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-0\

Lower Device Object: 0xfffffa8004b70050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80069e6510, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80069e7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80069e6510, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8004b717e0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8004b70050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 19E919E9

 

Partition information:

 

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 3072000

 

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 3074048 Numsec = 387647488

Partition file system is NTFS

Partition is bootable

 

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

 

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

 

Disk Size: 200049647616 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa80069e72e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80069e8040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80069e72e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8004b71e40, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8004b74050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: B0805BA0

 

Partition information:

 

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 390720897

 

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

 

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

 

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

 

Disk Size: 200049647616 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 512

Drive: 2, DevicePointer: 0xfffffa8007a6b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007a6bb30, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007a6b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8007a77060, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 2

Scanning MBR on drive 2...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 6BC7CCDE

 

Partition information:

 

Partition 0 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 8064 Numsec = 7823488

 

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

 

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

 

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

 

Disk Size: 4009754624 bytes

Sector size: 512 bytes

 

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-3074048-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...

Removal finished

 

Rkill Log:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2015 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 01/14/2015 02:40:19 AM in x64 mode.

Windows Version: Windows Vista ™ Home Premium Service Pack 2

 

Checking for Windows services to stop:

 

* No malware services found to stop.

 

Checking for processes to terminate:

 

* C:\Windows\system32\TODDSrv.exe (PID: 2664) [WD-HEUR]

 

1 proccess terminated!

 

Checking Registry for malware related settings:

 

* No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

* Windows Defender Disabled

 

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

 

* Windows Firewall Disabled

 

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = dword:00000000

 

Checking Windows Service Integrity:

 

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Automatic

 

Searching for Missing Digital Signatures:

 

* No issues found.

 

Checking HOSTS File:

 

* HOSTS file entries found:

 

127.0.0.1 localhost

::1 localhost

 

Program finished at: 01/14/2015 02:42:44 AM

Execution time: 0 hours(s), 2 minute(s), and 25 seconds(s)



#4 bockery

bockery
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 14 January 2015 - 08:41 PM

The following are my AdwCleaner, JRT, and Sophos logs:

 

ADWCleaner [SO]:
 
# AdwCleaner v4.107 - Report created 12/01/2015 at 22:58:34
# Updated 07/01/2015 by Xplode
# Database : 2015-01-12.3 [Live]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Downloads\adwcleaner_4.107.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Program Files (x86)\WSE_Vosteran
[!] Folder Deleted : C:\Users\James\AppData\Local\Vosteran
[!] Folder Deleted : C:\Users\James\AppData\Roaming\WSE_Vosteran
[!] Folder Deleted : C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
[!] Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[!] Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\Extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}
[!] Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[!] Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\user.js
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\searchplugins\Vosteran.xml
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : WSE_Vosteran
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Vosteran Browser
Key Deleted : HKCU\Software\WSE_Vosteran
Key Deleted : HKCU\Software\Vosteran
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v3.6.13 (en-US)
 
[dnr6ml1z.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://vosteran.com/?f=1&a=vst_frg01_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCyB0CyB0AtC0Azy0C0EtN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1B[...]
[dnr6ml1z.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [4866 octets] - [12/01/2015 22:45:25]
AdwCleaner[S0].txt - [4140 octets] - [12/01/2015 22:58:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4200 octets] ##########
 
 
AdwCleaner [RO]:
 
# AdwCleaner v4.107 - Report created 12/01/2015 at 22:45:25
# Updated 07/01/2015 by Xplode
# Database : 2015-01-12.3 [Live]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Downloads\adwcleaner_4.107.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\searchplugins\Vosteran.xml
File Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\user.js
Folder Found : C:\Program Files (x86)\WSE_Vosteran
Folder Found : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Found : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Folder Found : C:\Users\James\AppData\Local\Vosteran
Folder Found : C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\Extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}
Folder Found : C:\Users\James\AppData\Roaming\WSE_Vosteran
 
***** [ Scheduled Tasks ] *****
 
Task Found : WSE_Vosteran
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Vosteran
Key Found : HKCU\Software\Vosteran Browser
Key Found : HKCU\Software\WSE_Vosteran
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Vosteran
Key Found : [x64] HKCU\Software\Vosteran Browser
Key Found : [x64] HKCU\Software\WSE_Vosteran
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://vosteran.com/?f=1&a=vst_frg01_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCyB0CyB0AtC0Azy0C0EtN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtB0Bzy0B0C0AtGzzyDtD0CtGyC0DyCzytGyC0A0DtDtGtByB0CyDyByC0EzztB0E0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0FtC0AyCtCtAtGzzzz0A0DtGyEyE0AtBtG0BzzyCtDtGtB0B0E0CyE0EyEtCtCyEzzzy2Q&cr=118024401&ir=
 
-\\ Mozilla Firefox v3.6.13 (en-US)
 
[dnr6ml1z.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://vosteran.com/?f=1&a=vst_frg01_15_03_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0CtCyB0CyB0AtC0Azy0C0EtN0D0Tzu0StCtCtDyBtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1B[...]
[dnr6ml1z.default] - Line Found : user_pref("browser.search.selectedEngine", "Vosteran");
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [4694 octets] - [12/01/2015 22:45:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4754 octets] ##########
 
 
AdwCleaner [S1]:
 
# AdwCleaner v4.107 - Report created 14/01/2015 at 13:28:32
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\adwcleaner_4.107.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
[!] Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[!] Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Mozilla Firefox v35.0 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [4866 octets] - [12/01/2015 22:45:25]
AdwCleaner[R1].txt - [1277 octets] - [14/01/2015 12:52:31]
AdwCleaner[S0].txt - [4284 octets] - [12/01/2015 22:58:34]
AdwCleaner[S1].txt - [1216 octets] - [14/01/2015 13:28:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1276 octets] ##########
 
 
AdwCleaner [R1]:
 
# AdwCleaner v4.107 - Report created 14/01/2015 at 12:52:31
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\adwcleaner_4.107.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Found : C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dnr6ml1z.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Mozilla Firefox v35.0 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [4866 octets] - [12/01/2015 22:45:25]
AdwCleaner[R1].txt - [1077 octets] - [14/01/2015 12:52:31]
AdwCleaner[S0].txt - [4284 octets] - [12/01/2015 22:58:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1197 octets] ##########
 
 
JRT Log (1st Run):
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by James on Tue 01/13/2015 at  3:24:35.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{0AD0D888-81FE-4487-970D-C11F748EB209}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{314576C3-C778-4C1A-BEFE-A414D7142CD1}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{33746A7D-4DA8-459A-9C3C-D42078087D59}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{358ED675-03A2-4249-B862-6A9AF7C5757F}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{41A6B0ED-3095-46A8-8CFE-E1A5B3A55140}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{457A1CB5-21EF-4C2B-89D4-B0BF78F28D72}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{4819B663-762B-45DE-BB62-5B3DAFAEA296}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{4BFDAE16-1133-4088-A89F-38984CCD3CF9}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{4E08F8B2-FCC8-4714-A5FF-A9EDAA13FF84}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{5C1CAAE7-E0DA-4AE6-8C10-0E9B40F250D9}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{5C676C48-55B4-4169-8C94-46991E5CF844}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{625F6CD0-AE26-47EA-BD7A-D0605B8F1D5E}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{63022DF8-A15A-4CA1-A601-931677165FD4}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{6957A082-E9D7-4C78-AE60-5A2E21D31D35}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{7C7A26F3-5B29-462D-BBDB-3E5C5F42F981}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{7C8C576C-3685-440A-AD1E-2421AB778BD1}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{8663F0F9-34CA-42F9-9E05-4DD43D75684E}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{8ED83775-07FE-4668-BBC0-2862F7D0EB0D}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{953443A2-CCA5-4012-BD3A-DDA5C32C7FBA}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{9CB6C701-222C-47DE-BB84-F5C5C5D74935}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{9F93DF51-04E4-4650-B42C-655E294C961F}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{A0C0BF58-F34B-44E1-8A33-655B3F22BDC6}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{A12FA6A6-8BE4-44EB-B975-08298D845FA5}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{AC17945D-6046-4801-BDA6-FF25EAEF0FFF}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{B232FDA2-AC64-48FC-8ED2-326A0A6E3A71}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{BE55D150-3CD8-4F8F-B0DE-B47C2B6611CE}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{C066FDBD-3223-485C-8A26-49175666D3FE}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{C3FC7C8F-FB4A-476C-996E-355AF5049311}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{C45628DC-BC98-45A1-8E48-F1D3B5BB0945}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{CDE0B82F-5CA9-454B-BDD6-5EBB65E360CA}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{D613F954-2D86-4CB3-9B57-2B2302553C07}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{DC2F6406-67CD-4D4C-983D-F46E5BCCEEAC}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{E06B54C1-199D-49FF-82D1-FE3FB769C940}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{E58D7FC3-A386-42E0-BFF5-7E460659C3FC}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{F0CDF09A-1EA2-4AEE-81F7-6C47F434CFC8}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{F64F802A-6430-4CD0-99AF-AE5F296C728C}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\dnr6ml1z.default\extensions\chachaguidebar@chacha.com
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/13/2015 at  3:54:38.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
JRT Log (2nd run):
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by James on Wed 01/14/2015 at 14:34:06.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/14/2015 at 15:00:02.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
SOPHOS SCAN:
 
No threat detected


#5 bockery

bockery
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 15 January 2015 - 12:57 AM

Computer seems clean, no trouble in browsers, but html documents are still called "Vosteran HTML Document."  This is for exisitng .html files on my harddrive and also the only file type option for saving .hmtl files

 

What can I do?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users