[kepayne228]

Hey Adam I had to leave my aunt's house. I will be back over there tomorrow to do the next steps. Thanks have a good night.

[Advertisements]

No problem, Keisha. I'll look out for your response tomorrow. 

[LiquidTension]

No problem, Keisha. I'll look out for your response tomorrow. 

[kepayne228]

Hello! I was able to reboot the computer into Windows normally.  Here is the Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by SYSTEM at 2014-09-17 10:23:49 Run:2
Running from j:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
start
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll C:\Windows\System32\rpcss.dll
end
*****************

Could not find C:\Windows\System32\rpcss.dll
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

==== End of Fixlog ====

[LiquidTension]

Good job!

 

Please go back to Post #9, and start from STEP 2, which will involve re-running AdwCleaner. 

[kepayne228]

This computer is already cooperating a lot better! Here are the logs from Post #9 Step 2 and beyond. I will post each log in  separate post to avoid error messages

 

AdwCleaner log

 

# AdwCleaner v3.310 - Report created 17/09/2014 at 11:32:24
# Updated 12/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : Pat - PAT-PC
# Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm
Folder Deleted : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safesearch.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[ File : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [35329 octets] - [16/09/2014 16:56:50]
AdwCleaner[R1].txt - [4702 octets] - [17/09/2014 11:30:35]
AdwCleaner[S0].txt - [35481 octets] - [16/09/2014 17:00:09]
AdwCleaner[S1].txt - [4142 octets] - [17/09/2014 11:32:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4202 octets] ##########

[kepayne228]

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Pat on Wed 09/17/2014 at 11:42:34.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sbregrebootcleaner
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\televisionfanatic search scope monitor

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{94034ECE-2FF0-49BE-AB87-EBCDB06C3DC4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{94034ECE-2FF0-49BE-AB87-EBCDB06C3DC4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\pc healthboost"

 

~~~ FireFox

Successfully deleted the following from C:\Users\Pat\AppData\Roaming\mozilla\firefox\profiles\er31eg4t.default\prefs.js

user_pref("browser.search.order.1", "SafeSearch");
user_pref("browser.search.selectedEngine", "SafeSearch");
user_pref("browser.search.defaultenginename", "SafeSearch");

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/17/2014 at 11:46:24.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[kepayne228]

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Pat (administrator) on PAT-PC on 17-09-2014 11:48:35
Running from C:\Users\Pat\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Visual Networks) C:\Program Files\earthlink totalaccess\FastLane2\ipmon32.exe
(Visual Networks) C:\Program Files\earthlink totalaccess\FastLane2\IPClient.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ShopAtHome.com) C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(ShopAtHome.com) C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Home) C:\Users\Pat\AppData\Local\Search Protect\spro.exe
(Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Thisisu) C:\Users\Pat\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [IPInSightMonitor 01] => C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe [122880 2005-08-10] (Visual Networks)
HKLM\...\Run: [IPInSightLAN 01] => C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe [380928 2005-08-10] (Visual Networks)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [1573888 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [ShopAtHomeWatcher] => C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [140944 2013-08-20] (ShopAtHome.com)
HKLM\...\Run: [ShopAtHomeUpdater] => C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [179856 2013-08-20] (ShopAtHome.com)
HKLM\...\Run: [TelevisionFanatic EPM Support] => "C:\PROGRA~1\TELEVI~2\bar\1.bin\64medint.exe" T8EPMSUP.DLL,S
HKLM\...\Run: [TelevisionFanatic Home Page Guard 32 bit] => "C:\PROGRA~1\TELEVI~2\bar\1.bin\AppIntegrator.exe"
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1090952 2010-04-29] (Malwarebytes Corporation)
HKLM\...\Run: [fst_us_203] => [X]
HKLM\...\Run: [{04db920b-6fa4-db47-4ffb-55416ab0330d}] => C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe [184876 2014-09-16] ()
HKLM\...\Policies\Explorer\Run: [{04db920b-6fa4-db47-4ffb-55416ab0330d}] => C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe [184876 2014-09-16] ( ())
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [942080 2008-01-18] (Hewlett-Packard)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [Google Update] => "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3588952 2014-04-04] (Electronic Arts)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-12] (Google Inc.)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [GoogleChromeAutoLaunch_E7E74011083E2C909EDA19AC484563C2] => C:\Program Files\Fast Browser\Application\chrome.exe [713728 2014-03-22] (Fast Browser)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [Search Protect] => C:\Users\Pat\AppData\Local\Search Protect\spro.exe [225792 2014-04-12] (Home)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [ATT-SST] => C:\Program Files\ATT-SST\McciBrowser.exe [1057792 2011-09-09] (Alcatel-Lucent)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-09] (SUPERAntiSpyware)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\MountPoints2: {90bd8020-cf60-11e2-a5ed-001fc6056700} - K:\LaunchU3.exe -a
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\MountPoints2: {fcaa07f4-876a-11e3-88b5-001fc6056700} - K:\LaunchU3.exe -a
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancer.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancerService.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:50179;https=127.0.0.1:50179
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear....=20140917-zv-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear....&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....=20140917-zv-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear....=20140917-zv-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....=20140917-zv-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....&q={searchTerms}
URLSearchHook: HKCU - SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.safesear....140917-zv-ie-sm
SearchScopes: HKLM - {32BB18DB-8A9B-45FE-8CE7-6BF175535B23} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM - {3D35BFB4-CB27-4512-B415-BDE7E22DC23D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/t...&q={searchTerms}
SearchScopes: HKCU - {32BB18DB-8A9B-45FE-8CE7-6BF175535B23} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {3D35BFB4-CB27-4512-B415-BDE7E22DC23D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {525E2836-095A-45AD-9DBB-835F2D64AF62} URL = http://torcho.com/?q...1&v1=addr&r=827
SearchScopes: HKCU - {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/t...&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-atty
BHO: ElnkBhoGuard Class -> {00000000-0000-0000-0000-000000000002} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll (EarthLink, Inc.)
BHO: ElnkScamBHO Class -> {15F4D456-5BAA-4076-8486-EECB38CD3E57} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll (EarthLink, Inc.)
BHO: Like.BHO -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: ElnkPubBHO Class -> {512ACF1B-64D9-4928-B382-A80556F28DB4} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPub.dll (EarthLink, Inc.)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Simple -> {886bf106-6ebf-4ef4-8676-6663caabbda4} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: ElnkProtectionBHO Class -> {9579D574-D4D8-4335-9560-FE8641A013BD} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll (EarthLink, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: ElnkLegacyUninstBHO Class -> {E713904C-DF05-4C79-BBAD-02DB923253BE} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll (EarthLink, Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll (EarthLink, Inc.)
Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll (EarthLink, Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default
FF NewTab: hxxp://torcho.com/?channel=7777-2081&v1=home
FF Homepage: hxxp://www.safesear.ch/?type=20140917-zv-ff
FF NewTab: hxxp://www.safesear.ch/?type=20140917-zv-ff-nt
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @TelevisionFanatic.com/Plugin -> C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pat\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pat\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\searchplugins\searcharmor.xml
FF Extension: Plus-HD-V1.9c - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: videos MediaPlay-Air - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-08-12]
FF Extension: LLuCkyShOpPer - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: jid0w1UVmoLd6VGudaIERuRJCPQx1dQjetpack - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack [2014-08-15]
FF Extension: dieoAl2dealit - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: c4080853c6994120b8e0618bff8a4474 - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474} [2014-08-25]
FF Extension: Like - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-04-08]
FF Extension: Simple - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-04-08]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-06-01]
FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2014-07-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.safesear....140917-zv-ff-sm

Chrome:
=======
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140917-zv-ch
CHR RestoreOnStartup: Default -> "hxxp://torcho.com/?channel=7777-2081&v1=home"
CHR StartupUrls: Default -> "hxxp://www.safesear.ch/?type=20140917-zv-ch"
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> http://www.trovi.com...archTerms}=
CHR DefaultSuggestURL: Default -> http://suggest.secci...ix={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Pat\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Pat\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Pat\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Facebook Messenger Platinum) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimnghcocaaocjcffibpccpldmabjigb [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Facebook Image Zoom and Downloader) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj [2014-08-31]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-04-08]
CHR Extension: (QR Code Maker and Decoder) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkkpjnnhmokcnfdllcgldppopnneooi [2014-09-13]
CHR Extension: (Cloudy for Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa [2014-09-13]
CHR Extension: (Dropmark sidebar) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\foiapgoppijipmmgkaibacckkhbngfhp [2014-08-25]
CHR Extension: (Tab) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-04-08]
CHR Extension: (Menu button) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\goblmaagcgfbjlaahdohiomenekdpnci [2014-08-25]
CHR Extension: (Simple) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-04-08]
CHR Extension: (Like) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf [2014-04-08]
CHR Extension: (Google Wallet) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (HoofSounds) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhjhphleppgakhlffhlfhbekfnobbk [2014-08-25]
CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2014-07-17]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.safesear....140917-zv-ch-sm
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S2 McciServiceHost; C:\Program Files\Common Files\Motive\McciServiceHost.exe [315392 2011-09-09] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [361472 2012-03-13] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-04-01] (Alcatel-Lucent) [File not signed]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U0 IPVNMon; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 11:46 - 2014-09-17 11:46 - 00001861 _____ () C:\Users\Pat\Desktop\JRT.txt
2014-09-17 11:43 - 2014-09-17 11:43 - 00004282 _____ () C:\Users\Pat\Desktop\AdwCleaner[S1].txt
2014-09-17 11:42 - 2014-09-17 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 11:29 - 2014-09-16 16:53 - 01016035 _____ (Thisisu) C:\Users\Pat\Desktop\JRT.exe
2014-09-17 11:23 - 2009-03-02 21:32 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-09-17 10:35 - 2014-09-17 10:35 - 00000000 ____D () C:\Program Files\Simple
2014-09-17 10:32 - 2014-09-17 10:35 - 00000000 ____D () C:\Program Files\Like
2014-09-16 16:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-16 16:56 - 2014-09-17 11:32 - 00000000 ____D () C:\AdwCleaner
2014-09-16 16:56 - 2014-09-16 16:52 - 01373475 _____ () C:\Users\Pat\Desktop\AdwCleaner.exe
2014-09-16 14:28 - 2014-09-16 14:30 - 00001899 _____ () C:\Users\Pat\Desktop\Search.txt
2014-09-16 13:33 - 2014-09-16 13:33 - 00050615 _____ () C:\Users\Pat\Desktop\FRST 9-14 132.txt
2014-09-16 13:32 - 2014-09-16 13:32 - 00053589 _____ () C:\Users\Pat\Desktop\Addition 9-14 132.txt
2014-09-16 13:31 - 2014-09-16 13:31 - 00054835 _____ () C:\Users\Pat\Desktop\Addition 9-14 131.txt
2014-09-16 13:31 - 2014-09-16 13:31 - 00051102 _____ () C:\Users\Pat\Desktop\FRST 9-16 131.txt
2014-09-16 13:27 - 2014-09-16 13:32 - 00053589 _____ () C:\Users\Pat\Desktop\Addition.txt
2014-09-16 13:23 - 2014-09-17 11:49 - 00030259 _____ () C:\Users\Pat\Desktop\FRST.txt
2014-09-16 13:23 - 2014-09-17 11:48 - 00000000 ____D () C:\FRST
2014-09-16 13:23 - 2014-09-15 10:45 - 01097728 _____ (Farbar) C:\Users\Pat\Desktop\FRST.exe
2014-09-16 13:21 - 2014-09-15 10:47 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pat\Desktop\tdsskiller.exe
2014-09-16 13:21 - 2014-09-15 10:46 - 02105856 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2014-09-14 21:37 - 2014-09-14 21:37 - 00042262 _____ () C:\Users\Pat\Desktop\otl extra.txt
2014-09-14 21:31 - 2014-09-14 21:31 - 01109072 _____ () C:\Users\Pat\Desktop\OTL.Txt
2014-09-14 19:45 - 2014-09-14 19:45 - 00000000 ____D () C:\SUPERDelete
2014-09-14 19:44 - 2014-09-17 11:44 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133.job
2014-09-14 19:44 - 2014-09-17 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-14 19:44 - 2014-09-14 19:54 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe.job
2014-09-14 19:44 - 2014-09-14 19:44 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-09-14 19:44 - 2014-09-14 19:44 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\SUPERAntiSpyware.com
2014-09-14 19:43 - 2014-09-17 11:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-14 19:43 - 2014-09-14 19:43 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-14 14:45 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-09-14 14:45 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-09-14 14:44 - 2014-09-14 18:25 - 00000000 ____D () C:\VIPRERESCUE
2014-09-14 13:53 - 2014-09-14 14:26 - 168402944 _____ () C:\Users\Pat\Downloads\VIPRERescue33104.exe
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.scr
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.com
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\dowiNloaditKeep
2014-09-13 09:30 - 2014-09-14 13:11 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2014-09-13 09:23 - 2014-09-13 09:23 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-08-31 23:10 - 2014-09-14 18:36 - 00000000 ____D () C:\ProgramData\dowiNloaditKeep

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 11:49 - 2014-09-16 13:23 - 00030259 _____ () C:\Users\Pat\Desktop\FRST.txt
2014-09-17 11:48 - 2014-09-16 13:23 - 00000000 ____D () C:\FRST
2014-09-17 11:46 - 2014-09-17 11:46 - 00001861 _____ () C:\Users\Pat\Desktop\JRT.txt
2014-09-17 11:46 - 2014-09-14 19:43 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-17 11:44 - 2014-09-14 19:44 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133.job
2014-09-17 11:43 - 2014-09-17 11:43 - 00004282 _____ () C:\Users\Pat\Desktop\AdwCleaner[S1].txt
2014-09-17 11:42 - 2014-09-17 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 11:41 - 2008-05-28 21:26 - 01856455 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 11:40 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-17 11:38 - 2014-04-08 18:17 - 00000000 ____D () C:\ProgramData\Npackd
2014-09-17 11:36 - 2014-03-31 15:29 - 00000000 ___RD () C:\Users\Pat\Dropbox
2014-09-17 11:36 - 2014-03-31 15:26 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox
2014-09-17 11:34 - 2010-03-13 20:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 11:33 - 2008-01-20 19:47 - 00199794 _____ () C:\Windows\PFRO.log
2014-09-17 11:33 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 11:33 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 11:33 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 11:32 - 2014-09-16 16:56 - 00000000 ____D () C:\AdwCleaner
2014-09-17 11:32 - 2006-11-02 06:01 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-17 11:28 - 2011-07-04 12:52 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000UA.job
2014-09-17 11:09 - 2013-08-24 15:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 11:04 - 2010-03-13 20:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 10:35 - 2014-09-17 10:35 - 00000000 ____D () C:\Program Files\Simple
2014-09-17 10:35 - 2014-09-17 10:32 - 00000000 ____D () C:\Program Files\Like
2014-09-17 10:34 - 2014-04-08 18:09 - 00000258 __RSH () C:\Users\Pat\ntuser.pol
2014-09-17 10:34 - 2008-05-28 21:33 - 00000000 ____D () C:\Users\Pat
2014-09-17 10:29 - 2008-06-05 22:39 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{2EF81A9E-8FE5-492E-BE2B-AC24305B427B}.job
2014-09-17 10:28 - 2014-09-14 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-16 16:53 - 2014-09-17 11:29 - 01016035 _____ (Thisisu) C:\Users\Pat\Desktop\JRT.exe
2014-09-16 16:52 - 2014-09-16 16:56 - 01373475 _____ () C:\Users\Pat\Desktop\AdwCleaner.exe
2014-09-16 14:30 - 2014-09-16 14:28 - 00001899 _____ () C:\Users\Pat\Desktop\Search.txt
2014-09-16 13:45 - 2013-06-07 16:00 - 00000000 ____D () C:\ProgramData\Origin
2014-09-16 13:33 - 2014-09-16 13:33 - 00050615 _____ () C:\Users\Pat\Desktop\FRST 9-14 132.txt
2014-09-16 13:32 - 2014-09-16 13:32 - 00053589 _____ () C:\Users\Pat\Desktop\Addition 9-14 132.txt
2014-09-16 13:32 - 2014-09-16 13:27 - 00053589 _____ () C:\Users\Pat\Desktop\Addition.txt
2014-09-16 13:31 - 2014-09-16 13:31 - 00054835 _____ () C:\Users\Pat\Desktop\Addition 9-14 131.txt
2014-09-16 13:31 - 2014-09-16 13:31 - 00051102 _____ () C:\Users\Pat\Desktop\FRST 9-16 131.txt
2014-09-16 13:26 - 2013-02-15 15:57 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-16 13:25 - 2008-02-24 13:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-15 10:47 - 2014-09-16 13:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pat\Desktop\tdsskiller.exe
2014-09-15 10:46 - 2014-09-16 13:21 - 02105856 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2014-09-15 10:45 - 2014-09-16 13:23 - 01097728 _____ (Farbar) C:\Users\Pat\Desktop\FRST.exe
2014-09-14 21:37 - 2014-09-14 21:37 - 00042262 _____ () C:\Users\Pat\Desktop\otl extra.txt
2014-09-14 21:31 - 2014-09-14 21:31 - 01109072 _____ () C:\Users\Pat\Desktop\OTL.Txt
2014-09-14 19:54 - 2014-09-14 19:44 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe.job
2014-09-14 19:54 - 2014-08-12 00:07 - 00000000 ____D () C:\Program Files\HQPureV1.8
2014-09-14 19:47 - 2008-02-24 13:38 - 00000000 ____D () C:\Program Files\AWS
2014-09-14 19:45 - 2014-09-14 19:45 - 00000000 ____D () C:\SUPERDelete
2014-09-14 19:44 - 2014-09-14 19:44 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-09-14 19:44 - 2014-09-14 19:44 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\SUPERAntiSpyware.com
2014-09-14 19:43 - 2014-09-14 19:43 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-14 19:40 - 2006-11-02 05:52 - 00045552 _____ () C:\Windows\setupact.log
2014-09-14 19:33 - 2014-05-04 08:46 - 00000000 ____D () C:\Program Files\NpackdDetected
2014-09-14 19:27 - 2013-05-18 13:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-14 19:27 - 2010-04-03 12:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-14 18:36 - 2014-08-31 23:10 - 00000000 ____D () C:\ProgramData\dowiNloaditKeep
2014-09-14 18:36 - 2011-10-26 17:23 - 00000000 ____D () C:\Program Files\ATT-SST
2014-09-14 18:35 - 2014-08-12 00:08 - 00000000 ____D () C:\Program Files\videos MediaPlay-Air
2014-09-14 18:35 - 2014-08-12 00:03 - 00000000 ____D () C:\Program Files\SearchArmor
2014-09-14 18:25 - 2014-09-14 14:44 - 00000000 ____D () C:\VIPRERESCUE
2014-09-14 16:14 - 2011-03-23 17:31 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\HpUpdate
2014-09-14 14:28 - 2014-01-29 10:33 - 00000087 _____ () C:\Windows\system32\osgyyfu.ijm
2014-09-14 14:26 - 2014-09-14 13:53 - 168402944 _____ () C:\Users\Pat\Downloads\VIPRERescue33104.exe
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.scr
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.com
2014-09-14 13:30 - 2013-05-18 13:32 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-14 13:30 - 2010-04-03 12:33 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-14 13:21 - 2014-08-12 00:04 - 00000000 ____D () C:\ProgramData\19e8f4e397351af7
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\dowiNloaditKeep
2014-09-14 13:11 - 2014-09-13 09:30 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2014-09-14 04:29 - 2011-07-04 12:52 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000Core.job
2014-09-14 03:11 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 03:02 - 2006-11-02 03:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-14 03:01 - 2013-05-18 13:54 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-14 03:01 - 2013-05-18 13:53 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-14 03:01 - 2013-05-18 13:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 23:43 - 2014-04-08 18:14 - 00000436 ____H () C:\Windows\Tasks\Norton Security Scan for Pat.job
2014-09-13 10:11 - 2013-08-24 15:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-13 10:11 - 2012-03-24 09:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-13 09:45 - 2010-03-12 19:00 - 00000000 ____D () C:\Users\Pat\AppData\Local\Google
2014-09-13 09:23 - 2014-09-13 09:23 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-09-01 11:55 - 2014-08-08 08:50 - 00039936 _____ () C:\Windows\system32\btlcp.cpo
2014-09-01 11:55 - 2014-01-27 08:52 - 00000291 _____ () C:\Windows\system32\hirh.dnc
2014-08-25 01:00 - 2014-03-31 15:27 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-25 00:48 - 2012-07-13 21:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-25 00:48 - 2010-03-12 19:00 - 00000000 ____D () C:\Program Files\Google

Files to move or delete:
====================
C:\Users\Pat\RecipeHub.exe

Some content of TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmtxjds.dll
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe
C:\Users\Pat\AppData\Local\Temp\swt-win32-3333.dll
C:\Users\Pat\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-17 11:42

==================== End Of Log ============================

[kepayne228]

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Pat at 2014-09-17 11:50:35
Running from C:\Users\Pat\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AT&T Portal (HKLM\...\ATT-SST-UversePortal) (Version:  - )
AT&T Troubleshoot & Resolve Tool (HKLM\...\ATT-SST) (Version:  - )
att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon MX340 series User Registration (HKLM\...\Canon MX340 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1126 - CyberLink Corp.)
Deal Info (Version: 2008.1.22.0 - EarthLink, Inc) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
EarthLink Common Authentication (Version: 1.0.87.0 - ) Hidden
EarthLink FastLane (HKLM\...\{BD33CD92-3A42-4CE1-ADDE-A9B64CFFF24D}) (Version: 5.8.0.13 - EarthLink, Inc)
EarthLink Software (HKLM\...\EarthLink TotalAccess 2004) (Version: 2008.1.22.0 - )
EarthLink Toolbar (HKLM\...\{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}) (Version:  - EarthLink, Inc.)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Fast Browser (HKLM\...\Chromium) (Version: 34.0.1848.0 - Fast Browser)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4708.19 - PC-Doctor, Inc.)
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}) (Version: 5.6.0.2499 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Demo (HKLM\...\{9A379E7A-22ED-44FF-9293-E393D704505D}) (Version: 4.1.0 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}) (Version: 5.6.0.2542 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Total Care Advisor (HKLM\...\{fef8097e-662d-49b3-aa77-2919db3746d7}) (Version: 1.6.12.2542 - Hewlett-Packard)
HP Update (HKLM\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HQPureV1.8 (HKLM\...\HQPureV1.8) (Version: 1.34.7.29 - HQPure) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2329 - CyberLink Corp.)
LightScribe System Software  1.10.23.1 (HKLM\...\{0E19A83E-F53B-40CF-8C91-96F32D955E6A}) (Version: 1.10.23.1 - http://www.lightscribe.com)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Like 1.5 (HKLM\...\Like) (Version: 1.5 - Like)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{5115C036-C0D5-4E1B-81C9-542CA967478A}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
Norton Security Scan (HKLM\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
NpackdCL (HKLM\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PCHealthBoost 3.0.5 (HKLM\...\PCHealthBoost) (Version: 3.0.5 - Boost Software Inc.)
Pet Show Craze (Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3610 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2420 - CyberLink Corp.)
PowerDirector (Version: 6.5.2420 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Redistributed Files (Version: 2.0.46.0 - EarthLink, Inc.) Hidden
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Search Armor (HKLM\...\SearchFort) (Version: 1 - )
Search Protect 1.0 (HKLM\...\Search Protect) (Version: 1.0 - Search Protect) <==== ATTENTION
ShopAtHome.com Helper (HKLM\...\ShopAtHome.com Helper) (Version: 7.0.3.15 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKLM\...\ShopAtHome.com Toolbar) (Version: 7.0.3.15 - ShopAtHome.com) <==== ATTENTION
ShoppingDealFactory (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - ShoppingDealFactory) <==== ATTENTION
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
TelevisionFanatic Internet Explorer Toolbar  (HKLM\...\TelevisionFanaticbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
The Sims™ 3 Generations (HKLM\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
TotalAccess Core Applications (Version: 2008.1.22.0 - EarthLink, Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
videos MediaPlay-Air (HKLM\...\videos MediaPlay-Air) (Version: 1.34.7.29 - enter) <==== ATTENTION
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (Version: 4.0.11.2 - WildTangent) Hidden
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\InprocServer32 -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

26-07-2014 05:15:24 Windows Update
27-07-2014 05:15:20 Windows Update
28-07-2014 05:15:29 Windows Update
29-07-2014 05:14:59 Windows Update
30-07-2014 05:14:53 Windows Update
31-07-2014 05:15:03 Windows Update
01-08-2014 05:14:44 Windows Update
02-08-2014 05:14:55 Windows Update
03-08-2014 05:15:52 Windows Update
04-08-2014 05:15:38 Windows Update
05-08-2014 05:15:43 Windows Update
06-08-2014 05:15:25 Windows Update
07-08-2014 05:18:23 Windows Update
08-08-2014 05:15:14 Windows Update
09-08-2014 05:16:24 Windows Update
10-08-2014 05:17:06 Windows Update
11-08-2014 05:16:36 Windows Update
12-08-2014 05:16:04 Windows Update
13-08-2014 05:15:48 Windows Update
14-08-2014 05:16:51 Windows Update
15-08-2014 05:16:48 Windows Update
15-08-2014 10:00:14 Windows Update
16-08-2014 05:16:18 Windows Update
26-08-2014 07:59:54 Windows Update
27-08-2014 07:59:53 Windows Update
28-08-2014 07:59:57 Windows Update
29-08-2014 08:00:09 Windows Update
30-08-2014 07:59:39 Windows Update
31-08-2014 07:59:35 Windows Update
13-09-2014 16:23:23 Windows Update
14-09-2014 10:00:14 Windows Update
15-09-2014 02:47:49 Windows Update
15-09-2014 03:43:49 Windows Update
16-09-2014 20:33:32 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {20990D4E-73BD-49B1-B8A3-A1F1E31C3AD9} - System32\Tasks\PCHB_Pat_PCHealthBoost_RS_DailyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: {214C54A7-F799-49F7-B2CC-F79611A8D57B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {2469D6D6-0B2F-4132-A2ED-4A049E51C469} - System32\Tasks\NSManager => C:\Users\Pat\AppData\Local\NSManager\manager.exe [2014-04-04] ()
Task: {2EA02AF9-2282-45B2-9CEC-3FDE67D5FD31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
Task: {31D20166-B27B-4856-A394-8DBC9CA461AC} - System32\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {33989DBE-0622-4640-AA42-3183DB2A5B28} - System32\Tasks\PCHB_Pat_PCHealthBoost_RS_WeeklyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: {39B1E7E3-6DB4-4B48-B340-C7A8D9C9C3EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000Core => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D3F02E8-9901-4F30-BBC0-61C3BB5939A9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {487DAB6B-02BE-4561-8D84-29FD04DD295B} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.bat [2008-02-24] ()
Task: {607C97C0-E78A-4E77-9F7F-C4224F9C7D28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {74B5AED7-322F-4963-B064-4A6B4DACB653} - System32\Tasks\Norton Security Scan for Pat => C:\Program Files\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {8C1DC633-C32A-4D11-9728-155E5F686C5D} - System32\Tasks\PCHB_Pat_PCHealthBoost_LogonTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: {98D8F43C-7E85-4323-8F47-7431294D5E9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000UA => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A51FC96D-2B39-4C43-BB1C-7843919C57A6} - System32\Tasks\PCHB_Pat_PCHealthBoost_LG_DailyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: {B1774EB2-CD88-4FE2-AF11-4F2E5D035C75} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04] (PC-Doctor, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {E686E5B3-ECE5-446C-B733-D5EB5F84E384} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000Core.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000UA.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Pat.job => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{2EF81A9E-8FE5-492E-BE2B-AC24305B427B}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-01-18 19:21 - 2008-01-18 19:21 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-01-18 19:20 - 2008-01-18 19:20 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-01-18 19:20 - 2008-01-18 19:20 - 00006144 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-01-18 19:20 - 2008-01-18 19:20 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2008-01-20 19:24 - 2008-01-20 19:24 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-01-18 19:21 - 2008-01-18 19:21 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-01-18 19:21 - 2008-01-18 19:21 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2014-09-17 11:35 - 2014-09-17 11:35 - 00043008 _____ () c:\users\pat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmtxjds.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Pat\Desktop\Pat July 2009 458.AVI:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-17 11:50:06.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 11:50:05.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 11:50:05.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 11:50:05.514
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 11:50:05.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 11:50:04.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 11:50:04.720
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 11:50:04.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 11:36:24.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 11:36:24.137
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 3061.77 MB
Available physical RAM: 1717.64 MB
Total Pagefile: 6359.82 MB
Available Pagefile: 4917.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.98 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:326.11 GB) (Free:193.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.24 GB) (Free:1.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (USB DISK) (Removable) (Total:7.45 GB) (Free:6.79 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 335.4 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=326.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)

==================== End Of Log ============================

[LiquidTension]

Hello Keisha, 
 
Did you set this proxy? ProxyServer: http=127.0.0.1:50179;https=127.0.0.1:50179
 
Do you recognise these Chrome extensions?

• CHR Extension: (Tab)
• CHR Extension: (Simple)
• CHR Extension: (Like)

Did you install the following programmes?

• Yahoo! Toolbar
• WeatherBug Gadget
• Like 1.5
   

STEP 1
 Disable Windows Gadgets
Microsoft Security Advisory 2719662 warns of vulnerabilities in Windows Sidebar Gadgets that could allow remote code execution. I recommend disabling Windows Sidebar by running the following Microsoft Fixit. 
 

STEP 2
 Folder Options 

• Press the Windows Key  + r on your keyboard at the same time. Type Control Folders and click OK.
• Click View. Under Hidden files and folders: 
• Place a checkmark next to Show hidden files, folders and drives.
• Remove the checkmark next to Hide extensions for known file types.
• Remove the checkmark next to Hide protected operating system Files (Recommended).
• Click Apply followed by OK.
   

STEP 3
 VirusTotal Upload

• Please go to VirusTotal.com.
• Click Choose File and locate the following file:
  • C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe
• ​Click Scan it!.
• If you receive the following notification: File already analysed click Reanalyse.
• Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
• Please do the same for the files below:
  • C:\Windows\system32\osgyyfu.ijm
  • C:\Windows\system32\btlcp.cpo
  • C:\Windows\system32\hirh.dnc
     

======================================================
 
STEP 4
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Did you set the proxy?
• Do you recognise the extensions?
• Did you install the programmes?
• VirusTotal results (4 URLs)

[kepayne228]

No I did not add any of those things. I will proceed to the next steps.

[kepayne228]

No, did not set the proxy



No, do not recognize those extensions



No, did not install the programs



VirusTotal:



◦C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe



https://www.virustot...sis/1410988267/


I tried to do this file ◦C:\Windows\system32\osgyyfu.ijm
and virustotal.com said something went wrong, go back to the main page and try again. When I tried again, it said File not found in our database





◦C:\Windows\system32\btlcp.cpo


https://www.virustot...sis/1410988796/



C:\Windows\system32\hirh.dnc


https://www.virustot...sis/1410988983/

[LiquidTension]

Thanks Keisha, 

 

Can you try uploading that file to Jotti please. 
 
 Jotti's Malware Scan Upload

• Please go to Virusscan.jotti.org.
• Click Choose File and locate the following file:
  • C:\Windows\system32\osgyyfu.ijm
• ​Click Submit file.
• Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 

[kepayne228]

For that file most of the scanners found nothing but Dr.Web and F Secure said Operation timed out

http://virusscan.jot...7c4678e725d805c

[LiquidTension]

Hi Keisha, 

 

That's fine, thank you. 
 
Please provide an update on your computer after completing the following steps. Are there any outstanding issues?
 
STEP 1
Revo Uninstaller

• Please download and install Revo Uninstaller Free.
• Double-click Revo Uninstaller to run the programme.
• From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
• Note: If any of the programmes do not uninstall successfully, please make a note of the programme, move to the next, and let me know which did not uninstall.
  • Fast Browser
  • HQPureV1.8
  • Like 1.5
  • PCHealthBoost 3.0.5
  • Search Armor
  • Search Protect 1.0
  • ShopAtHome.com Helper
  • ShopAtHome.com Toolbar
  • ShoppingDealFactory
  • TelevisionFanatic Internet Explorer Toolbar
  • videos MediaPlay-Air
  • WeatherBug Gadget
  • Yahoo! Toolbar
• ​Double-click the programme.
• When prompted if you want to uninstall click Yes.
• Ensure the Moderate option is selected and click Next.
• The programme will run. If prompted again click Yes.
• Once the built-in uninstaller is finished click Next.
• Once the programme has searched for leftovers click Next.
• Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
• When prompted click Yes, followed by Next.
• Click Select all, followed by Delete.
• When prompted click Yes, followed by Next.
• Once done click Finish.
   

STEP 2
Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  start
  (ShopAtHome.com) C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
  (ShopAtHome.com) C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
  (Home) C:\Users\Pat\AppData\Local\Search Protect\spro.exe
  C:\Users\Pat\AppData\Local\Search Protect
  HKLM\...\Run: [] => [X]
  HKLM\...\Run: [{04db920b-6fa4-db47-4ffb-55416ab0330d}] => C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe [184876 2014-09-16] ()
  HKLM\...\Policies\Explorer\Run: [{04db920b-6fa4-db47-4ffb-55416ab0330d}] => C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe [184876 2014-09-16] ( ())
  C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}
  HKLM\...\Run: [ShopAtHomeWatcher] => C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [140944 2013-08-20] (ShopAtHome.com)
  HKLM\...\Run: [ShopAtHomeUpdater] => C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [179856 2013-08-20] (ShopAtHome.com)
  HKLM\...\Run: [TelevisionFanatic EPM Support] => "C:\PROGRA~1\TELEVI~2\bar\1.bin\64medint.exe" T8EPMSUP.DLL,S
  HKLM\...\Run: [TelevisionFanatic Home Page Guard 32 bit] => "C:\PROGRA~1\TELEVI~2\bar\1.bin\AppIntegrator.exe"
  HKLM\...\Run: [fst_us_203] => [X]
  HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [GoogleChromeAutoLaunch_E7E74011083E2C909EDA19AC484563C2] => C:\Program Files\Fast Browser\Application\chrome.exe [713728 2014-03-22] (Fast Browser)
  C:\Program Files\Fast Browser
  HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [Search Protect] => C:\Users\Pat\AppData\Local\Search Protect\spro.exe [225792 2014-04-12] (Home)
  HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\MountPoints2: {90bd8020-cf60-11e2-a5ed-001fc6056700} - K:\LaunchU3.exe -a
  HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\MountPoints2: {fcaa07f4-876a-11e3-88b5-001fc6056700} - K:\LaunchU3.exe -a
  IFEO\apnmcp.exe: [Debugger] tasklist.exe
  IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
  IFEO\brs.exe: [Debugger] tasklist.exe
  IFEO\cltmng.exe: [Debugger] tasklist.exe
  IFEO\cltmngui.exe: [Debugger] tasklist.exe
  IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
  IFEO\DTUpdate.exe: [Debugger] tasklist.exe
  IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
  IFEO\HpUI.exe: [Debugger] tasklist.exe
  IFEO\IdcLdr.exe: [Debugger] tasklist.exe
  IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
  IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
  IFEO\Loader32.exe: [Debugger] tasklist.exe
  IFEO\Loader64.exe: [Debugger] tasklist.exe
  IFEO\loggingserver.exe: [Debugger] tasklist.exe
  IFEO\Lrcnta.exe: [Debugger] tasklist.exe
  IFEO\PluginService.exe: [Debugger] tasklist.exe
  IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
  IFEO\SafeFinder.exe: [Debugger] tasklist.exe
  IFEO\searcharmor.exe: [Debugger] tasklist.exe
  IFEO\smu.exe: [Debugger] tasklist.exe
  IFEO\spbiu.exe: [Debugger] tasklist.exe
  IFEO\srptm.exe: [Debugger] tasklist.exe
  IFEO\srpts.exe: [Debugger] tasklist.exe
  IFEO\srptsl.exe: [Debugger] tasklist.exe
  IFEO\SystemkService.exe: [Debugger] tasklist.exe
  IFEO\SystemSockets.exe: [Debugger] tasklist.exe
  IFEO\TBNotifier.exe: [Debugger] tasklist.exe
  IFEO\TNT2User.exe: [Debugger] tasklist.exe
  IFEO\Toolbar.exe: [Debugger] tasklist.exe
  IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
  IFEO\vprot.exe: [Debugger] tasklist.exe
  IFEO\WajamInternetEnhancer.exe: [Debugger] tasklist.exe
  IFEO\WajamInternetEnhancerService.exe: [Debugger] tasklist.exe
  IFEO\wb.exe: [Debugger] tasklist.exe
  IFEO\YTDownloader.exe: [Debugger] tasklist.exe
  GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear....=20140917-zv-ie
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....&q={searchTerms}
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear....&q={searchTerms}
  HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....=20140917-zv-ie
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear....=20140917-zv-ie
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....=20140917-zv-ie
  HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....&q={searchTerms}
  StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.safesear....140917-zv-ie-sm
  SearchScopes: HKLM - {32BB18DB-8A9B-45FE-8CE7-6BF175535B23} URL = http://search.yahoo....ing}&fr=hp-pvdt
  SearchScopes: HKLM - {3D35BFB4-CB27-4512-B415-BDE7E22DC23D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
  SearchScopes: HKLM - {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/t...&q={searchTerms}
  SearchScopes: HKCU - {32BB18DB-8A9B-45FE-8CE7-6BF175535B23} URL = http://search.yahoo....ing}&fr=hp-pvdt
  SearchScopes: HKCU - {3D35BFB4-CB27-4512-B415-BDE7E22DC23D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
  SearchScopes: HKCU - {525E2836-095A-45AD-9DBB-835F2D64AF62} URL = http://torcho.com/?q...1&v1=addr&r=827
  SearchScopes: HKCU - {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/t...&q={searchTerms}
  SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-atty
  BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
  Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
  Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
  Toolbar: HKCU - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
  C:\Users\Pat\AppData\Roaming\ShopAtHome
  FF NewTab: hxxp://torcho.com/?channel=7777-2081&v1=home
  FF Homepage: hxxp://www.safesear.ch/?type=20140917-zv-ff
  FF NewTab: hxxp://www.safesear.ch/?type=20140917-zv-ff-nt
  FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
  FF Plugin: @TelevisionFanatic.com/Plugin -> C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
  C:\Program Files\TelevisionFanatic
  FF SearchPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\searchplugins\searcharmor.xml
  FF Extension: Plus-HD-V1.9c - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
  FF Extension: videos MediaPlay-Air - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-08-12]
  FF Extension: LLuCkyShOpPer - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
  FF Extension: jid0w1UVmoLd6VGudaIERuRJCPQx1dQjetpack - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack [2014-08-15]
  FF Extension: dieoAl2dealit - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
  FF Extension: c4080853c6994120b8e0618bff8a4474 - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474} [2014-08-25]
  FF Extension: Like - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-04-08]
  FF Extension: Simple - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-04-08]
  FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
  FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
  FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\[email protected] [Not Found]
  FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
  FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.safesear....140917-zv-ff-sm
  CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140917-zv-ch
  CHR RestoreOnStartup: Default -> "hxxp://torcho.com/?channel=7777-2081&v1=home"
  CHR StartupUrls: Default -> "hxxp://www.safesear.ch/?type=20140917-zv-ch"
  CHR DefaultSearchProvider: Default -> Trovi search
  CHR DefaultSearchURL: Default -> http://www.trovi.com...archTerms}=
  CHR DefaultSuggestURL: Default -> http://suggest.secci...ix={searchTerms}
  CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.safesear....140917-zv-ch-sm
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-04-08]
  2014-09-13 09:30 - 2014-09-14 13:11 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
  2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\dowiNloaditKeep
  2014-08-31 23:10 - 2014-09-14 18:36 - 00000000 ____D () C:\ProgramData\dowiNloaditKeep
  2014-09-14 18:35 - 2014-08-12 00:08 - 00000000 ____D () C:\Program Files\videos MediaPlay-Air
  2014-09-14 18:35 - 2014-08-12 00:03 - 00000000 ____D () C:\Program Files\SearchArmor
  C:\Users\Pat\RecipeHub.exe
  2014-09-14 19:54 - 2014-08-12 00:07 - 00000000 ____D () C:\Program Files\HQPureV1.8
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\InprocServer32 -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
  CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
  ProxyServer: http=127.0.0.1:50179;https=127.0.0.1:50179
  2014-09-14 19:47 - 2008-02-24 13:38 - 00000000 ____D () C:\Program Files\AWS
  CHR Extension: (Tab) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-04-08]
  CHR Extension: (Simple) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-04-08]
  CHR Extension: (Like) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf [2014-04-08]
  2014-09-17 10:35 - 2014-09-17 10:35 - 00000000 ____D () C:\Program Files\Simple
  2014-09-17 10:32 - 2014-09-17 10:35 - 00000000 ____D () C:\Program Files\Like
  AlternateDataStreams: C:\Users\Pat\Desktop\Pat July 2009 458.AVI:TOC.WMV
  VerifySignature: C:\Windows\System32\drivers\tcpip.sys
  Folder: C:\ProgramData\19e8f4e397351af7
  Folder: C:\Windows\system32\EventProviders
  CMD: ipconfig /flushdns
  CMD: netsh winsock reset all
  CMD: netsh int ipv4 reset
  CMD: netsh int ipv6 reset
  CMD: bitsadmin /reset /allusers
  Hosts:
  EmptyTemp:
  end

• Click File, Save As and type fixlist.txt as the File Name.
• Important: The file must be saved in the same location as FRST.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST.exe and select Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. If the log is very long, please attach the file to your post. 

======================================================
 
STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Did the programmes uninstall OK in Revo?
• Fixlog.txt
• Update on computer

[kepayne228]

Hi Adam! Okay here is what happened with Revo. Like 1.5 did not have any items in bold. Some of the file path names included NpackdCL and I saw that was a program so I went ahead and uninstalled that. There was an error message (uninstaller failed) during removal of PC Health Boost, but it is no longer on the Revo list. Search Protect had no items in bold. It is also no longer on the Revo list. Shopping Deal had no bold items but it is gone from the list too. Television Fanatic said specified module not found, but it is gone from the list too. There was no Weather Bug on the list. By the time I got to Yahoo toolbar I figured out that I was dealing with the previous things wrong, if there was nothing in bold, I should have selected all and deleted? So there might still be some leftover files here to deal with.

 

Should I have rebooted this computer?

 

Here is the fix log. At the end of this fix, I got a Windows error message that FRST failed and had to shut down. It shut down but produced this log anyway

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Pat at 2014-09-17 15:41:44 Run:3
Running from C:\Users\Pat\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
(ShopAtHome.com) C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(ShopAtHome.com) C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
(Home) C:\Users\Pat\AppData\Local\Search Protect\spro.exe
C:\Users\Pat\AppData\Local\Search Protect
HKLM\...\Run: [] => [X]
HKLM\...\Run: [{04db920b-6fa4-db47-4ffb-55416ab0330d}] => C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe [184876 2014-09-16] ()
HKLM\...\Policies\Explorer\Run: [{04db920b-6fa4-db47-4ffb-55416ab0330d}] => C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe [184876 2014-09-16] ( ())
C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}
HKLM\...\Run: [ShopAtHomeWatcher] => C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [140944 2013-08-20] (ShopAtHome.com)
HKLM\...\Run: [ShopAtHomeUpdater] => C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [179856 2013-08-20] (ShopAtHome.com)
HKLM\...\Run: [TelevisionFanatic EPM Support] => "C:\PROGRA~1\TELEVI~2\bar\1.bin\64medint.exe" T8EPMSUP.DLL,S
HKLM\...\Run: [TelevisionFanatic Home Page Guard 32 bit] => "C:\PROGRA~1\TELEVI~2\bar\1.bin\AppIntegrator.exe"
HKLM\...\Run: [fst_us_203] => [X]
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [GoogleChromeAutoLaunch_E7E74011083E2C909EDA19AC484563C2] => C:\Program Files\Fast Browser\Application\chrome.exe [713728 2014-03-22] (Fast Browser)
C:\Program Files\Fast Browser
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [Search Protect] => C:\Users\Pat\AppData\Local\Search Protect\spro.exe [225792 2014-04-12] (Home)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\MountPoints2: {90bd8020-cf60-11e2-a5ed-001fc6056700} - K:\LaunchU3.exe -a
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\MountPoints2: {fcaa07f4-876a-11e3-88b5-001fc6056700} - K:\LaunchU3.exe -a
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancer.exe: [Debugger] tasklist.exe
IFEO\WajamInternetEnhancerService.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear....=20140917-zv-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear....&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....=20140917-zv-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear....=20140917-zv-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....=20140917-zv-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.safesear....140917-zv-ie-sm
SearchScopes: HKLM - {32BB18DB-8A9B-45FE-8CE7-6BF175535B23} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM - {3D35BFB4-CB27-4512-B415-BDE7E22DC23D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/t...&q={searchTerms}
SearchScopes: HKCU - {32BB18DB-8A9B-45FE-8CE7-6BF175535B23} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {3D35BFB4-CB27-4512-B415-BDE7E22DC23D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {525E2836-095A-45AD-9DBB-835F2D64AF62} URL = http://torcho.com/?q...1&v1=addr&r=827
SearchScopes: HKCU - {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = http://eimg.net/sw/t...&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-atty
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKCU - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
C:\Users\Pat\AppData\Roaming\ShopAtHome
FF NewTab: hxxp://torcho.com/?channel=7777-2081&v1=home
FF Homepage: hxxp://www.safesear.ch/?type=20140917-zv-ff
FF NewTab: hxxp://www.safesear.ch/?type=20140917-zv-ff-nt
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @TelevisionFanatic.com/Plugin -> C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
C:\Program Files\TelevisionFanatic
FF SearchPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\searchplugins\searcharmor.xml
FF Extension: Plus-HD-V1.9c - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: videos MediaPlay-Air - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-08-12]
FF Extension: LLuCkyShOpPer - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: jid0w1UVmoLd6VGudaIERuRJCPQx1dQjetpack - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack [2014-08-15]
FF Extension: dieoAl2dealit - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-09-14]
FF Extension: c4080853c6994120b8e0618bff8a4474 - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474} [2014-08-25]
FF Extension: Like - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-04-08]
FF Extension: Simple - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] [2014-04-08]
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.safesear....140917-zv-ff-sm
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140917-zv-ch
CHR RestoreOnStartup: Default -> "hxxp://torcho.com/?channel=7777-2081&v1=home"
CHR StartupUrls: Default -> "hxxp://www.safesear.ch/?type=20140917-zv-ch"
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> http://www.trovi.com...archTerms}=
CHR DefaultSuggestURL: Default -> http://suggest.secci...ix={searchTerms}
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.safesear....140917-zv-ch-sm
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-04-08]
2014-09-13 09:30 - 2014-09-14 13:11 - 00000000 ____D () C:\ProgramData\ShoppingDealFactory
2014-09-14 13:13 - 2014-09-14 13:13 - 00000000 ____D () C:\Program Files\dowiNloaditKeep
2014-08-31 23:10 - 2014-09-14 18:36 - 00000000 ____D () C:\ProgramData\dowiNloaditKeep
2014-09-14 18:35 - 2014-08-12 00:08 - 00000000 ____D () C:\Program Files\videos MediaPlay-Air
2014-09-14 18:35 - 2014-08-12 00:03 - 00000000 ____D () C:\Program Files\SearchArmor
C:\Users\Pat\RecipeHub.exe
2014-09-14 19:54 - 2014-08-12 00:07 - 00000000 ____D () C:\Program Files\HQPureV1.8
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\InprocServer32 -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
ProxyServer: http=127.0.0.1:50179;https=127.0.0.1:50179
2014-09-14 19:47 - 2008-02-24 13:38 - 00000000 ____D () C:\Program Files\AWS
CHR Extension: (Tab) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-04-08]
CHR Extension: (Simple) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-04-08]
CHR Extension: (Like) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf [2014-04-08]
2014-09-17 10:35 - 2014-09-17 10:35 - 00000000 ____D () C:\Program Files\Simple
2014-09-17 10:32 - 2014-09-17 10:35 - 00000000 ____D () C:\Program Files\Like
AlternateDataStreams: C:\Users\Pat\Desktop\Pat July 2009 458.AVI:TOC.WMV
VerifySignature: C:\Windows\System32\drivers\tcpip.sys
Folder: C:\ProgramData\19e8f4e397351af7
Folder: C:\Windows\system32\EventProviders
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Hosts:
EmptyTemp:
end
*****************

[3760] C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe => Process closed successfully.
[3772] C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe => Process closed successfully.
C:\Users\Pat\AppData\Local\Search Protect\spro.exe => No running process found
C:\Users\Pat\AppData\Local\Search Protect => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\{04db920b-6fa4-db47-4ffb-55416ab0330d} => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{04db920b-6fa4-db47-4ffb-55416ab0330d} => value deleted successfully.

"C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}" directory move:

Could not move "C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}" directory. => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeUpdater => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic EPM Support => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Home Page Guard 32 bit => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_203 => value deleted successfully.
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E7E74011083E2C909EDA19AC484563C2 => Value not found.
"C:\Program Files\Fast Browser" => File/Directory not found.
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protect => Value not found.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90bd8020-cf60-11e2-a5ed-001fc6056700}" => Key deleted successfully.
"HKCR\CLSID\{90bd8020-cf60-11e2-a5ed-001fc6056700}" => Key not found.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcaa07f4-876a-11e3-88b5-001fc6056700}" => Key deleted successfully.
"HKCR\CLSID\{fcaa07f4-876a-11e3-88b5-001fc6056700}" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\apnmcp.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AppIntegrator64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brs.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmng.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngui.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrUI.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DTUpdate.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ExtensionUpdaterService.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HpUI.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IdcLdr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IdcLdr_x64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IMGUpdater.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Loader32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Loader64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\loggingserver.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Lrcnta.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PluginService.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProtectWindowsManager.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SafeFinder.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searcharmor.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\smu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spbiu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srptm.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srpts.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srptsl.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SystemkService.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SystemSockets.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TBNotifier.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TNT2User.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Toolbar.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ToolbarUpdater.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vprot.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerService.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\YTDownloader.exe" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32BB18DB-8A9B-45FE-8CE7-6BF175535B23}" => Key deleted successfully.
"HKCR\CLSID\{32BB18DB-8A9B-45FE-8CE7-6BF175535B23}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D35BFB4-CB27-4512-B415-BDE7E22DC23D}" => Key deleted successfully.
"HKCR\CLSID\{3D35BFB4-CB27-4512-B415-BDE7E22DC23D}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65A95FBF-F5AC-44fa-8112-5C493C4DE412}" => Key deleted successfully.
"HKCR\CLSID\{65A95FBF-F5AC-44fa-8112-5C493C4DE412}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32BB18DB-8A9B-45FE-8CE7-6BF175535B23}" => Key deleted successfully.
"HKCR\CLSID\{32BB18DB-8A9B-45FE-8CE7-6BF175535B23}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D35BFB4-CB27-4512-B415-BDE7E22DC23D}" => Key deleted successfully.
"HKCR\CLSID\{3D35BFB4-CB27-4512-B415-BDE7E22DC23D}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{525E2836-095A-45AD-9DBB-835F2D64AF62}" => Key deleted successfully.
"HKCR\CLSID\{525E2836-095A-45AD-9DBB-835F2D64AF62}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65A95FBF-F5AC-44fa-8112-5C493C4DE412}" => Key deleted successfully.
"HKCR\CLSID\{65A95FBF-F5AC-44fa-8112-5C493C4DE412}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => Key deleted successfully.
"HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" => Key deleted successfully.
"HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => value deleted successfully.
"HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => value deleted successfully.
"HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}" => Key not found.
C:\Users\Pat\AppData\Roaming\ShopAtHome => Moved successfully.
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
Firefox newtab deleted successfully.
Firefox Keyword.URL deleted successfully.
"HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin" => Key deleted successfully.
"C:\Program Files\TelevisionFanatic" => File/Directory not found.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\searchplugins\searcharmor.xml => Moved successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] => Moved successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] => Moved successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] => Moved successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack => Moved successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] => Moved successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474} => Moved successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] => Moved successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{jid1-eFRcA0eiPxecTQ@jetpack} => value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{jid1-vS7biDmom8YxhA@jetpack} => value deleted successfully.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\[email protected] => not found.
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
Chrome HomePage deleted successfully.
Chrome RestoreOnStartup deleted successfully.
Chrome StartupUrls deleted successfully.
CHR DefaultSearchProvider: Default -> Trovi search ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag => Moved successfully.
C:\ProgramData\ShoppingDealFactory => Moved successfully.
C:\Program Files\dowiNloaditKeep => Moved successfully.
C:\ProgramData\dowiNloaditKeep => Moved successfully.
"C:\Program Files\videos MediaPlay-Air" => File/Directory not found.
"C:\Program Files\SearchArmor" => File/Directory not found.
C:\Users\Pat\RecipeHub.exe => Moved successfully.
"C:\Program Files\HQPureV1.8" => File/Directory not found.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
"HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Program Files\AWS => Moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji => Moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj => Moved successfully.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf => Moved successfully.
C:\Program Files\Simple => Moved successfully.
C:\Program Files\Like => Moved successfully.
C:\Users\Pat\Desktop\Pat July 2009 458.AVI => ":TOC.WMV" ADS removed successfully.
"C:\Windows\System32\drivers\tcpip.sys" => File is digitaly signed.

========================= Folder: C:\ProgramData\19e8f4e397351af7 ========================

2014-09-14 13:13 - 2014-09-14 13:13 - 0002518 _____ () C:\ProgramData\19e8f4e397351af7\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}.20140914131332
2014-09-14 13:13 - 2014-09-14 13:13 - 0002518 _____ () C:\ProgramData\19e8f4e397351af7\{6C998B44-82D8-CC7E-D847-4CD73036412A}.20140914131320
2014-09-14 13:13 - 2014-09-14 13:13 - 0002636 _____ () C:\ProgramData\19e8f4e397351af7\{7223EDAC-E091-B3C1-BD91-B66CE557800F}.20140914131327
2014-09-14 13:13 - 2014-09-14 13:13 - 0002486 _____ () C:\ProgramData\19e8f4e397351af7\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}.20140914131347
2014-08-12 00:04 - 2014-08-12 00:04 - 0058652 _____ () C:\ProgramData\19e8f4e397351af7\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140812000444
2014-09-14 13:21 - 2014-09-14 13:21 - 0002210 _____ () C:\ProgramData\19e8f4e397351af7\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140914132109
2014-09-14 13:13 - 2014-09-14 13:13 - 0002486 _____ () C:\ProgramData\19e8f4e397351af7\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}.20140914131351
2014-09-13 09:37 - 2014-09-13 09:37 - 0000517 _____ () C:\ProgramData\19e8f4e397351af7\0f839359446eec4c776facf00358490b.ini
2014-09-13 13:51 - 2014-09-13 13:51 - 0000353 _____ () C:\ProgramData\19e8f4e397351af7\1878c1afe37a6843776facf00358490b.ini
2014-08-31 23:10 - 2014-08-31 23:10 - 0000516 _____ () C:\ProgramData\19e8f4e397351af7\242c2fd4536773fa776facf00358490b.ini
2014-08-25 02:30 - 2014-08-25 02:30 - 0000509 _____ () C:\ProgramData\19e8f4e397351af7\2a0b23fa8d6e74d4776facf00358490b.ini
2014-08-31 23:10 - 2014-08-31 23:10 - 0000344 _____ () C:\ProgramData\19e8f4e397351af7\3ed03cfb56800283776facf00358490b.ini
2014-08-25 02:29 - 2014-08-25 02:29 - 0000353 _____ () C:\ProgramData\19e8f4e397351af7\465f8e59c1c2d774776facf00358490b.ini
2014-09-13 13:50 - 2014-09-13 13:50 - 0000356 _____ () C:\ProgramData\19e8f4e397351af7\5175a0130ed5b449776facf00358490b.ini
2014-08-25 17:30 - 2014-08-25 17:30 - 0000350 _____ () C:\ProgramData\19e8f4e397351af7\60b6132765a7b0ab776facf00358490b.ini
2014-09-13 09:37 - 2014-09-13 09:37 - 0000341 _____ () C:\ProgramData\19e8f4e397351af7\8452e691c1478e9a776facf00358490b.ini
2014-09-13 13:50 - 2014-09-13 13:50 - 0000506 _____ () C:\ProgramData\19e8f4e397351af7\88ca0666a8bc42bc776facf00358490b.ini
2014-08-25 01:11 - 2014-08-25 01:11 - 0000345 _____ () C:\ProgramData\19e8f4e397351af7\8c84dcdc46445dd6776facf00358490b.ini
2014-09-13 09:38 - 2014-09-13 09:38 - 0000360 _____ () C:\ProgramData\19e8f4e397351af7\a4972f3d267d7857776facf00358490b.ini
2014-08-25 17:29 - 2014-08-25 17:29 - 0000517 _____ () C:\ProgramData\19e8f4e397351af7\c639ec01ae8d99a9776facf00358490b.ini
2014-08-31 22:50 - 2014-08-31 22:50 - 0000357 _____ () C:\ProgramData\19e8f4e397351af7\c6fe71eb0df19321776facf00358490b.ini
2014-08-25 01:30 - 2014-08-25 01:30 - 0000358 _____ () C:\ProgramData\19e8f4e397351af7\d08d3ab0b9962d8d776facf00358490b.ini
2014-08-31 23:10 - 2014-08-31 23:10 - 0000349 _____ () C:\ProgramData\19e8f4e397351af7\e7a261f5c12d8405776facf00358490b.ini
2014-08-25 17:30 - 2014-08-25 17:30 - 0000348 _____ () C:\ProgramData\19e8f4e397351af7\f392fc60cfeefae4776facf00358490b.ini

====== End of Folder: ======

========================= Folder: C:\Windows\system32\EventProviders ========================

2014-09-13 09:23 - 2014-09-13 09:23 - 0013312 _____ (Microsoft Corporation) C:\Windows\system32\EventProviders\spcmsg.dll
2014-09-13 09:23 - 2014-09-13 09:23 - 0000000 ____D () C:\Windows\system32\EventProviders\de-de
2014-09-13 09:23 - 2014-09-13 09:23 - 0006144 _____ (Microsoft Corporation) C:\Windows\system32\EventProviders\de-de\spcmsg.dll.mui
2014-09-13 09:23 - 2014-09-13 09:23 - 0000000 ____D () C:\Windows\system32\EventProviders\en-us
2014-09-13 09:23 - 2014-09-13 09:23 - 0005632 _____ (Microsoft Corporation) C:\Windows\system32\EventProviders\en-us\spcmsg.dll.mui
2014-09-13 09:23 - 2014-09-13 09:23 - 0000000 ____D () C:\Windows\system32\EventProviders\es-es
2014-09-13 09:23 - 2014-09-13 09:23 - 0006144 _____ (Microsoft Corporation) C:\Windows\system32\EventProviders\es-es\spcmsg.dll.mui
2014-09-13 09:23 - 2014-09-13 09:23 - 0000000 ____D () C:\Windows\system32\EventProviders\fr-fr
2014-09-13 09:23 - 2014-09-13 09:23 - 0006144 _____ (Microsoft Corporation) C:\Windows\system32\EventProviders\fr-fr\spcmsg.dll.mui
2014-09-13 09:23 - 2014-09-13 09:23 - 0000000 ____D () C:\Windows\system32\EventProviders\ja-jp
2014-09-13 09:23 - 2014-09-13 09:23 - 0005120 _____ (Microsoft Corporation) C:\Windows\system32\EventProviders\ja-jp\spcmsg.dll.mui

====== End of Folder: ======

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
A reboot is required to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Echo Request, OK!
A reboot is required to complete this action.

========= End of CMD: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

Unable to cancel {26AC9E45-EA74-45A7-9F67-80319F52AF4C}.
{474CBF19-8A2A-499C-BFE7-3C1B31213A9B} canceled.
{CF54D6FB-020C-4CCB-AB85-1C24DF755EE0} canceled.
2 out of 3 jobs canceled.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-17 15:52:53)<=

==> ATTENTION: System is not rebooted.
"C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe" => File could not move.
"C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}" => Directory could not move.

==== End of Fixlog ====