1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved more info from an active IE thread

Discussion in 'Malware and Virus Removal Archive' started by XP dummy, 2014/12/18.

  1. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    It's going to be a little while before I can get back to this, but I'm curious as to what's going on. Has anything questionable turned up in any of the previous scans? And do you suspect that my computer is still infected with something, or are you having me run all of these scans just to make sure? Thanks.
     
  2. 2014/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We had some adware removed so far but we have to keep checking.
     

  3. to hide this advert.

  4. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    Aha. Thanks
     
  5. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    # AdwCleaner v4.106 - Report created 21/12/2014 at 14:57:25
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-21.4 [Live]
    # Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # Username : Frank & Penny - HOME-PC
    # Running from : C:\Users\Frank & Penny\Desktop\adwcleaner_4.106.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    [!] Folder Deleted : C:\ProgramData\~0
    [!] Folder Deleted : C:\ProgramData\Trymedia
    [!] Folder Deleted : C:\Program Files (x86)\Conduit
    [!] Folder Deleted : C:\Program Files (x86)\Optimizer Pro
    [!] Folder Deleted : C:\Program Files (x86)\wiseconvert
    [!] Folder Deleted : C:\Users\BRV SECRETARY\AppData\LocalLow\HPAppData
    [!] Folder Deleted : C:\Users\Frank & Penny\AppData\Local\Conduit
    [!] Folder Deleted : C:\Users\Frank & Penny\AppData\LocalLow\Conduit
    [!] Folder Deleted : C:\Users\Frank & Penny\AppData\LocalLow\HPAppData
    [!] Folder Deleted : C:\Users\Frank & Penny\AppData\Roaming\Optimizer Pro
    [!] Folder Deleted : C:\Users\Frank & Penny\Documents\Optimizer Pro
    [!] Folder Deleted : C:\Users\Frank & Penny_2\AppData\LocalLow\AskToolbar
    [!] Folder Deleted : C:\Users\Frank & Penny_2\AppData\LocalLow\HPAppData
    [!] Folder Deleted : C:\Users\lissersgramma\AppData\LocalLow\HPAppData
    [!] Folder Deleted : C:\Users\Penny\AppData\Local\CouponAlert_2p
    [!] Folder Deleted : C:\Users\Penny\AppData\Local\iac
    [!] Folder Deleted : C:\Users\Penny\AppData\LocalLow\AskToolbar
    [!] Folder Deleted : C:\Users\Penny\AppData\LocalLow\HPAppData
    [!] Folder Deleted : C:\Users\Penny\AppData\LocalLow\iac
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
    Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A956D909-6947-427E-BA1B-A310E8C656A6}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A956D909-6947-427E-BA1B-A310E8C656A6}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\ImInstaller
    Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16599


    -\\ Google Chrome v

    [C:\Users\BRV SECRETARY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\BRV SECRETARY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Frank & Penny\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_49_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CzyyByCyCtB0F0F0FtC0EtN0D0Tzu0SzyyEyCtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0B0BtBtCzytBtGtDtCtC0EtGtB0BtCtDtGzytBzy0DtGyDyE0AyDzyyEtAtDyCtByDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AyB0CtCtDyC0CtGtBzzzytDtGzztAtDtBtG0A0B0EyEtGtAtCzyyC0E0DtAtBzz0F0Azz2Q&cr=2140986605&ir=
    [C:\Users\Frank & Penny_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\Frank & Penny_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\lissersgramma\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\lissersgramma\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [7909 octets] - [21/12/2014 14:55:00]
    AdwCleaner[S0].txt - [7820 octets] - [21/12/2014 14:57:25]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7880 octets] ##########
     
  6. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    Downloaded the JR Tool, and repeated attempts to run it failed. When starting it gets to Registry Backup then displays the message: The system cannot find the path specified. When it gets to Checking Startup: same message. It then gets to Checking Processe, Services, Files, Folder, Registry, then quits.
    Am proceeding to the 3rd tool.
     
  7. 2014/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go ahead with next step.
     
  8. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
    Ran by Frank & Penny (administrator) on HOME-PC on 21-12-2014 15:41:14
    Running from C:\Users\Frank & Penny\Desktop
    Loaded Profile: Frank & Penny (Available profiles: Frank & Penny & Penny & Frank & Penny_2 & BRV SECRETARY & lissersgramma & LogMeInRemoteUser)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
    (Visioneer Inc.) C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
    (Visioneer Inc.) C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3723767702-1992939573-1971129363-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3723767702-1992939573-1971129363-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3723767702-1992939573-1971129363-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-3723767702-1992939573-1971129363-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> {9090374E-E74F-4310-B227-600F3700693C} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
    SearchScopes: HKLM-x32 -> {9090374E-E74F-4310-B227-600F3700693C} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3723767702-1992939573-1971129363-1000 -> {9090374E-E74F-4310-B227-600F3700693C} URL =
    SearchScopes: HKU\S-1-5-21-3723767702-1992939573-1971129363-1000 -> {A956D909-6947-427E-BA1B-A310E8C656A6} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKU\S-1-5-21-3723767702-1992939573-1971129363-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-3723767702-1992939573-1971129363-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20Lost%20in%20Los%20Angeles/Images/armhelper.ocx
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.0.2 -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.0.2 -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @realarcade.com/RAClient -> C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\21\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-01]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: No Name - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-15]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2011-12-13]
    FF HKU\S-1-5-21-3723767702-1992939573-1971129363-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR Profile: C:\Users\Frank & Penny\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Frank & Penny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]
    CHR Extension: (Google Search) - C:\Users\Frank & Penny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]
    CHR Extension: (RealNetworks Downloader Extension) - C:\Users\Frank & Penny\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-11]
    CHR Extension: (Google Wallet) - C:\Users\Frank & Penny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-11]
    CHR Extension: (Gmail) - C:\Users\Frank & Penny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2011-12-02]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-11] (WildTangent)
    R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
    S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
    S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [120640 2009-09-28] (LogMeIn, Inc.)
    S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [57920 2008-08-11] (LogMeIn, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-11-06] (NETGEAR)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
    R2 OneTouch 4.0 Monitor; C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe [131072 2007-11-23] (Visioneer Inc.) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [31408 2011-12-02] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
    S1 Beep; No ImagePath
    R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2008-08-11] (LogMeIn, Inc.)
    S4 LMIRfsClientNP; No ImagePath
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2014-11-28] (CACE Technologies, Inc.)
    S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [55640 2006-09-18] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-19] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
    S1 SydexFDD; system32\drives\sydexfdd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-21 15:41 - 2014-12-21 15:42 - 00017089 _____ () C:\Users\Frank & Penny\Desktop\FRST.txt
    2014-12-21 15:40 - 2014-12-21 15:41 - 00000000 ____D () C:\FRST
    2014-12-21 15:39 - 2014-12-21 15:39 - 02122240 _____ (Farbar) C:\Users\Frank & Penny\Desktop\FRST64.exe
    2014-12-21 15:16 - 2014-12-21 15:16 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-21 15:15 - 2014-12-21 15:15 - 01707646 _____ (Thisisu) C:\Users\Frank & Penny\Desktop\JRT.exe
    2014-12-21 15:04 - 2014-12-21 15:06 - 00000000 ____D () C:\Users\Frank & Penny\Desktop\downloaded adware scan tool
    2014-12-21 14:54 - 2014-12-21 14:57 - 00000000 ____D () C:\AdwCleaner
    2014-12-21 08:00 - 2014-12-21 08:00 - 00017879 _____ () C:\ComboFix.txt
    2014-12-21 07:22 - 2014-12-21 07:22 - 00000000 ____D () C:\Users\Frank & Penny\AppData\Local\CrashDumps
    2014-12-21 07:05 - 2014-12-21 08:00 - 00000000 ____D () C:\Qoobox
    2014-12-21 07:05 - 2014-12-21 08:00 - 00000000 ____D () C:\ComboFix
    2014-12-21 07:05 - 2014-12-21 07:59 - 00000000 ____D () C:\Windows\erdnt
    2014-12-21 07:05 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-12-21 07:05 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-12-21 07:05 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-12-21 07:05 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-12-21 07:05 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-12-21 07:05 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-12-21 07:05 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-12-21 07:05 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-12-21 06:12 - 2014-12-21 06:12 - 05601641 ____R (Swearware) C:\Users\Frank & Penny\Desktop\ComboFix.exe
    2014-12-19 23:38 - 2014-12-20 00:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-19 22:44 - 2014-12-19 22:44 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-12-19 22:44 - 2014-12-19 22:44 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-12-18 22:50 - 2014-12-18 22:50 - 00688992 _____ (Swearware) C:\Users\Frank & Penny\Downloads\dds.com
    2014-12-18 12:48 - 2014-12-21 14:59 - 00182310 _____ () C:\Windows\PFRO.log
    2014-12-18 12:03 - 2014-12-19 23:38 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-18 12:03 - 2014-12-19 23:37 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-18 12:03 - 2014-12-18 12:03 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-18 12:03 - 2014-12-18 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-18 12:03 - 2014-12-18 12:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-18 12:03 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-15 19:51 - 2014-12-15 19:51 - 00000000 ____D () C:\Users\Penny\AppData\Local\{D8C345F4-1E32-4C70-89B7-C40222126833}
    2014-12-15 19:49 - 2014-12-15 19:49 - 00000000 ____D () C:\Users\Penny\AppData\Local\{84A57271-4EEF-4081-B84F-59938405DDE6}
    2014-12-13 19:31 - 2014-12-13 19:31 - 00000000 ____D () C:\Users\Penny\Documents\Emb. club Christmas party 2014
    2014-12-13 19:30 - 2014-12-13 19:30 - 00000000 ____D () C:\Users\Penny\Documents\A.J.'s Birthday gifts, 2014
    2014-12-13 19:29 - 2014-12-13 19:29 - 00000000 ____D () C:\Users\Penny\Documents\A.J.'s Birthday gifts, 2015
    2014-12-13 19:28 - 2014-12-13 19:28 - 00000000 ____D () C:\Users\Penny\Desktop\Frame pics
    2014-12-13 19:19 - 2014-12-13 19:19 - 00000000 ____D () C:\Users\Penny\AppData\Local\{1EE0E65E-0BE2-48D5-AF8A-805DAB2CDFDB}
    2014-12-13 19:18 - 2014-12-13 19:18 - 00000000 ____D () C:\Users\Penny\AppData\Local\{A9A666AC-8D3C-4F6E-8B09-20B8EECCD5F5}
    2014-12-13 19:18 - 2014-12-13 19:18 - 00000000 ____D () C:\Users\Penny\AppData\Local\{4D8F1B97-728E-4EAB-8259-245A2425F250}
    2014-12-13 15:53 - 2014-12-13 15:53 - 00001797 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
    2014-12-11 15:21 - 2014-12-11 15:21 - 00000000 ____D () C:\Users\Penny\Desktop\SWAK_hse_PumpkinFace8App_4x4
    2014-12-11 15:20 - 2014-12-11 15:20 - 00025412 _____ () C:\Users\Penny\Desktop\SWAK_hse_PumpkinFace8App_4x4.zip
    2014-12-10 09:57 - 2014-11-06 19:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 09:57 - 2014-11-06 19:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-10 09:57 - 2014-11-03 18:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-10 09:57 - 2014-11-03 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-10 09:56 - 2014-12-02 20:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-12-10 09:56 - 2014-12-02 19:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-12-10 09:55 - 2014-11-24 16:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-10 09:55 - 2014-11-24 15:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-12-10 09:55 - 2014-11-24 15:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-10 09:55 - 2014-11-24 15:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-10 09:55 - 2014-11-24 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-10 09:55 - 2014-11-24 15:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-10 09:55 - 2014-11-24 15:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-10 09:55 - 2014-11-24 15:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-12-10 09:55 - 2014-11-24 15:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-10 09:55 - 2014-11-24 15:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-10 09:55 - 2014-11-24 15:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-12-10 09:55 - 2014-11-24 15:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-10 09:55 - 2014-11-24 15:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-10 09:55 - 2014-11-24 15:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-10 09:55 - 2014-11-24 15:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-10 09:55 - 2014-11-24 15:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-10 09:55 - 2014-11-24 15:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-12-10 09:55 - 2014-11-24 15:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-12-10 09:55 - 2014-11-24 15:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-10 09:55 - 2014-11-24 15:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-10 09:55 - 2014-11-24 15:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-12-10 09:55 - 2014-11-24 15:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-10 09:55 - 2014-11-24 14:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-12-10 09:55 - 2014-11-24 14:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-10 09:55 - 2014-11-24 14:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-10 09:55 - 2014-11-24 14:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-10 09:55 - 2014-11-24 14:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-10 09:55 - 2014-11-24 14:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-10 09:55 - 2014-11-24 14:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-10 09:55 - 2014-11-24 14:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-12-10 09:55 - 2014-11-24 14:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-10 09:55 - 2014-11-24 14:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-12-10 09:55 - 2014-11-24 14:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-10 09:55 - 2014-11-24 14:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-10 09:55 - 2014-11-24 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-10 09:55 - 2014-11-24 14:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-10 09:55 - 2014-11-24 14:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-12-10 09:55 - 2014-11-24 14:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-10 09:55 - 2014-11-24 14:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-10 09:55 - 2014-11-24 14:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-10 09:55 - 2014-11-24 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-10 09:55 - 2014-11-24 14:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-10 09:55 - 2014-11-24 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-12-10 09:55 - 2014-11-24 14:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-12-09 07:54 - 2014-12-09 07:54 - 00000251 _____ () C:\Users\Frank & Penny\Desktop\HP Parts Store - HP Computer Parts - HP Printer Parts - Compaq Parts.url
    2014-12-08 11:24 - 2014-12-08 11:24 - 00171226 ____N () C:\Windows\hpoins49.dat.temp
    2014-12-08 11:24 - 2010-04-23 17:34 - 00001241 ____N () C:\Windows\hpomdl49.dat.temp
    2014-12-05 14:54 - 2014-12-05 14:54 - 00069120 _____ () C:\Users\BRV SECRETARY\Documents\Christmas 2014.wps
    2014-12-01 21:05 - 2014-12-01 21:05 - 00066727 _____ () C:\Users\Penny\Desktop\NY122.PES
    2014-12-01 21:04 - 2014-12-01 21:04 - 00238627 _____ () C:\Users\Penny\Desktop\AN107.PES
    2014-12-01 21:04 - 2014-12-01 21:04 - 00123293 _____ () C:\Users\Penny\Desktop\AICHE109.PES
    2014-12-01 21:03 - 2014-12-01 21:03 - 00107119 _____ () C:\Users\Penny\Desktop\BAKE113.PES
    2014-12-01 21:03 - 2014-12-01 21:03 - 00091912 _____ () C:\Users\Penny\Desktop\AIMBB16.PES
    2014-12-01 21:01 - 2014-12-01 21:01 - 00053992 _____ () C:\Users\Penny\Desktop\AICHE115.PES
    2014-12-01 21:01 - 2014-12-01 21:01 - 00046219 _____ () C:\Users\Penny\Desktop\BAKE108.PES
    2014-12-01 21:00 - 2014-12-01 21:00 - 00067437 _____ () C:\Users\Penny\Desktop\BAKE110.PES
    2014-12-01 20:58 - 2014-12-01 20:58 - 00100517 _____ () C:\Users\Penny\Desktop\AIMBB17.PES
    2014-11-30 12:48 - 2014-11-30 12:48 - 00000000 ____D () C:\Users\Penny\AppData\Local\{44633A44-9E86-49C2-91BA-CFBE51FD550E}
    2014-11-29 15:25 - 2014-12-13 19:29 - 00000000 ____D () C:\Users\Penny\Desktop\A.J.'s Birthday gifts, 2014
    2014-11-29 15:09 - 2014-12-13 19:29 - 00000000 ____D () C:\Users\Penny\Desktop\Emb. Christmas 2015
    2014-11-29 15:01 - 2014-11-29 15:01 - 00000000 ____D () C:\Users\Penny\AppData\Local\{8F7C955C-E8B1-4544-9B79-50D86E2D2093}
    2014-11-28 16:18 - 2014-11-28 16:18 - 00000000 ____D () C:\Users\Penny\Documents\Calendar pics 2015
    2014-11-28 09:02 - 2014-12-08 07:05 - 00000000 ____D () C:\Users\Frank & Penny\AppData\Local\NETGEARGenie
    2014-11-28 07:39 - 2014-11-28 07:39 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
    2014-11-28 07:39 - 2014-11-28 07:39 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
    2014-11-28 07:39 - 2014-11-28 07:39 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
    2014-11-28 07:39 - 2014-11-28 07:39 - 00001859 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
    2014-11-28 07:39 - 2014-11-28 07:39 - 00001847 _____ () C:\Users\Public\Desktop\NETGEAR Genie.lnk
    2014-11-28 07:38 - 2014-11-28 07:38 - 00000000 ____D () C:\Program Files (x86)\NETGEAR Genie
    2014-11-27 09:45 - 2014-11-27 09:45 - 00000000 ____D () C:\Users\Penny\AppData\Local\{7C82EF03-1168-47FD-A1FA-DBC45DF9B579}
    2014-11-25 14:03 - 2014-11-25 14:03 - 00000000 ____D () C:\Users\Penny\AppData\Local\{14B09D47-8EEA-48DA-939A-E1703B49EB39}
    2014-11-23 20:52 - 2014-11-23 20:52 - 00058206 _____ () C:\Users\Penny\Desktop\I love bingo.PES
    2014-11-23 15:02 - 2014-11-23 15:51 - 00010854 _____ () C:\Users\Penny\Desktop\Tera Li Se'.PES
    2014-11-23 14:50 - 2014-11-23 14:55 - 00008995 _____ () C:\Users\Penny\169A9C40.PES
    2014-11-23 13:44 - 2014-11-23 13:44 - 00057298 _____ () C:\Users\Penny\Desktop\Stylin' stack.PES
    2014-11-22 18:22 - 2014-11-22 18:22 - 00000000 ____D () C:\Users\Penny\AppData\Local\{4515A5C2-FE2B-4F03-8CC3-368132202F91}
    2014-11-22 18:18 - 2014-11-22 18:18 - 00000000 ____D () C:\Users\Penny\AppData\Local\{F10AD323-067D-47F6-AFF3-1FE425B5FE79}
    2014-11-21 13:20 - 2014-11-21 13:21 - 00000000 ____D () C:\Users\Penny\Desktop\Coffee

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-21 15:37 - 2013-09-28 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-21 15:06 - 2006-11-02 06:46 - 00815756 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-21 15:05 - 2013-08-11 20:34 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3723767702-1992939573-1971129363-1001UA.job
    2014-12-21 15:05 - 2009-06-10 20:46 - 01386071 _____ () C:\Windows\WindowsUpdate.log
    2014-12-21 14:59 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-21 14:59 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-21 14:59 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-21 14:58 - 2006-11-02 09:42 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-12-21 12:39 - 2009-04-27 23:26 - 00000000 ____D () C:\ProgramData\Temp
    2014-12-21 10:06 - 2013-08-11 20:34 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3723767702-1992939573-1971129363-1001Core.job
    2014-12-21 09:10 - 2009-08-03 20:33 - 00000000 ____D () C:\Users\Frank & Penny\AppData\Roaming\Simple Sudoku
    2014-12-21 08:32 - 2009-08-04 14:54 - 00012520 _____ () C:\Users\Frank & Penny\AppData\Roaming\wklnhst.dat
    2014-12-21 08:00 - 2011-08-13 04:37 - 00000000 ____D () C:\Users\FRANK
    2014-12-21 08:00 - 2006-11-02 07:33 - 00000000 __RHD () C:\Users\Default
    2014-12-21 07:53 - 2006-11-02 06:34 - 00000215 _____ () C:\Windows\system.ini
    2014-12-21 07:49 - 2006-11-02 06:33 - 79429632 _____ () C:\Windows\system32\config\software.bak
    2014-12-21 07:49 - 2006-11-02 06:33 - 60817408 _____ () C:\Windows\system32\config\components.bak
    2014-12-21 07:49 - 2006-11-02 06:33 - 22806528 _____ () C:\Windows\system32\config\system.bak
    2014-12-21 07:49 - 2006-11-02 06:33 - 00524288 _____ () C:\Windows\system32\config\default.bak
    2014-12-21 07:49 - 2006-11-02 06:33 - 00262144 _____ () C:\Windows\system32\config\security.bak
    2014-12-21 07:49 - 2006-11-02 06:33 - 00262144 _____ () C:\Windows\system32\config\sam.bak
    2014-12-21 03:00 - 2010-07-19 05:04 - 00000314 _____ () C:\Windows\Tasks\Pulse Ambassador Updates.job
    2014-12-19 10:08 - 2011-12-17 09:39 - 00000209 _____ () C:\Users\Penny\Desktop\Log In Facebook.url
    2014-12-18 12:03 - 2013-02-17 14:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-17 15:33 - 2009-08-18 18:22 - 00000000 ____D () C:\Users\Penny\Documents\Mail Attachments
    2014-12-15 10:19 - 2010-12-21 06:31 - 00011775 _____ () C:\ProgramData\hpzinstall.log
    2014-12-15 10:12 - 2014-08-30 05:55 - 00000000 ____D () C:\Users\Frank & Penny\AppData\Local\Adobe
    2014-12-15 10:12 - 2013-09-28 14:25 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-15 10:12 - 2012-04-07 06:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-15 10:12 - 2011-05-19 20:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-13 15:53 - 2010-12-21 06:30 - 00000000 ____D () C:\ProgramData\HP
    2014-12-13 15:53 - 2009-04-27 23:41 - 00000000 ____D () C:\Program Files (x86)\HP
    2014-12-12 15:41 - 2013-05-13 14:00 - 00000000 ____D () C:\Users\Penny\Desktop\Embroidered projects
    2014-12-12 15:06 - 2011-08-30 11:10 - 00020763 _____ () C:\Users\Penny\Desktop\Pumpkin face.pes
    2014-12-10 14:58 - 2009-07-31 18:18 - 00296816 _____ () C:\Users\Frank & Penny_2\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-10 10:28 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\rescache
    2014-12-10 10:12 - 2006-11-02 09:21 - 00884704 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-12-10 10:08 - 2013-07-17 19:55 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-10 09:58 - 2006-11-02 06:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-12-09 19:40 - 2009-07-31 18:45 - 00296816 _____ () C:\Users\BRV SECRETARY\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-09 14:12 - 2011-02-15 07:49 - 00000000 ____D () C:\Users\Frank & Penny\AppData\Roaming\HpUpdate
    2014-12-08 12:33 - 2009-07-30 21:57 - 00296816 _____ () C:\Users\Penny\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-08 11:33 - 2011-02-15 07:12 - 00171254 _____ () C:\Windows\hpoins49.dat
    2014-12-08 11:23 - 2009-07-30 18:08 - 00296816 _____ () C:\Users\Frank & Penny\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-08 08:01 - 2009-07-31 18:18 - 00000000 ____D () C:\Users\Frank & Penny_2
    2014-12-08 07:07 - 2006-11-02 07:34 - 00000000 ____D () C:\Windows\system32\Msdtc
    2014-12-08 07:06 - 2009-08-02 11:16 - 00000000 ____D () C:\Users\lissersgramma
    2014-12-08 07:06 - 2009-07-31 18:45 - 00000000 ____D () C:\Users\BRV SECRETARY
    2014-12-08 07:06 - 2009-07-30 21:57 - 00000000 ____D () C:\Users\Penny
    2014-12-08 07:06 - 2009-07-30 18:01 - 00000000 ____D () C:\Users\Frank & Penny
    2014-12-08 07:06 - 2006-11-02 06:33 - 79429632 _____ () C:\Windows\system32\config\software_previous
    2014-12-08 07:06 - 2006-11-02 06:33 - 60555264 _____ () C:\Windows\system32\config\components_previous
    2014-12-08 07:06 - 2006-11-02 06:33 - 22806528 _____ () C:\Windows\system32\config\system_previous
    2014-12-08 07:06 - 2006-11-02 06:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
    2014-12-08 07:06 - 2006-11-02 06:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
    2014-12-08 07:06 - 2006-11-02 06:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
    2014-12-08 07:05 - 2011-02-15 07:43 - 00000000 ____D () C:\ProgramData\HP Product Assistant
    2014-12-08 07:05 - 2009-04-27 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-12-08 07:05 - 2006-11-02 07:34 - 00000000 ____D () C:\Windows\system32\spool
    2014-12-08 07:05 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\registration
    2014-12-06 20:49 - 2009-07-30 18:19 - 00000000 ____D () C:\Users\Frank & Penny\AppData\Local\Hewlett-Packard
    2014-12-06 15:07 - 2009-09-24 15:00 - 00014970 _____ () C:\Users\Penny\AppData\Roaming\wklnhst.dat
    2014-12-05 18:39 - 2011-02-15 17:21 - 00000000 ____D () C:\Users\Penny\AppData\Roaming\HpUpdate
    2014-12-05 14:54 - 2009-08-04 19:35 - 00001232 _____ () C:\Users\BRV SECRETARY\AppData\Roaming\wklnhst.dat
    2014-11-29 08:23 - 2013-02-21 09:31 - 00000772 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-11-29 08:22 - 2013-02-21 09:31 - 00000000 ____D () C:\Program Files\CCleaner
    2014-11-28 16:19 - 2013-06-23 17:53 - 00000000 ____D () C:\Users\Penny\Desktop\Birtday pics
    2014-11-22 18:18 - 2013-11-11 20:01 - 00000000 ____D () C:\Users\Penny\Documents\50''s Girls Halloween 2013
    2014-11-21 06:14 - 2013-02-17 14:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

    Some content of TEMP:
    ====================
    C:\Users\Frank & Penny\AppData\Local\temp\Quarantine.exe
    C:\Users\Frank & Penny\AppData\Local\temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-21 15:08

    ==================== End Of Log ============================
     
  9. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    part 1


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014 01
    Ran by Frank & Penny at 2014-12-21 15:42:50
    Running from C:\Users\Frank & Penny\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    100% Hidden Objects (HKLM-x32\...\BFG-100 Percent Hidden Objects) (Version: - )
    1912: Titanic Mystery (HKLM-x32\...\BFG-1912 - Titanic Mystery) (Version: - )
    5 Spots (HKLM-x32\...\BFG-5 Spots) (Version: - )
    5 Spots II (HKLM-x32\...\BFG-5 Spots II) (Version: - )
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Abra Academy (HKLM-x32\...\BFG-Abra Academy) (Version: - )
    Acrobat.com (HKLM-x32\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
    ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)
    Amazing Adventures Riddle of the Two Knights ™ (HKLM-x32\...\BFG-Amazing Adventures Riddle of the Two Knights) (Version: - )
    Amazing Adventures The Lost Tomb (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Amazing Adventures The Lost Tomb (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Amazing Adventures: Around the World (HKLM-x32\...\BFG-Amazing Adventures - Around the World) (Version: - )
    Amazing Adventures: Riddle of The Two Knights™ (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Amazing Adventures: The Caribbean Secret (HKLM-x32\...\BFG-Amazing Adventures - The Caribbean Secret) (Version: - )
    Amazing Adventures: The Forgotten Dynasty (HKLM-x32\...\BFG-Amazing Adventures - The Forgotten Dynasty) (Version: - )
    Amazing Adventures: The Forgotten Dynasty (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Amazing Adventures: The Lost Tomb (HKLM-x32\...\BFG-Amazing Adventures - The Lost Tomb) (Version: - )
    American Pickers: The Road Less Traveled (HKLM-x32\...\BFG-American Pickers - The Road Less Traveled) (Version: - )
    Antique Road Trip (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Antique Road Trip 2: Homecoming (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Aquascapes (HKLM-x32\...\BFG-Aquascapes) (Version: - )
    ArcSoft Scrapbook Suite (HKLM-x32\...\{F07C8993-B425-4150-BDEA-7FFAC0C25121}) (Version: - )
    Balloon Blast (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Big City Adventure - San Francisco (HKLM-x32\...\BFG-Big City Adventure - San Francisco) (Version: - )
    Big City Adventure: London Classic (HKLM-x32\...\BFG-Big City Adventure - London Classic) (Version: - )
    Big City Adventure: London Story (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Big City Adventure: New York City (HKLM-x32\...\BFG-Big City Adventure - New York City) (Version: - )
    Big City Adventure: Paris (HKLM-x32\...\BFG-Big City Adventure - Paris) (Version: - )
    Big City Adventure: Rio de Janeiro (HKLM-x32\...\BFG-Big City Adventure - Rio de Janeiro) (Version: - )
    Big City Adventure: Sydney, Australia (HKLM-x32\...\BFG-Big City Adventure - Sydney Australia) (Version: - )
    Big City Adventure: Tokyo (HKLM-x32\...\BFG-Big City Adventure - Tokyo) (Version: - )
    Big City Adventure: Vancouver (HKLM-x32\...\BFG-Big City Adventure - Vancouver) (Version: - )
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
    BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    Celtic Lore: Sidhe Hills (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Christmas Wonderland (HKLM-x32\...\BFG-Christmas Wonderland) (Version: - )
    Christmas Wonderland 2 (HKLM-x32\...\BFG-Christmas Wonderland 2) (Version: - )
    Christmas Wonderland 3 (HKLM-x32\...\BFG-Christmas Wonderland 3) (Version: - )
    Christmas Wonderland 4 (HKLM-x32\...\BFG-Christmas Wonderland 4) (Version: - )
    Christmas Wonderland 4 (HKLM-x32\...\fcc5144482d8d371d025483cee258c6a) (Version: - GameHouse)
    Christmasville (HKLM-x32\...\BFG-Christmasville) (Version: - )
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dakota Sizer (HKLM-x32\...\{E9610F61-32E5-493E-A3C4-53B79E6CF11B}) (Version: - )
    Default Manager (x32 Version: 1.0.105.0 - Microsoft Corporation) Hidden
    Design Era 11.01 (HKLM-x32\...\{DCC7B12C-930B-4DC9-A8D1-3A15E31E88DB}) (Version: 11.01 - Sierra Technology Group SA)
    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    Dream Day Honeymoon (HKLM-x32\...\BFG-Dream Day Honeymoon) (Version: - )
    Dream Day True Love (HKLM-x32\...\BFG-Dream Day True Love) (Version: - )
    Dream Day Wedding (HKLM-x32\...\BFG-Dream Day Wedding) (Version: - )
    Dream Day Wedding: Viva Las Vegas (HKLM-x32\...\BFG-Dream Day Wedding - Viva Las Vegas) (Version: - )
    DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
    Dying for Daylight (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Easter Eggztravaganza (HKLM-x32\...\BFG-Easter Eggztravaganza) (Version: - )
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Escape Rosecliff Island (HKLM-x32\...\BFG-Escape Rosecliff Island) (Version: - )
    Escape The Emerald Star (HKLM-x32\...\Escape The Emerald Star) (Version: - Spintop Media, Inc)
    FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
    Film Fatale: Lights, Camera, Madness (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FinePix Studio (HKLM-x32\...\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}) (Version: - )
    FinePixViewer Resource (HKLM-x32\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
    FinePixViewer Ver.5.5 (HKLM-x32\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.5 - FUJIFILM Corporation)
    Flower Shop - Big City Break (HKLM-x32\...\BFG-Flower Shop - Big City Break) (Version: - )
    Found: A Hidden Object Adventure (HKLM-x32\...\BFG-Found - A Hidden Object Adventure) (Version: - )
    GameHouse (HKLM-x32\...\GameHouse) (Version: - )
    Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (HKLM-x32\...\{07A8ED9E-B98E-437F-B750-241B412BE924}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
    Gold Rush - Treasure Hunt (x32 Version: 2.2.0.65 - WildTangent) Hidden
    Gotcha - Celebrity Secrets (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    Halloween: The Pirate's Curse (HKLM-x32\...\BFG-Halloween - The Pirate's Curse) (Version: - )
    Halloween: Trick or Treat (HKLM-x32\...\BFG-Halloween - Trick or Treat) (Version: - )
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5144.16 - PC-Doctor, Inc.)
    Hawaiian Explorer - Pearl Harbor (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hawaiian Explorer 2: Lost Island (HKLM-x32\...\BFG-Hawaiian Explorer 2 - Lost Island) (Version: - )
    Hidden Expedition &reg; - Devil's Triangle (HKLM-x32\...\BFG-Hidden Expedition - Devils Triangle) (Version: - )
    Hidden Expedition &reg;: Amazon (HKLM-x32\...\BFG-Hidden Expedition - Amazon) (Version: - )
    Hidden Expedition &reg;: Everest (HKLM-x32\...\BFG-Hidden Expedition - Everest) (Version: - )
    Hidden Expedition &reg;: Titanic (HKLM-x32\...\BFG-Hidden Expedition - Titanic) (Version: - )
    Hidden Mysteries&reg;: Return to Titanic (HKLM-x32\...\BFG-Hidden Mysteries - Return to Titanic) (Version: - )
    Hide and Secret (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
    HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
    HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
    HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
    HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    I SPY Mystery (x32 Version: 2.2.0.97 - WildTangent) Hidden
    I SPY Treasure Hunt (x32 Version: 2.2.0.97 - WildTangent) Hidden
    I SPY: Treasure Hunt (HKLM-x32\...\BFG-I SPY - Treasure Hunt) (Version: - )
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
    IncrediMail (x32 Version: 6.2.5.4824 - IncrediMail) Hidden
    IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.2.5.4824 - IncrediMail Ltd.)
    Inspector Magnusson - Murder on the Titanic (HKLM-x32\...\7159e7673cb77bbf69f14ffdc7e324c4) (Version: - GameHouse)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    LogMeIn (HKLM-x32\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)
    Lost Souls 2: Enchanted Paintings Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
    Mah Jong Medley (HKLM-x32\...\Mah Jong Medley) (Version: - Spintop Media, Inc)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Manor Memoirs Collector's Edition (HKLM-x32\...\BFG-Manor Memoirs Collectors Edition) (Version: - )
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft IntelliPoint 7.0 (HKLM\...\{C74A84EC-7C5F-4C36-A4A6-381E516D643B}) (Version: 7.0.260.0 - Microsoft)
    Microsoft IntelliType Pro 7.0 (HKLM\...\{850C7AF6-7376-464D-A69C-E8419EC7ACA7}) (Version: 7.0.260.0 - Microsoft)
    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.552.0 - Microsoft Live Search Toolbar)
    Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - )
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Miss Teri Tale: Where's Jason? (x32 Version: 2.2.0.97 - WildTangent) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery Case Files &reg;: Dire Grove ™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version: - )
    Mystery Case Files: Madame Fate &reg; (HKLM-x32\...\BFG-Mystery Case Files - Madame Fate) (Version: - )
    Mystery Case Files: Prime Suspects ™ (HKLM-x32\...\BFG-Mystery Case Files - Prime Suspects) (Version: - )
    Mystery of Shark Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Mystery P.I. - Lost in Los Angeles (x32 Version: 2.2.0.65 - WildTangent) Hidden
    Mystery P.I. - Special Edition Bundle 2 (HKLM-x32\...\Mystery P.I. - Special Edition Bundle 2) (Version: - Spintop Media, Inc)
    Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\Mystery P.I. - Stolen in San Francisco) (Version: - Spintop Media, Inc)
    Mystery P.I.: The London Caper (HKLM-x32\...\BFG-Mystery P.I. - The London Caper) (Version: - )
    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
    Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    OneTouch 4.0 (HKLM\...\{BCDA28CF-BDE3-49BE-AB50-87FD47CA4559}) (Version: 4.1.0 - Visioneer)
    Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    Paparazzi (HKLM-x32\...\BFG-Paparazzi) (Version: - )
    Paparazzi (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PayPal Plug-In (x32 Version: 2.2.3.0 - PayPal) Hidden
    Peggle(TM) Deluxe (HKLM-x32\...\am-peggletmdeluxe) (Version: - )
    PhotoMail Maker (x32 Version: 6.0.0.1007 - IncrediMail) Hidden
    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
    PrintMaster Platinum 18 (HKLM-x32\...\{EBD9A954-6C1A-4E9F-A098-C98653035381}) (Version: 18.00.0000 - Broderbund Software)
    Private Eye (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Private Eye: Greatest Unsolved Mysteries (HKLM-x32\...\BFG-Private Eye - Greatest Unsolved Mysteries) (Version: - )
    PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
    Pulse Ambassador (HKLM-x32\...\Pulse Ambassador) (Version: 13.1.4155 - Pulse Microsystems Ltd.)
    Pulse Ambassador (x32 Version: 13.1.4155 - Pulse Microsystems Ltd.) Hidden
    Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
    Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
    QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
    QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
    RealArcade (HKLM-x32\...\RealArcade) (Version: - )
    RealDownloader (HKLM-x32\...\{8A168327-7618-4266-8990-568092659FA3}) (Version: 1.0.2 - RealNetworks, Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    ScanSoft PaperPort 11 (HKLM-x32\...\{0AB8248A-BCC4-4B46-9A8A-1B5FBBDB8278}) (Version: 11.1.0000 - Nuance Communications, Inc.)
    Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
    Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
    Simple Sudoku 4.2 (HKLM-x32\...\Simple Sudoku_is1) (Version: - )
    SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
    Snapshot Adventures (x32 Version: 2.2.0.95 - WildTangent) Hidden
    SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
    SpongeBob Obstacle Odyssey 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    SpongeBob Typing (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
    Stitch Era Universal (HKLM-x32\...\{117221E4-6B20-4595-BCF8-286468364B57}) (Version: 11.21 - Sierra Technology Group SA)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
    The Fool (x32 Version: 2.2.0.98 - WildTangent) Hidden
    The Hidden Object Show Combo Pack (HKLM-x32\...\BFG-The Hidden Object Show Combo Pack) (Version: - )
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Visual Stitch & Print (HKLM-x32\...\{B8634325-F0C2-4B5B-80DB-C1D01AD6F7E8}) (Version: - )
    WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
    Where's Waldo The Fantastic Journey (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    07-12-2014 19:55:18 Windows Update
    08-12-2014 06:59:29 Restore Operation
    08-12-2014 07:19:54 Windows Backup
    08-12-2014 07:47:11 Windows Update
    08-12-2014 11:17:27 Installed HP Support Solutions Framework
    09-12-2014 00:00:05 Scheduled Checkpoint
    09-12-2014 01:00:04 Windows Backup
    10-12-2014 00:00:06 Scheduled Checkpoint
    10-12-2014 01:00:06 Windows Backup
    10-12-2014 09:55:40 Windows Update
    10-12-2014 23:41:25 Scheduled Checkpoint
    11-12-2014 01:00:06 Windows Backup
    12-12-2014 00:00:06 Scheduled Checkpoint
    12-12-2014 01:00:04 Windows Backup
    13-12-2014 00:00:06 Scheduled Checkpoint
    13-12-2014 01:00:11 Windows Backup
    13-12-2014 13:39:41 Scheduled Checkpoint
    14-12-2014 01:00:07 Windows Backup
    14-12-2014 03:07:38 Windows Update
    15-12-2014 08:36:28 Windows Backup
    16-12-2014 00:00:05 Scheduled Checkpoint
    16-12-2014 01:00:06 Windows Backup
    17-12-2014 00:00:06 Scheduled Checkpoint
    17-12-2014 01:00:07 Windows Backup
    17-12-2014 10:32:05 Windows Update
    18-12-2014 00:00:06 Scheduled Checkpoint
    18-12-2014 01:00:04 Windows Backup
    18-12-2014 11:57:04 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.70.0.1100
    19-12-2014 00:27:41 Scheduled Checkpoint
    19-12-2014 01:00:06 Windows Backup
    19-12-2014 23:30:27 pre MBAR
    20-12-2014 01:02:02 Windows Backup
    21-12-2014 00:03:32 Scheduled Checkpoint
    21-12-2014 01:00:04 Windows Backup
    21-12-2014 01:11:18 Windows Update
    21-12-2014 06:15:32 pre combofix

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 06:34 - 2014-12-21 07:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00D03EDD-E456-418B-8EBA-CCD1E27A42AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
    Task: {1A531BF9-0144-48F6-A457-93E410210767} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3205EC32-BCFD-4695-AE85-1A2812AD593A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
    Task: {345AE9E6-7AAB-4720-B61B-52448388743B} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-06-01] (Microsoft Corporation)
    Task: {347FA536-9CA0-4DF4-BB2D-46C2979F7BDF} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - BRV SECRETARY => C:\Program Files\Windows Calendar\wincal.exe [2008-01-20] (Microsoft Corporation)
    Task: {523C627B-C8D5-4AFB-9219-53F23B71AC37} - System32\Tasks\Vista Task Low => C:\Program Files (x86)\RealArcade\RealArcade.exe [2009-09-09] ()
    Task: {5F53C540-E81D-410C-98F4-5591FA437077} - System32\Tasks\Pulse Ambassador Updates => C:\Windows\Installer\Pulse Ambassador Updates for All Users.lnk [2011-04-11] ()
    Task: {6B3A7282-A044-49BA-8BF7-056B7844B591} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2009-06-01] (Microsoft Corporation)
    Task: {BC77EE6D-D0D7-44FE-94C3-1FF46276EB5F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3723767702-1992939573-1971129363-1001UA => C:\Users\Penny\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-11] (Google Inc.)
    Task: {C1960A99-4E37-4158-9F0F-6D5ACC8FAC3D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3723767702-1992939573-1971129363-1001Core => C:\Users\Penny\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-11] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3723767702-1992939573-1971129363-1001Core.job => C:\Users\Penny\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3723767702-1992939573-1971129363-1001UA.job => C:\Users\Penny\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Pulse Ambassador Updates.job
     
  10. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    Part 2


    ==================== Loaded Modules (whitelisted) =============

    2011-12-02 17:24 - 2011-12-02 17:24 - 00031408 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2007-11-23 13:06 - 2007-11-23 13:06 - 00010240 _____ () C:\Program Files\Visioneer\OneTouch 4.0\amd64\ot9420_PS.dll
    2014-11-06 09:28 - 2014-11-06 09:28 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
    2013-09-28 19:14 - 2013-09-28 19:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
    2013-09-28 19:13 - 2013-09-28 19:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
    2013-09-28 19:13 - 2013-09-28 19:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
    2013-09-28 19:14 - 2013-09-28 19:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
    2013-09-28 19:14 - 2013-09-28 19:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
    2013-09-28 19:14 - 2013-09-28 19:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
    2014-11-17 03:46 - 2014-11-17 03:46 - 00639488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
    2014-11-10 03:55 - 2014-11-10 03:55 - 01686016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
    2014-11-05 01:36 - 2014-11-05 01:36 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
    2014-11-05 01:37 - 2014-11-05 01:37 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
    2014-11-14 04:53 - 2014-11-14 04:53 - 06499840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
    2014-06-29 19:55 - 2014-06-29 19:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
    2014-06-29 20:05 - 2014-06-29 20:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
    2014-11-07 03:13 - 2014-11-07 03:13 - 02475520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
    2012-10-15 14:27 - 2012-10-15 14:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
    2012-10-15 14:28 - 2012-10-15 14:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
    2014-11-17 01:00 - 2014-11-17 01:00 - 01056768 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
    2014-09-11 02:39 - 2014-09-11 02:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
    2014-11-05 01:51 - 2014-11-05 01:51 - 01191424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
    2014-11-17 00:21 - 2014-11-17 00:21 - 10374656 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
    2014-11-17 00:18 - 2014-11-17 00:18 - 02496512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
    2014-11-06 03:39 - 2014-11-06 03:39 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
    2014-11-05 01:58 - 2014-11-05 01:58 - 00889344 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
    2014-11-05 02:00 - 2014-11-05 02:00 - 00435712 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
    2013-09-28 19:13 - 2013-09-28 19:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
    2013-09-28 19:13 - 2013-09-28 19:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
    2013-09-28 19:13 - 2013-09-28 19:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
    2013-09-28 19:13 - 2013-09-28 19:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
    2014-06-29 19:55 - 2014-06-29 19:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
    2014-11-03 02:23 - 2014-11-03 02:23 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
    2014-09-04 00:00 - 2014-09-04 00:00 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
    2014-09-04 00:00 - 2014-09-04 00:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
    2014-09-04 00:00 - 2014-09-04 00:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
    2012-10-15 14:28 - 2012-10-15 14:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
    2012-10-15 14:28 - 2012-10-15 14:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
    2012-10-15 14:28 - 2012-10-15 14:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
    2012-10-15 14:28 - 2012-10-15 14:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
    2013-09-28 19:13 - 2013-09-28 19:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
    2014-11-05 01:59 - 2014-11-05 01:59 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
    2014-11-05 02:01 - 2014-11-05 02:01 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
    2014-06-29 20:33 - 2014-06-29 20:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
    2014-09-04 00:00 - 2014-09-04 00:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:04107365
    AlternateDataStreams: C:\ProgramData\Temp:0441DB7A
    AlternateDataStreams: C:\ProgramData\Temp:04FDFCF6
    AlternateDataStreams: C:\ProgramData\Temp:0656FCD2
    AlternateDataStreams: C:\ProgramData\Temp:090FB735
    AlternateDataStreams: C:\ProgramData\Temp:0A74923C
    AlternateDataStreams: C:\ProgramData\Temp:0AC32449
    AlternateDataStreams: C:\ProgramData\Temp:0C5AF2AA
    AlternateDataStreams: C:\ProgramData\Temp:0D317761
    AlternateDataStreams: C:\ProgramData\Temp:0EC3A912
    AlternateDataStreams: C:\ProgramData\Temp:104EF12D
    AlternateDataStreams: C:\ProgramData\Temp:13AA281B
    AlternateDataStreams: C:\ProgramData\Temp:13B137AF
    AlternateDataStreams: C:\ProgramData\Temp:14520962
    AlternateDataStreams: C:\ProgramData\Temp:16ED1DDB
    AlternateDataStreams: C:\ProgramData\Temp:17844542
    AlternateDataStreams: C:\ProgramData\Temp:179D1352
    AlternateDataStreams: C:\ProgramData\Temp:1880E7FA
    AlternateDataStreams: C:\ProgramData\Temp:1E5E0A4D
    AlternateDataStreams: C:\ProgramData\Temp:1FB23746
    AlternateDataStreams: C:\ProgramData\Temp:2032CC2B
    AlternateDataStreams: C:\ProgramData\Temp:2038C8B0
    AlternateDataStreams: C:\ProgramData\Temp:21F1378A
    AlternateDataStreams: C:\ProgramData\Temp:22313216
    AlternateDataStreams: C:\ProgramData\Temp:2361E235
    AlternateDataStreams: C:\ProgramData\Temp:24C89EFC
    AlternateDataStreams: C:\ProgramData\Temp:2636DE16
    AlternateDataStreams: C:\ProgramData\Temp:268A5068
    AlternateDataStreams: C:\ProgramData\Temp:29629382
    AlternateDataStreams: C:\ProgramData\Temp:2A622088
    AlternateDataStreams: C:\ProgramData\Temp:2C2990A3
    AlternateDataStreams: C:\ProgramData\Temp:2C91353A
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:2D7D575C
    AlternateDataStreams: C:\ProgramData\Temp:2FAFBD6A
    AlternateDataStreams: C:\ProgramData\Temp:2FCCEABB
    AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
    AlternateDataStreams: C:\ProgramData\Temp:30D56838
    AlternateDataStreams: C:\ProgramData\Temp:311A2F6A
    AlternateDataStreams: C:\ProgramData\Temp:322D2CD3
    AlternateDataStreams: C:\ProgramData\Temp:331B76C7
    AlternateDataStreams: C:\ProgramData\Temp:3325D6E9
    AlternateDataStreams: C:\ProgramData\Temp:3477DE06
    AlternateDataStreams: C:\ProgramData\Temp:35F7F01D
    AlternateDataStreams: C:\ProgramData\Temp:36115E4B
    AlternateDataStreams: C:\ProgramData\Temp:389F7E97
    AlternateDataStreams: C:\ProgramData\Temp:38B32B54
    AlternateDataStreams: C:\ProgramData\Temp:391535F9
    AlternateDataStreams: C:\ProgramData\Temp:394EB021
    AlternateDataStreams: C:\ProgramData\Temp:3B3A35EC
    AlternateDataStreams: C:\ProgramData\Temp:3C77A608
    AlternateDataStreams: C:\ProgramData\Temp:3F22DA14
    AlternateDataStreams: C:\ProgramData\Temp:426796C0
    AlternateDataStreams: C:\ProgramData\Temp:426D1496
    AlternateDataStreams: C:\ProgramData\Temp:43301D1D
    AlternateDataStreams: C:\ProgramData\Temp:43CFCEB7
    AlternateDataStreams: C:\ProgramData\Temp:481DAC2B
    AlternateDataStreams: C:\ProgramData\Temp:48232F36
    AlternateDataStreams: C:\ProgramData\Temp:4A2D1995
    AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
    AlternateDataStreams: C:\ProgramData\Temp:4B87381C
    AlternateDataStreams: C:\ProgramData\Temp:4C255337
    AlternateDataStreams: C:\ProgramData\Temp:4C2F1C3C
    AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
    AlternateDataStreams: C:\ProgramData\Temp:4D71580D
    AlternateDataStreams: C:\ProgramData\Temp:5311B0B8
    AlternateDataStreams: C:\ProgramData\Temp:548AE60C
    AlternateDataStreams: C:\ProgramData\Temp:54997B77
    AlternateDataStreams: C:\ProgramData\Temp:56EE2CAF
    AlternateDataStreams: C:\ProgramData\Temp:5856B2C0
    AlternateDataStreams: C:\ProgramData\Temp:5A99DEB7
    AlternateDataStreams: C:\ProgramData\Temp:5BC73C48
    AlternateDataStreams: C:\ProgramData\Temp:5F95AE81
    AlternateDataStreams: C:\ProgramData\Temp:618BF152
    AlternateDataStreams: C:\ProgramData\Temp:61B54B15
    AlternateDataStreams: C:\ProgramData\Temp:623E564B
    AlternateDataStreams: C:\ProgramData\Temp:63C7DF25
    AlternateDataStreams: C:\ProgramData\Temp:63CFD724
    AlternateDataStreams: C:\ProgramData\Temp:6401C7FF
    AlternateDataStreams: C:\ProgramData\Temp:6622852D
    AlternateDataStreams: C:\ProgramData\Temp:6815EF21
    AlternateDataStreams: C:\ProgramData\Temp:68DA8CC0
    AlternateDataStreams: C:\ProgramData\Temp:699492AA
    AlternateDataStreams: C:\ProgramData\Temp:69B9AAE7
    AlternateDataStreams: C:\ProgramData\Temp:6CE0638C
    AlternateDataStreams: C:\ProgramData\Temp:6DE1FF38
    AlternateDataStreams: C:\ProgramData\Temp:6E5C36BA
    AlternateDataStreams: C:\ProgramData\Temp:708E3F13
    AlternateDataStreams: C:\ProgramData\Temp:71173EF9
    AlternateDataStreams: C:\ProgramData\Temp:71A89A93
    AlternateDataStreams: C:\ProgramData\Temp:74A872C7
    AlternateDataStreams: C:\ProgramData\Temp:7602A0B5
    AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
    AlternateDataStreams: C:\ProgramData\Temp:7A459DD9
    AlternateDataStreams: C:\ProgramData\Temp:7F24D3D8
    AlternateDataStreams: C:\ProgramData\Temp:8135A716
    AlternateDataStreams: C:\ProgramData\Temp:814B9485
    AlternateDataStreams: C:\ProgramData\Temp:843E98D0
    AlternateDataStreams: C:\ProgramData\Temp:864A52B8
    AlternateDataStreams: C:\ProgramData\Temp:872B86AD
    AlternateDataStreams: C:\ProgramData\Temp:895A78C5
    AlternateDataStreams: C:\ProgramData\Temp:898327E7
    AlternateDataStreams: C:\ProgramData\Temp:8AB6C1D7
    AlternateDataStreams: C:\ProgramData\Temp:8C885EDD
    AlternateDataStreams: C:\ProgramData\Temp:8D4852A2
    AlternateDataStreams: C:\ProgramData\Temp:8F09BC2E
    AlternateDataStreams: C:\ProgramData\Temp:8FA72FF8
    AlternateDataStreams: C:\ProgramData\Temp:94BD36A2
    AlternateDataStreams: C:\ProgramData\Temp:97692F61
    AlternateDataStreams: C:\ProgramData\Temp:97AAF400
    AlternateDataStreams: C:\ProgramData\Temp:981349EA
    AlternateDataStreams: C:\ProgramData\Temp:98DFF516
    AlternateDataStreams: C:\ProgramData\Temp:9A2521F1
    AlternateDataStreams: C:\ProgramData\Temp:9ACB70D7
    AlternateDataStreams: C:\ProgramData\Temp:9B0F9E15
    AlternateDataStreams: C:\ProgramData\Temp:9B27D3A9
    AlternateDataStreams: C:\ProgramData\Temp:9BFAA502
    AlternateDataStreams: C:\ProgramData\Temp:9E2BD6A9
    AlternateDataStreams: C:\ProgramData\Temp:9E9BA8D0
    AlternateDataStreams: C:\ProgramData\Temp:A02025CE
    AlternateDataStreams: C:\ProgramData\Temp:A724744F
    AlternateDataStreams: C:\ProgramData\Temp:A8C08E7E
    AlternateDataStreams: C:\ProgramData\Temp:AB957E48
    AlternateDataStreams: C:\ProgramData\Temp:B156F3F2
    AlternateDataStreams: C:\ProgramData\Temp:B1873334
    AlternateDataStreams: C:\ProgramData\Temp:B30D9A49
    AlternateDataStreams: C:\ProgramData\Temp:B36361EE
    AlternateDataStreams: C:\ProgramData\Temp:B652B720
    AlternateDataStreams: C:\ProgramData\Temp:B8761AAB
    AlternateDataStreams: C:\ProgramData\Temp:B8AF0F0F
    AlternateDataStreams: C:\ProgramData\Temp:BB61BFAF
    AlternateDataStreams: C:\ProgramData\Temp:BB8B6B1E
    AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
    AlternateDataStreams: C:\ProgramData\Temp:BDB7834E
    AlternateDataStreams: C:\ProgramData\Temp:C2EDE671
    AlternateDataStreams: C:\ProgramData\Temp:C3AF99F6
    AlternateDataStreams: C:\ProgramData\Temp:C40E212B
    AlternateDataStreams: C:\ProgramData\Temp:C60C6342
    AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
    AlternateDataStreams: C:\ProgramData\Temp:C72A744C
    AlternateDataStreams: C:\ProgramData\Temp:C8E82994
    AlternateDataStreams: C:\ProgramData\Temp:C9CDDE5E
    AlternateDataStreams: C:\ProgramData\Temp:CAB5D296
    AlternateDataStreams: C:\ProgramData\Temp:CBC22622
    AlternateDataStreams: C:\ProgramData\Temp:CC4C59B4
    AlternateDataStreams: C:\ProgramData\Temp:CF391C0F
    AlternateDataStreams: C:\ProgramData\Temp:D2C51E3D
    AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
    AlternateDataStreams: C:\ProgramData\Temp:D5F1E592
    AlternateDataStreams: C:\ProgramData\Temp:D68FBF6D
    AlternateDataStreams: C:\ProgramData\Temp:DAFD610F
    AlternateDataStreams: C:\ProgramData\Temp:DE3ABE3D
    AlternateDataStreams: C:\ProgramData\Temp:DEC7E19B
    AlternateDataStreams: C:\ProgramData\Temp:E01CFEDF
    AlternateDataStreams: C:\ProgramData\Temp:E0A42931
    AlternateDataStreams: C:\ProgramData\Temp:E12DB28E
    AlternateDataStreams: C:\ProgramData\Temp:E21987F7
    AlternateDataStreams: C:\ProgramData\Temp:E23BF4AD
    AlternateDataStreams: C:\ProgramData\Temp:E4E83517
    AlternateDataStreams: C:\ProgramData\Temp:E4EE99EF
    AlternateDataStreams: C:\ProgramData\Temp:E51234A9
    AlternateDataStreams: C:\ProgramData\Temp:E90251A2
    AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
    AlternateDataStreams: C:\ProgramData\Temp:ECCE99EF
    AlternateDataStreams: C:\ProgramData\Temp:F01E7F17
    AlternateDataStreams: C:\ProgramData\Temp:F0EDC13A
    AlternateDataStreams: C:\ProgramData\Temp:F1E651F6
    AlternateDataStreams: C:\ProgramData\Temp:F216755A
    AlternateDataStreams: C:\ProgramData\Temp:F33C37D5
    AlternateDataStreams: C:\ProgramData\Temp:F52DB269
    AlternateDataStreams: C:\ProgramData\Temp:F5D73016
    AlternateDataStreams: C:\ProgramData\Temp:F65733F1
    AlternateDataStreams: C:\ProgramData\Temp:F66F0A25
    AlternateDataStreams: C:\ProgramData\Temp:F7FFE8AF
    AlternateDataStreams: C:\ProgramData\Temp:F89F2593
    AlternateDataStreams: C:\ProgramData\Temp:FB384C06
    AlternateDataStreams: C:\ProgramData\Temp:FB97DB91
    AlternateDataStreams: C:\Users\Frank & Penny\Desktop\Nova folder 1.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Frank & Penny\Desktop\Nova folder 2.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Frank & Penny\Desktop\Nova folder 3.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Frank & Penny\Documents\Nova.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Penny\Documents\63BD29CC-00000235.eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk => C:\Windows\pss\Event Reminder.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk => C:\Windows\pss\ExifLauncher2.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe "
    MSCONFIG\startupreg: DVDAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe "
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    MSCONFIG\startupreg: HP Remote Software => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
    MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    MSCONFIG\startupreg: IAAnotif => "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe "
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe "
    MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
    MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe "
    MSCONFIG\startupreg: Microsoft Default Manager => "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    MSCONFIG\startupreg: MSSE => "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe "
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
    MSCONFIG\startupreg: Pulse Ambassador Update Setup => C:\Users\Frank & Penny\AppData\Local\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe /updatesetup
    MSCONFIG\startupreg: Pulse Ambassador Update Setup for All Users => C:\ProgramData\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe /updatesetup
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    MSCONFIG\startupreg: TSMAgent => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe "
    MSCONFIG\startupreg: UpdateLBPShortCut => "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5 "
    MSCONFIG\startupreg: UpdateP2GoShortCut => "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0 "
    MSCONFIG\startupreg: UpdatePDIRShortCut => "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0 "
    MSCONFIG\startupreg: UpdatePSTShortCut => "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter "
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3723767702-1992939573-1971129363-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-3723767702-1992939573-1971129363-1006 - Limited - Enabled)
    BRV SECRETARY (S-1-5-21-3723767702-1992939573-1971129363-1003 - Limited - Enabled) => C:\Users\BRV SECRETARY
    Frank & Penny (S-1-5-21-3723767702-1992939573-1971129363-1000 - Administrator - Enabled) => C:\Users\Frank & Penny
    Frank & Penny_2 (S-1-5-21-3723767702-1992939573-1971129363-1002 - Limited - Enabled) => C:\Users\Frank & Penny_2
    Guest (S-1-5-21-3723767702-1992939573-1971129363-501 - Limited - Enabled)
    lissersgramma (S-1-5-21-3723767702-1992939573-1971129363-1004 - Limited - Enabled) => C:\Users\lissersgramma
    LogMeInRemoteUser (S-1-5-21-3723767702-1992939573-1971129363-1007 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
    Penny (S-1-5-21-3723767702-1992939573-1971129363-1001 - Limited - Enabled) => C:\Users\Penny

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/21/2014 03:00:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/21/2014 02:05:10 PM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: Unable to Interact with Console Session Object [The RPC server is unavailable.].

    Error: (12/21/2014 01:40:24 PM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: Unable to Interact with Console Session Object [The RPC server is unavailable.].

    Error: (12/21/2014 11:31:39 AM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: Unable to Interact with Console Session Object [UserThread Create Failed [0x8000401A]].

    Error: (12/21/2014 11:31:29 AM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: Unable to Interact with Console Session Object [The RPC server is unavailable.].

    Error: (12/21/2014 09:50:20 AM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: Unable to Interact with Console Session Object [The RPC server is unavailable.].

    Error: (12/21/2014 08:29:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/21/2014 08:27:03 AM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: Unable to Interact with Console Session Object [The RPC server is unavailable.].

    Error: (12/21/2014 07:51:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/21/2014 07:48:40 AM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: Unable to Interact with Console Session Object [The RPC server is unavailable.].


    System errors:
    =============
    Error: (12/21/2014 03:00:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: Beep
    i8042prt
    SydexFDD

    Error: (12/21/2014 03:00:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: HP Support Solutions Framework Service%%1053

    Error: (12/21/2014 03:00:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000HP Support Solutions Framework Service

    Error: (12/21/2014 02:57:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Windows Search1300001Restart the service

    Error: (12/21/2014 02:57:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Software Licensing11200001Restart the service

    Error: (12/21/2014 02:57:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: HP Health Check Service1600001Restart the service

    Error: (12/21/2014 02:57:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Windows Presentation Foundation Font Cache 3.0.0.0101Restart the service

    Error: (12/21/2014 02:57:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Windows Media Player Network Sharing Service1300001Restart the service

    Error: (12/21/2014 02:57:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Intel(R) Matrix Storage Event Monitor1

    Error: (12/21/2014 02:57:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Windows Live ID Sign-in Assistant1100001Restart the service


    Microsoft Office Sessions:
    =========================
    Error: (12/21/2014 03:00:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/21/2014 02:05:10 PM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: The RPC server is unavailable.

    Error: (12/21/2014 01:40:24 PM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: The RPC server is unavailable.

    Error: (12/21/2014 11:31:39 AM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: UserThread Create Failed [0x8000401A]

    Error: (12/21/2014 11:31:29 AM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: The RPC server is unavailable.

    Error: (12/21/2014 09:50:20 AM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: The RPC server is unavailable.

    Error: (12/21/2014 08:29:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/21/2014 08:27:03 AM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: The RPC server is unavailable.

    Error: (12/21/2014 07:51:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/21/2014 07:48:40 AM) (Source: OneTouch 4.0 Monitor) (EventID: 111) (User: )
    Description: The RPC server is unavailable.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-21 15:42:30.552
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-21 15:42:30.191
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-21 15:42:29.829
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-21 15:42:29.448
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-21 15:42:28.972
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-21 15:42:28.614
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-21 15:42:28.256
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-21 15:42:27.883
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-21 07:27:19.313
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-21 07:27:18.933
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
    Percentage of memory in use: 34%
    Total physical RAM: 6133.33 MB
    Available physical RAM: 4043.37 MB
    Total Pagefile: 12457.7 MB
    Available Pagefile: 10167.69 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:582.5 GB) (Free:388.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.67 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive x: (New Volume) (Fixed) (Total:465.76 GB) (Free:345.97 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=582.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 5E121A7D)
    Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ==============
     
  11. 2014/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  12. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    I haven't clicked the Fix button in the Farbar Recovery Scan. Should I just close it?
     
  13. 2014/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Read my previous reply.
     
  14. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    I posted this before your reply. But, the scan window is still open. I'm looking for FRST.txt? No, FRST.exe, right?
     
    Last edited: 2014/12/21
  15. 2014/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're looking for FRST64.exe to double click on it.
     
  16. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    Both files were on the desktop, and when clicking Fix I got the following error message:
    Line 9878 (File "C:\Users\Frank & Penny\Desktop\FRST64.exe "):
    Error: Error in expression
     
  17. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    Found fixlog.txt, but can't post because it has too many images?? Not sure what to take out.
     
  18. 2014/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I reported it to the tool developer.
    We have to wait.
    He usually fixes all issues quickly.
     
  19. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    part 1


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014 01
    Ran by Frank & Penny at 2014-12-21 16:14:48 Run:2
    Running from C:\Users\Frank & Penny\Desktop
    Loaded Profile: Frank & Penny (Available profiles: Frank & Penny & Penny & Frank & Penny_2 & BRV SECRETARY & lissersgramma & LogMeInRemoteUser)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3723767702-1992939573-1971129363-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3723767702-1992939573-1971129363-1000 -> {9090374E-E74F-4310-B227-600F3700693C} URL =
    SearchScopes: HKU\S-1-5-21-3723767702-1992939573-1971129363-1000 -> {A956D909-6947-427E-BA1B-A310E8C656A6} URL =
    Toolbar: HKU\S-1-5-21-3723767702-1992939573-1971129363-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    S1 Beep; No ImagePath
    S4 LMIRfsClientNP; No ImagePath
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
    S1 SydexFDD; system32\drives\sydexfdd.sys [X]
    C:\Users\Frank & Penny\AppData\Local\temp\Quarantine.exe
    C:\Users\Frank & Penny\AppData\Local\temp\sqlite3.dll
    AlternateDataStreams: C:\ProgramData\Temp:04107365
    AlternateDataStreams: C:\ProgramData\Temp:0441DB7A
    AlternateDataStreams: C:\ProgramData\Temp:04FDFCF6
    AlternateDataStreams: C:\ProgramData\Temp:0656FCD2
    AlternateDataStreams: C:\ProgramData\Temp:090FB735
    AlternateDataStreams: C:\ProgramData\Temp:0A74923C
    AlternateDataStreams: C:\ProgramData\Temp:0AC32449
    AlternateDataStreams: C:\ProgramData\Temp:0C5AF2AA
    AlternateDataStreams: C:\ProgramData\Temp:0D317761
    AlternateDataStreams: C:\ProgramData\Temp:0EC3A912
    AlternateDataStreams: C:\ProgramData\Temp:104EF12D
    AlternateDataStreams: C:\ProgramData\Temp:13AA281B
    AlternateDataStreams: C:\ProgramData\Temp:13B137AF
    AlternateDataStreams: C:\ProgramData\Temp:14520962
    AlternateDataStreams: C:\ProgramData\Temp:16ED1DDB
    AlternateDataStreams: C:\ProgramData\Temp:17844542
    AlternateDataStreams: C:\ProgramData\Temp:179D1352
    AlternateDataStreams: C:\ProgramData\Temp:1880E7FA
    AlternateDataStreams: C:\ProgramData\Temp:1E5E0A4D
    AlternateDataStreams: C:\ProgramData\Temp:1FB23746
    AlternateDataStreams: C:\ProgramData\Temp:2032CC2B
    AlternateDataStreams: C:\ProgramData\Temp:2038C8B0
    AlternateDataStreams: C:\ProgramData\Temp:21F1378A
    AlternateDataStreams: C:\ProgramData\Temp:22313216
    AlternateDataStreams: C:\ProgramData\Temp:2361E235
    AlternateDataStreams: C:\ProgramData\Temp:24C89EFC
    AlternateDataStreams: C:\ProgramData\Temp:2636DE16
    AlternateDataStreams: C:\ProgramData\Temp:268A5068
    AlternateDataStreams: C:\ProgramData\Temp:29629382
    AlternateDataStreams: C:\ProgramData\Temp:2A622088
    AlternateDataStreams: C:\ProgramData\Temp:2C2990A3
    AlternateDataStreams: C:\ProgramData\Temp:2C91353A
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:2D7D575C
    AlternateDataStreams: C:\ProgramData\Temp:2FAFBD6A
    AlternateDataStreams: C:\ProgramData\Temp:2FCCEABB
    AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
    AlternateDataStreams: C:\ProgramData\Temp:30D56838
    AlternateDataStreams: C:\ProgramData\Temp:311A2F6A
    AlternateDataStreams: C:\ProgramData\Temp:322D2CD3
    AlternateDataStreams: C:\ProgramData\Temp:331B76C7
    AlternateDataStreams: C:\ProgramData\Temp:3325D6E9
    AlternateDataStreams: C:\ProgramData\Temp:3477DE06
    AlternateDataStreams: C:\ProgramData\Temp:35F7F01D
    AlternateDataStreams: C:\ProgramData\Temp:36115E4B
    AlternateDataStreams: C:\ProgramData\Temp:389F7E97
    AlternateDataStreams: C:\ProgramData\Temp:38B32B54
    AlternateDataStreams: C:\ProgramData\Temp:391535F9
    AlternateDataStreams: C:\ProgramData\Temp:394EB021
    AlternateDataStreams: C:\ProgramData\Temp:3B3A35EC
    AlternateDataStreams: C:\ProgramData\Temp:3C77A608
    AlternateDataStreams: C:\ProgramData\Temp:3F22DA14
    AlternateDataStreams: C:\ProgramData\Temp:426796C0
    AlternateDataStreams: C:\ProgramData\Temp:426D1496
    AlternateDataStreams: C:\ProgramData\Temp:43301D1D
    AlternateDataStreams: C:\ProgramData\Temp:43CFCEB7
    AlternateDataStreams: C:\ProgramData\Temp:481DAC2B
    AlternateDataStreams: C:\ProgramData\Temp:48232F36
    AlternateDataStreams: C:\ProgramData\Temp:4A2D1995
    AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
    AlternateDataStreams: C:\ProgramData\Temp:4B87381C
    AlternateDataStreams: C:\ProgramData\Temp:4C255337
    AlternateDataStreams: C:\ProgramData\Temp:4C2F1C3C
    AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
    AlternateDataStreams: C:\ProgramData\Temp:4D71580D
    AlternateDataStreams: C:\ProgramData\Temp:5311B0B8
    AlternateDataStreams: C:\ProgramData\Temp:548AE60C
    AlternateDataStreams: C:\ProgramData\Temp:54997B77
    AlternateDataStreams: C:\ProgramData\Temp:56EE2CAF
    AlternateDataStreams: C:\ProgramData\Temp:5856B2C0
    AlternateDataStreams: C:\ProgramData\Temp:5A99DEB7
    AlternateDataStreams: C:\ProgramData\Temp:5BC73C48
    AlternateDataStreams: C:\ProgramData\Temp:5F95AE81
    AlternateDataStreams: C:\ProgramData\Temp:618BF152
    AlternateDataStreams: C:\ProgramData\Temp:61B54B15
    AlternateDataStreams: C:\ProgramData\Temp:623E564B
    AlternateDataStreams: C:\ProgramData\Temp:63C7DF25
    AlternateDataStreams: C:\ProgramData\Temp:63CFD724
    AlternateDataStreams: C:\ProgramData\Temp:6401C7FF
    AlternateDataStreams: C:\ProgramData\Temp:6622852D
    AlternateDataStreams: C:\ProgramData\Temp:6815EF21
    AlternateDataStreams: C:\ProgramData\Temp:68DA8CC0
    AlternateDataStreams: C:\ProgramData\Temp:699492AA
    AlternateDataStreams: C:\ProgramData\Temp:69B9AAE7
    AlternateDataStreams: C:\ProgramData\Temp:6CE0638C
    AlternateDataStreams: C:\ProgramData\Temp:6DE1FF38
    AlternateDataStreams: C:\ProgramData\Temp:6E5C36BA
    AlternateDataStreams: C:\ProgramData\Temp:708E3F13
    AlternateDataStreams: C:\ProgramData\Temp:71173EF9
    AlternateDataStreams: C:\ProgramData\Temp:71A89A93
    AlternateDataStreams: C:\ProgramData\Temp:74A872C7
    AlternateDataStreams: C:\ProgramData\Temp:7602A0B5
    AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
    AlternateDataStreams: C:\ProgramData\Temp:7A459DD9
    AlternateDataStreams: C:\ProgramData\Temp:7F24D3D8
    AlternateDataStreams: C:\ProgramData\Temp:8135A716
    AlternateDataStreams: C:\ProgramData\Temp:814B9485
    AlternateDataStreams: C:\ProgramData\Temp:843E98D0
    AlternateDataStreams: C:\ProgramData\Temp:864A52B8
    AlternateDataStreams: C:\ProgramData\Temp:872B86AD
    AlternateDataStreams: C:\ProgramData\Temp:895A78C5
    AlternateDataStreams: C:\ProgramData\Temp:898327E7
    AlternateDataStreams: C:\ProgramData\Temp:8AB6C1D7
    AlternateDataStreams: C:\ProgramData\Temp:8C885EDD
    AlternateDataStreams: C:\ProgramData\Temp:8D4852A2
    AlternateDataStreams: C:\ProgramData\Temp:8F09BC2E
    AlternateDataStreams: C:\ProgramData\Temp:8FA72FF8
    AlternateDataStreams: C:\ProgramData\Temp:94BD36A2
    AlternateDataStreams: C:\ProgramData\Temp:97692F61
    AlternateDataStreams: C:\ProgramData\Temp:97AAF400
    AlternateDataStreams: C:\ProgramData\Temp:981349EA
    AlternateDataStreams: C:\ProgramData\Temp:98DFF516
    AlternateDataStreams: C:\ProgramData\Temp:9A2521F1
    AlternateDataStreams: C:\ProgramData\Temp:9ACB70D7
    AlternateDataStreams: C:\ProgramData\Temp:9B0F9E15
    AlternateDataStreams: C:\ProgramData\Temp:9B27D3A9
    AlternateDataStreams: C:\ProgramData\Temp:9BFAA502
    AlternateDataStreams: C:\ProgramData\Temp:9E2BD6A9
    AlternateDataStreams: C:\ProgramData\Temp:9E9BA8D0
    AlternateDataStreams: C:\ProgramData\Temp:A02025CE
    AlternateDataStreams: C:\ProgramData\Temp:A724744F
    AlternateDataStreams: C:\ProgramData\Temp:A8C08E7E
    AlternateDataStreams: C:\ProgramData\Temp:AB957E48
    AlternateDataStreams: C:\ProgramData\Temp:B156F3F2
    AlternateDataStreams: C:\ProgramData\Temp:B1873334
    AlternateDataStreams: C:\ProgramData\Temp:B30D9A49
    AlternateDataStreams: C:\ProgramData\Temp:B36361EE
    AlternateDataStreams: C:\ProgramData\Temp:B652B720
    AlternateDataStreams: C:\ProgramData\Temp:B8761AAB
    AlternateDataStreams: C:\ProgramData\Temp:B8AF0F0F
    AlternateDataStreams: C:\ProgramData\Temp:BB61BFAF
    AlternateDataStreams: C:\ProgramData\Temp:BB8B6B1E
    AlternateDataStreams: C:\ProgramData\Temp:BC8E9899
    AlternateDataStreams: C:\ProgramData\Temp:BDB7834E
    AlternateDataStreams: C:\ProgramData\Temp:C2EDE671
    AlternateDataStreams: C:\ProgramData\Temp:C3AF99F6
    AlternateDataStreams: C:\ProgramData\Temp:C40E212B
    AlternateDataStreams: C:\ProgramData\Temp:C60C6342
    AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
    AlternateDataStreams: C:\ProgramData\Temp:C72A744C
    AlternateDataStreams: C:\ProgramData\Temp:C8E82994
    AlternateDataStreams: C:\ProgramData\Temp:C9CDDE5E
    AlternateDataStreams: C:\ProgramData\Temp:CAB5D296
    AlternateDataStreams: C:\ProgramData\Temp:CBC22622
    AlternateDataStreams: C:\ProgramData\Temp:CC4C59B4
    AlternateDataStreams: C:\ProgramData\Temp:CF391C0F
    AlternateDataStreams: C:\ProgramData\Temp:D2C51E3D
    AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
    AlternateDataStreams: C:\ProgramData\Temp:D5F1E592
    AlternateDataStreams: C:\ProgramData\Temp:D68FBF6D
    AlternateDataStreams: C:\ProgramData\Temp:DAFD610F
    AlternateDataStreams: C:\ProgramData\Temp:DE3ABE3D
    AlternateDataStreams: C:\ProgramData\Temp:DEC7E19B
    AlternateDataStreams: C:\ProgramData\Temp:E01CFEDF
    AlternateDataStreams: C:\ProgramData\Temp:E0A42931
    AlternateDataStreams: C:\ProgramData\Temp:E12DB28E
    AlternateDataStreams: C:\ProgramData\Temp:E21987F7
    AlternateDataStreams: C:\ProgramData\Temp:E23BF4AD
    AlternateDataStreams: C:\ProgramData\Temp:E4E83517
    AlternateDataStreams: C:\ProgramData\Temp:E4EE99EF
    AlternateDataStreams: C:\ProgramData\Temp:E51234A9
    AlternateDataStreams: C:\ProgramData\Temp:E90251A2
    AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
    AlternateDataStreams: C:\ProgramData\Temp:ECCE99EF
    AlternateDataStreams: C:\ProgramData\Temp:F01E7F17
    AlternateDataStreams: C:\ProgramData\Temp:F0EDC13A
    AlternateDataStreams: C:\ProgramData\Temp:F1E651F6
    AlternateDataStreams: C:\ProgramData\Temp:F216755A
    AlternateDataStreams: C:\ProgramData\Temp:F33C37D5
    AlternateDataStreams: C:\ProgramData\Temp:F52DB269
    AlternateDataStreams: C:\ProgramData\Temp:F5D73016
    AlternateDataStreams: C:\ProgramData\Temp:F65733F1
    AlternateDataStreams: C:\ProgramData\Temp:F66F0A25
    AlternateDataStreams: C:\ProgramData\Temp:F7FFE8AF
    AlternateDataStreams: C:\ProgramData\Temp:F89F2593
    AlternateDataStreams: C:\ProgramData\Temp:FB384C06
    AlternateDataStreams: C:\ProgramData\Temp:FB97DB91
    AlternateDataStreams: C:\Users\Frank & Penny\Desktop\Nova folder 1.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Frank & Penny\Desktop\Nova folder 2.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Frank & Penny\Desktop\Nova folder 3.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Frank & Penny\Documents\Nova.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Penny\Documents\63BD29CC-00000235.eml:OECustomProperty
    *****************
     
  20. 2014/12/21
    XP dummy

    XP dummy Well-Known Member Thread Starter

    Joined:
    2006/03/22
    Messages:
    237
    Likes Received:
    2
    part 2


    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
    HKU\S-1-5-21-3723767702-1992939573-1971129363-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-3723767702-1992939573-1971129363-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9090374E-E74F-4310-B227-600F3700693C} => Key not found.
    HKCR\CLSID\{9090374E-E74F-4310-B227-600F3700693C} => Key not found.
    HKU\S-1-5-21-3723767702-1992939573-1971129363-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A956D909-6947-427E-BA1B-A310E8C656A6} => Key not found.
    HKCR\CLSID\{A956D909-6947-427E-BA1B-A310E8C656A6} => Key not found.
    HKU\S-1-5-21-3723767702-1992939573-1971129363-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value not found.
    HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
    Beep => Service not found.
    LMIRfsClientNP => Service not found.
    catchme => Service not found.
    IpInIp => Service not found.
    NwlnkFlt => Service not found.
    NwlnkFwd => Service not found.
    PCDSRVC{F36B3A4C-F95654BD-06000000}_0 => Service not found.
    SydexFDD => Service not found.
    "C:\Users\Frank & Penny\AppData\Local\temp\Quarantine.exe" => File/Directory not found.
    "C:\Users\Frank & Penny\AppData\Local\temp\sqlite3.dll" => File/Directory not found.
    "C:\ProgramData\Temp" => ":04107365" ADS not found.
    "C:\ProgramData\Temp" => ":0441DB7A" ADS not found.
    "C:\ProgramData\Temp" => ":04FDFCF6" ADS not found.
    "C:\ProgramData\Temp" => ":0656FCD2" ADS not found.
    "C:\ProgramData\Temp" => ":090FB735" ADS not found.
    "C:\ProgramData\Temp" => ":0A74923C" ADS not found.
    "C:\ProgramData\Temp" => ":0AC32449" ADS not found.
    "C:\ProgramData\Temp" => ":0C5AF2AA" ADS not found.
    "C:\ProgramData\Temp" => ":0D317761" ADS not found.
    "C:\ProgramData\Temp" => ":0EC3A912" ADS not found.
    "C:\ProgramData\Temp" => ":104EF12D" ADS not found.
    "C:\ProgramData\Temp" => ":13AA281B" ADS not found.
    "C:\ProgramData\Temp" => ":13B137AF" ADS not found.
    "C:\ProgramData\Temp" => ":14520962" ADS not found.
    "C:\ProgramData\Temp" => ":16ED1DDB" ADS not found.
    "C:\ProgramData\Temp" => ":17844542" ADS not found.
    "C:\ProgramData\Temp" => ":179D1352" ADS not found.
    "C:\ProgramData\Temp" => ":1880E7FA" ADS not found.
    "C:\ProgramData\Temp" => ":1E5E0A4D" ADS not found.
    "C:\ProgramData\Temp" => ":1FB23746" ADS not found.
    "C:\ProgramData\Temp" => ":2032CC2B" ADS not found.
    "C:\ProgramData\Temp" => ":2038C8B0" ADS not found.
    "C:\ProgramData\Temp" => ":21F1378A" ADS not found.
    "C:\ProgramData\Temp" => ":22313216" ADS not found.
    "C:\ProgramData\Temp" => ":2361E235" ADS not found.
    "C:\ProgramData\Temp" => ":24C89EFC" ADS not found.
    "C:\ProgramData\Temp" => ":2636DE16" ADS not found.
    "C:\ProgramData\Temp" => ":268A5068" ADS not found.
    "C:\ProgramData\Temp" => ":29629382" ADS not found.
    "C:\ProgramData\Temp" => ":2A622088" ADS not found.
    "C:\ProgramData\Temp" => ":2C2990A3" ADS not found.
    "C:\ProgramData\Temp" => ":2C91353A" ADS not found.
    "C:\ProgramData\Temp" => ":2CB9631F" ADS not found.
    "C:\ProgramData\Temp" => ":2D7D575C" ADS not found.
    "C:\ProgramData\Temp" => ":2FAFBD6A" ADS not found.
    "C:\ProgramData\Temp" => ":2FCCEABB" ADS not found.
    "C:\ProgramData\Temp" => ":302ECBD6" ADS not found.
    "C:\ProgramData\Temp" => ":30D56838" ADS not found.
    "C:\ProgramData\Temp" => ":311A2F6A" ADS not found.
    "C:\ProgramData\Temp" => ":322D2CD3" ADS not found.
    "C:\ProgramData\Temp" => ":331B76C7" ADS not found.
    "C:\ProgramData\Temp" => ":3325D6E9" ADS not found.
    "C:\ProgramData\Temp" => ":3477DE06" ADS not found.
    "C:\ProgramData\Temp" => ":35F7F01D" ADS not found.
    "C:\ProgramData\Temp" => ":36115E4B" ADS not found.
    "C:\ProgramData\Temp" => ":389F7E97" ADS not found.
    "C:\ProgramData\Temp" => ":38B32B54" ADS not found.
    "C:\ProgramData\Temp" => ":391535F9" ADS not found.
    "C:\ProgramData\Temp" => ":394EB021" ADS not found.
    "C:\ProgramData\Temp" => ":3B3A35EC" ADS not found.
    "C:\ProgramData\Temp" => ":3C77A608" ADS not found.
    "C:\ProgramData\Temp" => ":3F22DA14" ADS not found.
    "C:\ProgramData\Temp" => ":426796C0" ADS not found.
    "C:\ProgramData\Temp" => ":426D1496" ADS not found.
    "C:\ProgramData\Temp" => ":43301D1D" ADS not found.
    "C:\ProgramData\Temp" => ":43CFCEB7" ADS not found.
    "C:\ProgramData\Temp" => ":481DAC2B" ADS not found.
    "C:\ProgramData\Temp" => ":48232F36" ADS not found.
    "C:\ProgramData\Temp" => ":4A2D1995" ADS not found.
    "C:\ProgramData\Temp" => ":4B6A9FDA" ADS not found.
    "C:\ProgramData\Temp" => ":4B87381C" ADS not found.
    "C:\ProgramData\Temp" => ":4C255337" ADS not found.
    "C:\ProgramData\Temp" => ":4C2F1C3C" ADS not found.
    "C:\ProgramData\Temp" => ":4D066AD2" ADS not found.
    "C:\ProgramData\Temp" => ":4D71580D" ADS not found.
    "C:\ProgramData\Temp" => ":5311B0B8" ADS not found.
    "C:\ProgramData\Temp" => ":548AE60C" ADS not found.
    "C:\ProgramData\Temp" => ":54997B77" ADS not found.
    "C:\ProgramData\Temp" => ":56EE2CAF" ADS not found.
    "C:\ProgramData\Temp" => ":5856B2C0" ADS not found.
    "C:\ProgramData\Temp" => ":5A99DEB7" ADS not found.
    "C:\ProgramData\Temp" => ":5BC73C48" ADS not found.
    "C:\ProgramData\Temp" => ":5F95AE81" ADS not found.
    "C:\ProgramData\Temp" => ":618BF152" ADS not found.
    "C:\ProgramData\Temp" => ":61B54B15" ADS not found.
    "C:\ProgramData\Temp" => ":623E564B" ADS not found.
    "C:\ProgramData\Temp" => ":63C7DF25" ADS not found.
    "C:\ProgramData\Temp" => ":63CFD724" ADS not found.
    "C:\ProgramData\Temp" => ":6401C7FF" ADS not found.
    "C:\ProgramData\Temp" => ":6622852D" ADS not found.
    "C:\ProgramData\Temp" => ":6815EF21" ADS not found.
    "C:\ProgramData\Temp" => ":68DA8CC0" ADS not found.
    "C:\ProgramData\Temp" => ":699492AA" ADS not found.
    "C:\ProgramData\Temp" => ":69B9AAE7" ADS not found.
    "C:\ProgramData\Temp" => ":6CE0638C" ADS not found.
    "C:\ProgramData\Temp" => ":6DE1FF38" ADS not found.
    "C:\ProgramData\Temp" => ":6E5C36BA" ADS not found.
    "C:\ProgramData\Temp" => ":708E3F13" ADS not found.
    "C:\ProgramData\Temp" => ":71173EF9" ADS not found.
    "C:\ProgramData\Temp" => ":71A89A93" ADS not found.
    "C:\ProgramData\Temp" => ":74A872C7" ADS not found.
    "C:\ProgramData\Temp" => ":7602A0B5" ADS not found.
    "C:\ProgramData\Temp" => ":78E0DF72" ADS not found.
    "C:\ProgramData\Temp" => ":7A459DD9" ADS not found.
    "C:\ProgramData\Temp" => ":7F24D3D8" ADS not found.
    "C:\ProgramData\Temp" => ":8135A716" ADS not found.
    "C:\ProgramData\Temp" => ":814B9485" ADS not found.
    "C:\ProgramData\Temp" => ":843E98D0" ADS not found.
    "C:\ProgramData\Temp" => ":864A52B8" ADS not found.
    "C:\ProgramData\Temp" => ":872B86AD" ADS not found.
    "C:\ProgramData\Temp" => ":895A78C5" ADS not found.
    "C:\ProgramData\Temp" => ":898327E7" ADS not found.
    "C:\ProgramData\Temp" => ":8AB6C1D7" ADS not found.
    "C:\ProgramData\Temp" => ":8C885EDD" ADS not found.
    "C:\ProgramData\Temp" => ":8D4852A2" ADS not found.
    "C:\ProgramData\Temp" => ":8F09BC2E" ADS not found.
    "C:\ProgramData\Temp" => ":8FA72FF8" ADS not found.
    "C:\ProgramData\Temp" => ":94BD36A2" ADS not found.
    "C:\ProgramData\Temp" => ":97692F61" ADS not found.
    "C:\ProgramData\Temp" => ":97AAF400" ADS not found.
    "C:\ProgramData\Temp" => ":981349EA" ADS not found.
    "C:\ProgramData\Temp" => ":98DFF516" ADS not found.
    "C:\ProgramData\Temp" => ":9A2521F1" ADS not found.
    "C:\ProgramData\Temp" => ":9ACB70D7" ADS not found.
    "C:\ProgramData\Temp" => ":9B0F9E15" ADS not found.
    "C:\ProgramData\Temp" => ":9B27D3A9" ADS not found.
    "C:\ProgramData\Temp" => ":9BFAA502" ADS not found.
    "C:\ProgramData\Temp" => ":9E2BD6A9" ADS not found.
    "C:\ProgramData\Temp" => ":9E9BA8D0" ADS not found.
    "C:\ProgramData\Temp" => ":A02025CE" ADS not found.
    "C:\ProgramData\Temp" => ":A724744F" ADS not found.
    "C:\ProgramData\Temp" => ":A8C08E7E" ADS not found.
    "C:\ProgramData\Temp" => ":AB957E48" ADS not found.
    "C:\ProgramData\Temp" => ":B156F3F2" ADS not found.
    "C:\ProgramData\Temp" => ":B1873334" ADS not found.
    "C:\ProgramData\Temp" => ":B30D9A49" ADS not found.
    "C:\ProgramData\Temp" => ":B36361EE" ADS not found.
    "C:\ProgramData\Temp" => ":B652B720" ADS not found.
    "C:\ProgramData\Temp" => ":B8761AAB" ADS not found.
    "C:\ProgramData\Temp" => ":B8AF0F0F" ADS not found.
    "C:\ProgramData\Temp" => ":BB61BFAF" ADS not found.
    "C:\ProgramData\Temp" => ":BB8B6B1E" ADS not found.
    "C:\ProgramData\Temp" => ":BC8E9899" ADS not found.
    "C:\ProgramData\Temp" => ":BDB7834E" ADS not found.
    "C:\ProgramData\Temp" => ":C2EDE671" ADS not found.
    "C:\ProgramData\Temp" => ":C3AF99F6" ADS not found.
    "C:\ProgramData\Temp" => ":C40E212B" ADS not found.
    "C:\ProgramData\Temp" => ":C60C6342" ADS not found.
    "C:\ProgramData\Temp" => ":C6D0ABC3" ADS not found.
    "C:\ProgramData\Temp" => ":C72A744C" ADS not found.
    "C:\ProgramData\Temp" => ":C8E82994" ADS not found.
    "C:\ProgramData\Temp" => ":C9CDDE5E" ADS not found.
    "C:\ProgramData\Temp" => ":CAB5D296" ADS not found.
    "C:\ProgramData\Temp" => ":CBC22622" ADS not found.
    "C:\ProgramData\Temp" => ":CC4C59B4" ADS not found.
    "C:\ProgramData\Temp" => ":CF391C0F" ADS not found.
    "C:\ProgramData\Temp" => ":D2C51E3D" ADS not found.
    "C:\ProgramData\Temp" => ":D31BE97C" ADS not found.
    "C:\ProgramData\Temp" => ":D5F1E592" ADS not found.
    "C:\ProgramData\Temp" => ":D68FBF6D" ADS not found.
    "C:\ProgramData\Temp" => ":DAFD610F" ADS not found.
    "C:\ProgramData\Temp" => ":DE3ABE3D" ADS not found.
    "C:\ProgramData\Temp" => ":DEC7E19B" ADS not found.
    "C:\ProgramData\Temp" => ":E01CFEDF" ADS not found.
    "C:\ProgramData\Temp" => ":E0A42931" ADS not found.
    "C:\ProgramData\Temp" => ":E12DB28E" ADS not found.
    "C:\ProgramData\Temp" => ":E21987F7" ADS not found.
    "C:\ProgramData\Temp" => ":E23BF4AD" ADS not found.
    "C:\ProgramData\Temp" => ":E4E83517" ADS not found.
    "C:\ProgramData\Temp" => ":E4EE99EF" ADS not found.
    "C:\ProgramData\Temp" => ":E51234A9" ADS not found.
    "C:\ProgramData\Temp" => ":E90251A2" ADS not found.
    "C:\ProgramData\Temp" => ":EBCF5924" ADS not found.
    "C:\ProgramData\Temp" => ":ECCE99EF" ADS not found.
    "C:\ProgramData\Temp" => ":F01E7F17" ADS not found.
    "C:\ProgramData\Temp" => ":F0EDC13A" ADS not found.
    "C:\ProgramData\Temp" => ":F1E651F6" ADS not found.
    "C:\ProgramData\Temp" => ":F216755A" ADS not found.
    "C:\ProgramData\Temp" => ":F33C37D5" ADS not found.
    "C:\ProgramData\Temp" => ":F52DB269" ADS not found.
    "C:\ProgramData\Temp" => ":F5D73016" ADS not found.
    "C:\ProgramData\Temp" => ":F65733F1" ADS not found.
    "C:\ProgramData\Temp" => ":F66F0A25" ADS not found.
    "C:\ProgramData\Temp" => ":F7FFE8AF" ADS not found.
    "C:\ProgramData\Temp" => ":F89F2593" ADS not found.
    "C:\ProgramData\Temp" => ":FB384C06" ADS not found.
    "C:\ProgramData\Temp" => ":FB97DB91" ADS not found.
    C:\Users\Frank & Penny\Desktop\Nova folder 1.eml => ":OECustomProperty" ADS removed successfully.
    C:\Users\Frank & Penny\Desktop\Nova folder 2.eml => ":OECustomProperty" ADS removed successfully.
    C:\Users\Frank & Penny\Desktop\Nova folder 3.eml => ":OECustomProperty" ADS removed successfully.
    C:\Users\Frank & Penny\Documents\Nova.eml => ":OECustomProperty" ADS removed successfully.
    C:\Users\Penny\Documents\63BD29CC-00000235.eml => ":OECustomProperty" ADS removed successfully.
     
  21. 2014/12/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What did you do to avoid the error you mentioned?
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.