1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Repeating warning "Malicious website blocked"

Discussion in 'Malware and Virus Removal Archive' started by cspgsl, 2014/10/04.

  1. 2014/10/10
    cspgsl Lifetime Subscription

    cspgsl Well-Known Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    941
    Likes Received:
    6
    Trophy Points:
    233
    Location:
    Atlantic Canada
    Computer Experience:
    enuf to create havoc
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
    Ran by Owner (administrator) on OWNER-PC on 10-10-2014 17:46:57
    Running from C:\Users\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\BASupSrvc.exe
    (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\BASupSrvcCnfg.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimeLineAgent.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    (MN) C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\BASupTSHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [BASupSrvcCnfg] => C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\BASupSrvcCnfg.exe [4492008 2014-02-11] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl ()
    ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl ()
    ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl ()
    BootExecute: PDBoot.exeautocheck autochk *

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cbc.ca/
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {9A179E42-D0A0-4FEE-A5F8-6C3923D5BF66} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
    SearchScopes: HKCU - DefaultScope {BB461C14-D5FA-471A-AF3C-F092022A18CF} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {9A179E42-D0A0-4FEE-A5F8-6C3923D5BF66} URL =
    SearchScopes: HKCU - {9F75E142-C369-46E8-B08B-0592E728D2A7} URL =
    SearchScopes: HKCU - {BB461C14-D5FA-471A-AF3C-F092022A18CF} URL = https://www.google.com/search?q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-23]
    FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
    FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-21]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-21]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-10]
    CHR Extension: (WOT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-10]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-21]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-21]
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-21]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BASupportExpressStandaloneService; C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\BASupSrvc.exe [3486920 2014-02-11] ()
    R2 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [672272 2013-11-03] (Genie9)
    R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2012-05-24] (http://libusb-win32.sourceforge.net)
    S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2010-06-24] (http://libusb-win32.sourceforge.net)
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-10] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-14] ()
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-04] ()
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-10 17:46 - 2014-10-10 17:47 - 00015562 _____ () C:\Users\Owner\Desktop\FRST.txt
    2014-10-10 17:46 - 2014-10-10 17:47 - 00000000 ____D () C:\FRST
    2014-10-10 17:46 - 2014-10-10 17:46 - 02109952 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2014-10-10 17:35 - 2014-10-10 17:35 - 00000582 _____ () C:\blitzblank.log
    2014-10-10 17:33 - 2014-10-10 17:33 - 01153912 _____ (Emsi Software GmbH) C:\Users\Owner\Desktop\BlitzBlank.exe
    2014-10-10 17:25 - 2014-10-10 17:25 - 00002958 _____ () C:\Users\Owner\Desktop\SystemLook.txt
    2014-10-10 17:24 - 2014-10-10 17:24 - 00165376 _____ () C:\Users\Owner\Desktop\SystemLook_x64.exe
    2014-10-10 17:13 - 2014-10-10 17:13 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2014-10-10 17:13 - 2014-10-10 17:13 - 00000000 ____D () C:\Program Files\Unlocker
    2014-10-10 17:12 - 2014-10-10 17:12 - 00402911 _____ () C:\Users\Owner\Downloads\Unlocker1.9.2.exe
    2014-10-10 06:23 - 2014-10-10 06:23 - 00000000 ____D () C:\Program Files\WOT
    2014-10-10 06:23 - 2014-10-10 06:23 - 00000000 ____D () C:\Program Files (x86)\WOT
    2014-10-10 06:10 - 2014-10-10 06:11 - 00001850 _____ () C:\DelFix.txt
    2014-10-10 05:57 - 2014-10-10 05:57 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-10-10 05:57 - 2014-10-10 05:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-10-10 05:57 - 2014-10-10 05:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-10-10 05:57 - 2014-10-10 05:57 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-10-10 05:57 - 2014-10-10 05:57 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-10-10 05:54 - 2014-10-10 05:54 - 29421992 _____ (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u67-windows-i586.com
    2014-10-10 05:50 - 2014-10-10 05:50 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-10-10 05:50 - 2014-10-10 05:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-10-10 05:50 - 2014-10-10 05:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-10-10 05:50 - 2014-10-10 05:50 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-10-10 05:50 - 2014-10-10 05:50 - 00000000 ____D () C:\Program Files\Java
    2014-10-10 05:44 - 2014-10-10 05:44 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-10-10 05:44 - 2014-10-10 05:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-10-10 05:43 - 2014-10-10 17:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-10 05:43 - 2014-10-10 16:53 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-10 05:43 - 2014-10-10 05:48 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-10 05:43 - 2014-10-10 05:48 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-10 05:42 - 2014-10-10 05:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-10-10 05:42 - 2014-10-10 05:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-10-08 18:30 - 2014-10-10 06:10 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-08 16:55 - 2014-10-08 16:55 - 00000000 ____D () C:\Windows\system32\{F4298088-7F22-4808-98AC-50A36B17C7A9}
    2014-10-06 14:31 - 2014-10-08 16:54 - 00000000 ____D () C:\Windows\erdnt
    2014-10-04 17:22 - 2014-10-05 19:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-04 17:20 - 2014-10-05 19:53 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
    2014-10-04 06:39 - 2014-10-04 06:39 - 00006333 _____ () C:\Users\Owner\AppData\Local\ajhndtpp
    2014-10-03 19:17 - 2014-10-10 06:48 - 00000643 _____ () C:\Users\Owner\Desktop\New Text Document.txt
    2014-10-03 15:08 - 2014-10-03 15:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
    2014-10-03 14:55 - 2014-10-04 15:49 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-10-03 14:55 - 2014-10-03 14:55 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-10-03 14:47 - 2014-10-04 17:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Toulre
    2014-10-03 10:07 - 2014-10-10 17:04 - 00006140 _____ () C:\Windows\PFRO.log
    2014-10-03 09:41 - 2014-10-10 17:36 - 00001120 _____ () C:\Windows\setupact.log
    2014-10-03 09:41 - 2014-10-03 09:41 - 00000000 _____ () C:\Windows\setuperr.log
    2014-10-03 06:14 - 2014-10-03 09:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Punuokeb
    2014-10-02 16:36 - 2014-10-02 16:36 - 00150690 _____ () C:\Users\Owner\AppData\Local\stfucfqx
    2014-10-02 16:34 - 2014-10-02 16:34 - 00068415 _____ () C:\Users\Owner\AppData\Local\dlmcjagu
    2014-10-02 16:32 - 2014-10-03 09:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Agtekiu
    2014-09-30 18:37 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-09-30 18:37 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-09-24 01:03 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-09-24 01:03 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-09-11 03:07 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-09-11 03:07 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-09-11 03:07 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-09-11 03:07 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-09-11 03:07 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-09-11 03:07 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-09-11 03:07 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-09-11 03:07 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-09-11 03:07 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-09-11 03:07 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-09-11 03:07 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-09-11 03:07 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-09-11 03:07 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-09-11 03:07 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-09-11 03:07 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-09-11 03:07 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-09-11 03:07 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-09-11 03:07 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-09-11 03:07 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-09-11 03:07 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-09-11 03:07 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-09-11 03:07 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-09-11 03:07 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-09-11 03:07 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-09-11 03:07 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-09-11 03:07 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-09-11 03:07 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-09-11 03:07 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-09-11 03:07 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-09-11 03:07 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-09-11 03:07 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-09-11 03:07 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-09-11 03:07 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-09-11 03:07 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-09-11 03:07 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-09-11 03:07 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-09-11 03:07 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-09-11 03:07 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-09-11 03:07 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-09-11 03:07 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-09-11 03:07 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-09-11 03:07 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-09-11 03:07 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-09-11 03:07 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-09-11 03:07 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-09-11 03:07 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-09-11 03:07 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-09-11 03:07 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-09-11 03:07 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-09-11 03:07 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-09-11 03:07 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-09-11 03:07 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-09-11 03:07 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-09-11 03:07 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-09-11 03:07 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-09-11 03:07 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-09-11 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-09-11 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2014-09-11 01:46 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-09-11 01:46 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2014-09-11 01:45 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-11 01:45 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-11 01:45 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-09-11 01:45 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-09-11 01:45 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-09-11 01:45 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-09-11 01:45 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-09-11 01:45 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-09-11 01:45 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-10 17:43 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-10 17:43 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-10 17:40 - 2012-08-22 17:49 - 01397766 _____ () C:\Windows\WindowsUpdate.log
    2014-10-10 17:36 - 2014-03-29 12:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-10 17:36 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-10 16:54 - 2012-09-23 11:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-10 07:34 - 2013-12-22 13:02 - 00000536 _____ () C:\Users\Owner\Desktop\My Cogeco Sign in to Webmail High speed Internet.website
    2014-10-10 05:57 - 2013-10-21 07:31 - 00000000 ____D () C:\ProgramData\Oracle
    2014-10-10 05:44 - 2012-08-26 23:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
    2014-10-10 05:44 - 2012-08-24 22:51 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-10-10 05:42 - 2012-08-24 22:49 - 00000000 ____D () C:\ProgramData\Adobe
    2014-10-08 16:55 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
    2014-10-08 16:54 - 2009-07-13 22:34 - 78381056 _____ () C:\Windows\system32\config\SOFTWARE.bak
    2014-10-08 16:54 - 2009-07-13 22:34 - 16252928 _____ () C:\Windows\system32\config\SYSTEM.bak
    2014-10-08 16:54 - 2009-07-13 22:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
    2014-10-08 16:54 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
    2014-10-08 16:54 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
    2014-10-06 14:44 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
    2014-10-03 17:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-03 15:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-10-03 10:07 - 2012-08-23 17:30 - 00000000 ____D () C:\Windows\hpoj4500g510g-m
    2014-10-02 22:23 - 2014-03-27 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2014-09-24 14:54 - 2012-09-23 11:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-24 14:54 - 2012-09-23 11:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-24 14:54 - 2012-09-23 11:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-22 20:45 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-22 20:34 - 2012-09-07 22:35 - 00000929 _____ () C:\Users\Public\Desktop\Kobo.lnk
    2014-09-22 20:33 - 2012-09-07 22:35 - 00000000 ____D () C:\Program Files (x86)\Kobo
    2014-09-22 02:42 - 2012-08-22 15:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-09-11 03:11 - 2012-08-24 12:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-09-11 03:05 - 2014-02-26 04:04 - 00765448 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-09-11 03:04 - 2014-07-22 13:17 - 00002155 _____ () C:\Windows\epplauncher.mif
    2014-09-11 03:04 - 2014-07-22 13:16 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-09-11 03:04 - 2014-07-22 13:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-09-11 03:04 - 2014-07-22 13:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-09-11 03:04 - 2013-07-24 03:03 - 00000000 ____D () C:\Windows\system32\MRT
    2014-09-11 03:01 - 2012-08-22 15:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-09-11 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-06 00:49

    ==================== End Of Log ============================
     
  2. 2014/10/10
    cspgsl Lifetime Subscription

    cspgsl Well-Known Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    941
    Likes Received:
    6
    Trophy Points:
    233
    Location:
    Atlantic Canada
    Computer Experience:
    enuf to create havoc
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01
    Ran by Owner at 2014-10-10 17:47:43
    Running from C:\Users\Owner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
    4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
    4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
    ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    BeAnywhere Support Service (HKLM-x32\...\BeAnyWhere Support Express Service) (Version: 5.70.01 - BeAnywhere)
    Bridge Baron 20 (HKLM-x32\...\{616D58B6-6155-425B-9801-9EC62BBA2EAA}) (Version: 20.00.01 - Great Game Products, Inc.)
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
    CyberLink DVD Suite Deluxe (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
    Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 4.0 - Genie9)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
    HP MediaSmart DVD (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
    HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
    HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
    HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3205 - Hewlett-Packard) Hidden
    HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
    HP Remote Solution (x32 Version: 1.1.9.0 - TopSeed) Hidden
    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (x32 Version: 3.0.0.7 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Kobo (HKLM-x32\...\Kobo) (Version: 3.10.0 - Rakuten Kobo Inc.)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
    LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    PerfectDisk 11 Professional (HKLM\...\{B7607FC8-72AD-486D-B6B7-A402D5876309}) (Version: 11.00.185 - Raxco Software Inc.)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
    PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
    Pure Sudoku 1.52 (HKLM-x32\...\Pure Sudoku_is1) (Version: - Mochek Interactive)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    10-10-2014 10:10:44 End of disinfection
    10-10-2014 10:22:56 Installed WOT for Internet Explorer

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2014-10-08 16:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00D347E8-0C8B-4305-B7EA-D437E5BCD9A2} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
    Task: {0ED737AF-4294-4529-98D4-E71FB2BFC1FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
    Task: {1650D9A7-4462-4D29-9C0B-91D4B79EFBEC} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe
    Task: {4EEDCDA3-3CA7-43CB-A1E1-FBA80332A7CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
    Task: {50A3D466-9884-48A1-9C30-4A7D40F1A743} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
    Task: {65803297-F926-4B01-884E-A3203D69F2E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
    Task: {8CAE0610-D0E8-4AE9-B5E4-E7771E145418} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    Task: {D6A5C70E-8E0B-4EBD-84D2-B1926B8D4B8C} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    Task: {DF492826-37EC-4A84-B818-8CF4B4962867} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
    Task: {FF079BA0-013B-4BF8-B78D-6E535FFC16D9} - System32\Tasks\{FAC57B7C-DA56-498F-B60D-9EC718E3CE45} => Iexplore.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-28 08:47 - 2013-11-03 08:16 - 00163328 _____ () C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl
    2014-03-28 08:47 - 2012-04-24 05:29 - 00045568 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogging.gtl
    2014-03-28 08:47 - 2013-11-03 08:16 - 00209920 _____ () C:\Program Files\Genie9\Genie Timeline\Settings.gtl
    2014-03-28 08:47 - 2012-04-24 05:29 - 00089600 _____ () C:\Program Files\Genie9\Genie Timeline\GSEncryption.gtl
    2014-03-28 08:47 - 2013-11-03 08:16 - 00490496 _____ () C:\Program Files\Genie9\Genie Timeline\GSIndexDB.gtl
    2014-03-28 08:47 - 2012-02-02 05:16 - 00740864 _____ () C:\Program Files\Genie9\Genie Timeline\sqlite3.gtl
    2014-03-28 08:47 - 2012-04-24 05:29 - 00011264 _____ () C:\Program Files\Genie9\Genie Timeline\RWLock.gtl
    2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2014-03-28 08:47 - 2013-11-03 08:16 - 00710144 _____ () C:\Program Files\Genie9\Genie Timeline\GSBackupManager.gtl
    2014-03-28 08:47 - 2013-11-03 08:16 - 00370688 _____ () C:\Program Files\Genie9\Genie Timeline\GSWatcher4.gtl
    2014-03-28 08:47 - 2013-11-03 08:16 - 00332800 _____ () C:\Program Files\Genie9\Genie Timeline\OnlineHandler.gtl
    2013-02-11 07:34 - 2013-02-11 07:34 - 00045056 _____ () C:\Program Files\Genie9\Genie Timeline\pcre.dll
    2013-02-11 07:34 - 2013-02-11 07:34 - 00097792 _____ () C:\Program Files\Genie9\Genie Timeline\pcrebase.dll
    2014-03-28 08:47 - 2013-11-03 08:16 - 00055296 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogManager.gtl
    2014-03-28 08:47 - 2013-11-03 08:16 - 00087040 _____ () C:\Program Files\Genie9\Genie Timeline\QueueManager.gtl
    2014-03-28 08:47 - 2012-02-02 05:16 - 00010752 _____ () C:\Program Files\Genie9\Genie Timeline\VSSEngine_Proxy.gtl
    2014-03-28 08:47 - 2012-04-24 05:29 - 00058368 _____ () C:\Program Files\Genie9\Genie Timeline\GSLibrariesManager.gtl
    2014-02-11 14:14 - 2014-02-11 14:14 - 03486920 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\BASupSrvc.exe
    2013-11-03 08:16 - 2013-11-03 08:16 - 00332800 _____ () C:\Program Files\Genie9\Genie Timeline\OnlineHandler.dll
    2012-04-24 05:29 - 2012-04-24 05:29 - 00045568 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogging.dll
    2013-11-03 08:16 - 2013-11-03 08:16 - 00490496 _____ () C:\Program Files\Genie9\Genie Timeline\GSIndexDB.dll
    2012-02-02 05:16 - 2012-02-02 05:16 - 00740864 _____ () C:\Program Files\Genie9\Genie Timeline\sqlite3.dll
    2012-04-24 05:29 - 2012-04-24 05:29 - 00011264 _____ () C:\Program Files\Genie9\Genie Timeline\RWLock.dll
    2013-11-03 08:16 - 2013-11-03 08:16 - 00209920 _____ () C:\Program Files\Genie9\Genie Timeline\Settings.dll
    2012-04-24 05:29 - 2012-04-24 05:29 - 00089600 _____ () C:\Program Files\Genie9\Genie Timeline\GSEncryption.dll
    2013-11-03 08:16 - 2013-11-03 08:16 - 00087040 _____ () C:\Program Files\Genie9\Genie Timeline\QueueManager.dll
    2013-11-03 08:16 - 2013-11-03 08:16 - 00710144 _____ () C:\Program Files\Genie9\Genie Timeline\GSBackupManager.dll
    2013-11-03 08:16 - 2013-11-03 08:16 - 00370688 _____ () C:\Program Files\Genie9\Genie Timeline\GSWatcher4.dll
    2013-11-03 08:16 - 2013-11-03 08:16 - 00055296 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogManager.dll
    2012-02-02 05:16 - 2012-02-02 05:16 - 00010752 _____ () C:\Program Files\Genie9\Genie Timeline\VSSEngine_Proxy.dll
    2012-04-24 05:29 - 2012-04-24 05:29 - 00058368 _____ () C:\Program Files\Genie9\Genie Timeline\GSLibrariesManager.dll
    2014-02-11 14:15 - 2014-02-11 14:15 - 04492008 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\BASupSrvcCnfg.exe
    2013-11-03 08:16 - 2013-11-03 08:16 - 00063488 _____ () C:\Program Files\Genie9\Genie Timeline\XBalloonMsgDll.dll
    2012-04-24 05:29 - 2012-04-24 05:29 - 00093696 _____ () C:\Program Files\Genie9\Genie Timeline\GSCurl.dll
    2013-05-13 10:42 - 2013-05-13 10:42 - 00107520 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\ZLIB1.DLL
    2013-05-14 01:39 - 2013-05-14 01:39 - 00374784 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\TURBOJPEG.DLL
    2004-06-17 11:19 - 2004-06-17 11:19 - 00688128 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\libeay32.dll
    2004-06-17 11:19 - 2004-06-17 11:19 - 00155648 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\ssleay32.dll
    2007-06-22 10:23 - 2007-06-22 10:23 - 00069632 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\BAWHook.dll
    2014-02-11 14:15 - 2014-02-11 14:15 - 00271104 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService\BASupSrvcCnfgEN.dll
    2009-08-05 16:45 - 2009-08-05 16:45 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe "
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover "

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1733947999-1141992454-4204930090-500 - Administrator - Disabled)
    Guest (S-1-5-21-1733947999-1141992454-4204930090-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1733947999-1141992454-4204930090-1002 - Limited - Enabled)
    Owner (S-1-5-21-1733947999-1141992454-4204930090-1000 - Administrator - Enabled) => C:\Users\Owner

    ==================== Faulty Device Manager Devices =============

    Name: Officejet 6700
    Description: Officejet 6700
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

    Name: Officejet Pro 8600
    Description: Officejet Pro 8600
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

    Name: HP Officejet Pro X476dw MFP
    Description: HP Officejet Pro X476dw MFP
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/10/2014 05:56:55 AM) (Source: MsiInstaller) (EventID: 11500) (User: Owner-PC)
    Description: Product: Java 7 Update 67 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

    Error: (10/10/2014 05:53:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program jre-7u67-windows-i586.com version 7.0.670.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 55c

    Start Time: 01cfe46fcfba3d80

    Termination Time: 15

    Application Path: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0SZ7YUE\jre-7u67-windows-i586.com

    Report Id:

    Error: (10/09/2014 11:48:18 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (10/09/2014 11:46:02 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (10/09/2014 11:37:35 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (10/09/2014 11:37:29 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (10/08/2014 11:55:09 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (10/08/2014 11:55:07 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


    System errors:
    =============
    Error: (10/10/2014 06:33:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.

    Error: (10/10/2014 06:10:27 AM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume HP.

    Error: (10/10/2014 06:10:23 AM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume HP.

    Error: (10/10/2014 06:10:17 AM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume HP.

    Error: (10/08/2014 07:31:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (09/20/2014 05:55:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (08/19/2014 08:24:36 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (07/28/2014 10:23:12 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-10-06 14:41:10.527
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-06 14:41:10.355
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-17 04:33:50.418
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 04:33:50.416
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 04:33:50.413
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 04:33:50.391
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 04:33:50.389
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 04:33:50.387
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 04:33:50.359
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-17 04:33:50.342
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
    Percentage of memory in use: 28%
    Total physical RAM: 6134.24 MB
    Available physical RAM: 4395.45 MB
    Total Pagefile: 12266.66 MB
    Available Pagefile: 10425.03 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:918.75 GB) (Free:828.94 GB) NTFS
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.66 GB) (Free:2.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive j: (Seagate Expansion Drive) (Fixed) (Total:698.63 GB) (Free:622.1 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: B6639A4F)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=918.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 698.6 GB) (Disk ID: 59173968)
    Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     

  3. to hide this advert.

  4. 2014/10/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  5. 2014/10/10
    cspgsl Lifetime Subscription

    cspgsl Well-Known Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    941
    Likes Received:
    6
    Trophy Points:
    233
    Location:
    Atlantic Canada
    Computer Experience:
    enuf to create havoc
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01
    Ran by Owner at 2014-10-10 17:59:36 Run:1
    Running from C:\Users\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    RemoveDirectory: C:\Users\Owner\Desktop\mbar
    *****************

    Could not remove "C:\Users\Owner\Desktop\mbar\License.rtf" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\master.conf" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\mbam.dll" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\mbamcore.dll" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\mbamdor.exe" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\mbamnet.dll" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\mbar.cmd" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\mbar.exe" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\mbar-log-2014-10-04 (17-22-31).txt" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\mbar-log-2014-10-05 (19-42-08).txt" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\msvcp100.dll" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\msvcr100.dll" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\QtCore4.dll" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\QtGui4.dll" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\ReadMe.rtf" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\system-log.txt" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\Data\actions.ref" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\Data\Configuration\build.conf" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\Data\Configuration\config.conf" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\Data\Configuration\database.conf" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\Data\Configuration\local.conf" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\Data\Configuration\manifest.conf" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\Data\rules.ref" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\Data\swissarmy.ref" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\imageformats\qico4.dll" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\imageformats\qicod4.dll" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\Languages\English.lng" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar\Plugins\fixdamage.exe" => Scheduled to remove on reboot.
    Could not remove "C:\Users\Owner\Desktop\mbar" => Scheduled to remove on reboot.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-10 20:25:30)<=

    "C:\Users\Owner\Desktop\mbar\License.rtf" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\master.conf" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\mbam.dll" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\mbamcore.dll" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\mbamdor.exe" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\mbamnet.dll" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\mbar.cmd" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\mbar.exe" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\mbar-log-2014-10-04 (17-22-31).txt" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\mbar-log-2014-10-05 (19-42-08).txt" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\msvcp100.dll" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\msvcr100.dll" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\QtCore4.dll" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\QtGui4.dll" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\ReadMe.rtf" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\system-log.txt" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\Data\actions.ref" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\Data\Configuration\build.conf" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\Data\Configuration\config.conf" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\Data\Configuration\database.conf" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\Data\Configuration\local.conf" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\Data\Configuration\manifest.conf" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\Data\rules.ref" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\Data\swissarmy.ref" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\imageformats\qico4.dll" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\imageformats\qicod4.dll" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\Languages\English.lng" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar\Plugins\fixdamage.exe" => Could not remove file.
    "C:\Users\Owner\Desktop\mbar" => Could not remove directory.

    ==== End of Fixlog ====
     
  6. 2014/10/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
  7. 2014/10/10
    cspgsl Lifetime Subscription

    cspgsl Well-Known Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    941
    Likes Received:
    6
    Trophy Points:
    233
    Location:
    Atlantic Canada
    Computer Experience:
    enuf to create havoc
    I will have to do it tomorrow now and report in the afternoon.
    Thanks
     
  8. 2014/10/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    [​IMG]
     
  9. 2014/10/11
    cspgsl Lifetime Subscription

    cspgsl Well-Known Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    941
    Likes Received:
    6
    Trophy Points:
    233
    Location:
    Atlantic Canada
    Computer Experience:
    enuf to create havoc
    TA-DA !! That got rid of it.

    Thanks for your assistance. The owner now knows not to click on attachments.


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01
    Ran by Owner at 2014-10-11 12:12:57 Run:2
    Running from C:\Users\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner)
    Boot Mode: Safe Mode (with Networking)
    ==============================================

    Content of fixlist:
    *****************
    RemoveDirectory: C:\Users\Owner\Desktop\mbar
    *****************

    "C:\Users\Owner\Desktop\mbar" => removed successfully.

    ==== End of Fixlog ====
     
  10. 2014/10/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Perfect!

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Share This Page