Upon entering Windows password, screen goes black and does not load

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jb23

Thread Starter
Joined
Jun 28, 2013
Messages
27
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4085 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 598268 MB, Free - 444904 MB; D: Total - 12108 MB, Free - 2206 MB;
Motherboard: MSI, Boston
Antivirus: Kaspersky Internet Security, Not Updated


Problem:

I clicked on an email and opened an attachment from someone I thought I knew, but turned out to be a virus (I assume.) I now cannot get past the log-in screen for windows. Upon entering my password at the log-in screen, the screen simply turns black. I have ran MBAM 2-3 times with no change in performance after removing the located viruses. Any help would be appreciated.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Welcome. :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
 

jb23

Thread Starter
Joined
Jun 28, 2013
Messages
27
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Justin (administrator) on JUSTIN-PC on 19-01-2015 20:51:17
Running from C:\Users\Justin\Downloads
Loaded Profiles: Justin (Available profiles: Justin & Kaci)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2011-12-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-29] (Hewlett-Packard)
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [Google Update] => C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\RunOnce: [Application Restart #3] => C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\MountPoints2: {a9af6a84-a409-11de-ae15-806e6f6e6963} - E:\AT&T_High_Speed_Internet_Service.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-04] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3521969671-2636067396-303416300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
URLSearchHook: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {E5AE975A-DDB2-4086-80FC-E566E6976F24} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {C70A4FFC-0A59-41D5-B476-AAB000E6FF73} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> DefaultScope {5438DE99-F3B1-427C-BE98-1CA335776A80} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> {5438DE99-F3B1-427C-BE98-1CA335776A80} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> {5AF511D0-E2C2-4D2F-BFEB-AA6C5CAD4DAD} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.666 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3521969671-2636067396-303416300-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3521969671-2636067396-303416300-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-20]
FF Extension: Ghostery - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\[email protected] [2013-08-02]
FF Extension: NoScript - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-07]
FF Extension: Adblock Plus - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-01-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_[email protected]
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Justin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]
CHR Extension: (Kaspersky Protection) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-08-18]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-25]
CHR Extension: (Motive Extension) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-07-06]
CHR Extension: (SiteAdvisor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-07-06]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-07-06]
CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Anti-Banner) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-25]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-04-03]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-04-03]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-09-25]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]
CHR StartMenuInternet: Google Chrome - C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
S2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-10-16] (Alcatel-Lucent) [File not signed]
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-10-16] (Alcatel-Lucent) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2012-12-03] (VMware, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [X]
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2014-07-11] (LeapFrog)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-20] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-27] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-10-22] (CACE Technologies, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15208 2009-06-17] (Secunia) [File not signed]
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [12584 2010-06-15] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [15784 2010-06-15] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [18432 2010-06-15] (SMART Technologies ULC) [File not signed]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 20:51 - 2015-01-19 20:51 - 00029605 _____ () C:\Users\Justin\Downloads\FRST.txt
2015-01-19 20:50 - 2015-01-19 20:51 - 00000000 ____D () C:\FRST
2015-01-19 20:50 - 2015-01-19 20:50 - 02126848 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
2015-01-19 20:50 - 2015-01-19 20:50 - 02126848 _____ (Farbar) C:\Users\Justin\Downloads\FRST64(1).exe
2015-01-18 21:40 - 2015-01-18 21:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 21:13 - 2015-01-18 21:13 - 00509440 _____ (Tech Support Guy System) C:\Users\Justin\Downloads\SysInfo.exe
2015-01-07 17:34 - 2015-01-07 17:34 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-06 22:05 - 2015-01-06 22:05 - 02428928 _____ () C:\Users\Justin\Downloads\image (16).jpeg
2015-01-06 21:58 - 2015-01-06 21:58 - 00143360 _____ () C:\Users\Justin\Downloads\image (15).jpeg
2015-01-06 21:58 - 2015-01-06 21:58 - 00143360 _____ () C:\Users\Justin\Downloads\image (14).jpeg
2014-12-31 10:09 - 2014-12-31 10:09 - 00000000 ____D () C:\Windows\A6F7860A7B9E44F68EFD6D9BEB98F556.TMP
2014-12-31 10:07 - 2014-12-31 10:08 - 11873400 _____ (LeapFrog Enterprises, Inc.) C:\Users\Justin\Downloads\LeapFrogConnectSetup_TagJunior.exe
2014-12-30 21:40 - 2014-12-30 21:41 - 03850458 _____ () C:\Users\Justin\Downloads\NewJewelryIsHere_S15_4up

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 20:47 - 2013-07-07 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 14:27 - 2013-11-20 16:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-19 14:27 - 2010-01-06 16:22 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000UA.job
2015-01-19 14:26 - 2014-09-18 17:48 - 00000372 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Kaci.job
2015-01-19 14:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 14:25 - 2009-07-13 23:51 - 00047073 _____ () C:\Windows\setupact.log
2015-01-14 13:06 - 2009-11-18 03:20 - 01593514 _____ () C:\Windows\PFRO.log
2015-01-07 17:51 - 2009-09-17 23:18 - 01231715 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 17:38 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 17:38 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 17:35 - 2010-01-26 19:30 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001UA.job
2015-01-07 17:31 - 2014-10-22 17:59 - 00000000 ____D () C:\Users\Justin\AppData\Local\NETGEARGenie
2015-01-07 14:13 - 2013-07-10 12:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 20:47 - 2011-08-21 15:03 - 00000404 ____H () C:\Windows\Tasks\Norton Security Scan for Justin.job
2015-01-06 20:28 - 2010-01-06 16:22 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000Core.job
2015-01-06 20:17 - 2014-09-18 17:48 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Kaci.job
2015-01-06 20:17 - 2014-09-18 17:48 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Kaci.job
2015-01-05 12:54 - 2011-10-31 14:12 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-05 12:54 - 2009-11-02 11:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-04 21:32 - 2014-08-25 18:55 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJustin
2015-01-04 21:32 - 2014-08-25 18:55 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForJustin.job
2015-01-04 20:24 - 2012-07-06 14:10 - 00000000 ____D () C:\Users\Justin\Documents\StoryBook Creator Projects
2014-12-31 10:21 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 10:10 - 2010-12-05 23:06 - 00036976 _____ () C:\Windows\DPINST.LOG
2014-12-31 10:02 - 2009-11-02 11:49 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-12-30 12:50 - 2013-12-25 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect

==================== Files in the root of some directories =======
2011-05-12 20:33 - 2011-08-22 18:12 - 0001854 _____ () C:\Users\Justin\AppData\Roaming\GhostObjGAFix.xml
2009-11-01 22:13 - 2009-11-01 22:13 - 2925193 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 041.0
2009-11-01 22:13 - 2009-11-01 22:13 - 0846608 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 041.JPG
2009-11-01 22:13 - 2009-11-01 22:13 - 3150367 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 050.0
2009-11-01 22:13 - 2009-11-01 22:13 - 0903122 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 050.JPG
2009-11-11 18:29 - 2009-11-11 18:29 - 2654292 _____ () C:\Users\Justin\AppData\Local\tmpDSC01701.0
2009-11-11 18:29 - 2009-11-11 18:29 - 0554658 _____ () C:\Users\Justin\AppData\Local\tmpDSC01701.JPG
2012-09-08 15:54 - 2012-09-08 15:54 - 0170225 _____ () C:\Users\Justin\AppData\Local\tmpSCAN0002.0
2012-09-08 15:54 - 2012-09-08 15:54 - 0173790 _____ () C:\Users\Justin\AppData\Local\tmpSCAN0002.JPG
2011-12-22 21:43 - 2011-12-22 21:43 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-09-15 22:18 - 2010-10-18 22:08 - 0006211 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\autorun.dll
C:\Users\Justin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Justin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Justin\AppData\Local\Temp\ose00000.exe
C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-3.exe
C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-4.exe
C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-5.exe
C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-6.exe
C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer-7.exe
C:\Users\Kaci\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Kaci\AppData\Local\Temp\GUR1C78.exe
C:\Users\Kaci\AppData\Local\Temp\luajava-1.1.dll
C:\Users\Kaci\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Kaci\AppData\Local\Temp\sp64126.exe
C:\Users\Kaci\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 19:49

==================== End Of Log ============================
 

jb23

Thread Starter
Joined
Jun 28, 2013
Messages
27
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Justin at 2015-01-19 20:52:31
Running from C:\Users\Justin\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect VPN Client (HKLM-x32\...\{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}) (Version: 2.5.6005 - Cisco Systems, Inc.)
CM-Uploader (HKLM\...\{7DEDB721-D107-4282-8C7E-B1B29CA63605}) (Version: 2.0.4601 - Creative Memories)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertXtoDVD 4.0.12.327 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
Creative Memories StoryBook Creator Plus 3 (HKLM-x32\...\{95ED1AC3-DF2A-4719-B029-909C0875CD8F}) (Version: 3.0 - Caspedia Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Font Management System (HKLM-x32\...\Font Management System4.2.0.0) (Version: 4.2.0.0 - Summitsoft Corporation)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version: - AOL Products)
House of Cards (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 6.0.12230.783 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.220 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (x32 Version: 5.2.4.18512 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LightScribe Applications (HKLM-x32\...\{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}) (Version: 1.18.5.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Pizza Chef (x32 Version: 2.2.0.87 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Secunia PSI (HKLM-x32\...\Secunia PSI) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StoryBook Creator 4.0 (HKLM\...\{EC445D66-B081-474E-948C-52E1EC48A414}) (Version: 4.0.5045 - Panstoria, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version: - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version: - LeapFrog)
VMware View Client (HKLM\...\{6248C52A-5236-4C07-9BD5-393C40A42316}) (Version: 5.2.1.937772 - VMware, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3521969671-2636067396-303416300-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3521969671-2636067396-303416300-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3521969671-2636067396-303416300-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3521969671-2636067396-303416300-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3521969671-2636067396-303416300-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

29-11-2014 19:57:25 Scheduled Checkpoint
07-12-2014 17:54:09 Scheduled Checkpoint
14-12-2014 03:01:07 Windows Update
18-12-2014 03:00:34 Windows Update
25-12-2014 12:59:18 Scheduled Checkpoint
04-01-2015 19:55:52 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-06-28 20:44 - 00449886 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05454A8F-AE55-4F9E-A7A3-C7ECB8B02942} - System32\Tasks\{4A117842-9C3D-4228-9804-302FE92B2FED} => pcalua.exe -a C:\Users\Justin\Downloads\HijackThis.exe -d C:\Users\Justin\Downloads
Task: {05DB04E9-C9F1-4E77-ABED-51BFC7E6CBBE} - System32\Tasks\HPCeeScheduleForJustin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {12705675-3AA5-455B-865D-2AD47D07D9BD} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {1388247F-30EF-472F-95C8-7CCD70AA17AF} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {17A39DE8-BC77-4AF9-BD7E-682676EF554B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {19DF2FE1-DDE1-402C-BFE5-F877B53EA675} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {22F59F80-60AC-4CA5-A926-831C66334E6E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {248C777B-56EA-4EC2-AABD-478CDC306EFE} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {3021B6E9-3D02-425F-92B9-0D31153FDEA6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {34DEEE6E-D4A4-47E4-8338-167795161D1D} - System32\Tasks\Norton Security Scan for Justin => C:\PROGRA~2\NORTON~2\Engine\351~1.6\Nss.exe
Task: {3A0A1EC4-9F63-430D-8766-A894FC89EC16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {515A816A-A5A3-45DB-B50C-8A25201B781B} - System32\Tasks\{6B08924F-42FC-42E7-9048-22AA3465324F} => pcalua.exe -a "C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZR0OJXB\install_flash_player[2].exe" -d C:\Windows\system32
Task: {5189A621-2144-470B-AB2A-05AA429F4439} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000Core => C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {682D899D-EDDF-464C-8561-14854B0F8902} - System32\Tasks\RNUpgradeHelperLogonPrompt_Kaci => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {7C140AA2-1F0B-4750-BEE8-7E0123BEBCBA} - System32\Tasks\Secunia PSI Logon Task => C:\Program Files (x86)\Secunia\PSI\psi.exe [2009-08-21] (Secunia)
Task: {8310C05C-24FD-4859-9D2E-155F50F2EF37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000UA => C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {95471D0B-D923-4B1F-8479-55C06B54F8B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {9A39E4FC-29BB-4F15-B41A-FAE0358368CB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3521969671-2636067396-303416300-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {9DD235BF-C5EE-4972-80CC-9C86EEC1A8D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001UA => C:\Users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {A02497C3-90D2-4504-B493-7843AB685EAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A46AE414-CF52-4A35-9990-8F7DCBD49BE8} - System32\Tasks\RNUpgradeHelperResumePrompt_Kaci => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {A83B65EE-AFAF-4774-B612-C7B54786A731} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001Core => C:\Users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {B3080600-AB65-44E3-B630-31F97842651C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B73EC4B2-48FC-4BF2-9226-78AA24C85214} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {CEB1BB0E-90D8-4F32-B397-738EB960F8E4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3521969671-2636067396-303416300-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {CED110A7-156E-4064-82E2-2E7E02C61AEB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3521969671-2636067396-303416300-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {D2DFBFC1-F18E-41C2-B3BB-5930017902E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN1764B1M0 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {E4AADEF2-8D0A-4920-9C41-9290630C8FF6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3521969671-2636067396-303416300-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {EC78868C-357F-46A4-B4FF-F84C25D636BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {EF2AE458-8300-4A5C-B3EB-6ABDDEAAEBB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F5FE6851-E913-4D51-88B7-619295714E94} - System32\Tasks\ReclaimerUpdateXML_Kaci => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {FDBC82E0-24B0-4225-8657-5EAF1A59EF4B} - System32\Tasks\ReclaimerUpdateFiles_Kaci => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000Core.job => C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000UA.job => C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001Core.job => C:\Users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001UA.job => C:\Users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJustin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Justin.job => C:\PROGRA~2\NORTON~2\Engine\351~1.6\Nss.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Kaci.job => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Kaci.job => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Kaci.job => C:\Users\Kaci\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-18 21:40 - 2015-01-18 21:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Justin\Downloads\Collection Verbiage.eml:OECustomProperty
AlternateDataStreams: C:\Users\Justin\Downloads\Diva Dollar Show.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42803227.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87485735.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42803227.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87485735.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3521969671-2636067396-303416300-500 - Administrator - Disabled)
Guest (S-1-5-21-3521969671-2636067396-303416300-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3521969671-2636067396-303416300-1007 - Limited - Enabled)
Justin (S-1-5-21-3521969671-2636067396-303416300-1000 - Administrator - Enabled) => C:\Users\Justin
Kaci (S-1-5-21-3521969671-2636067396-303416300-1001 - Administrator - Enabled) => C:\Users\Kaci

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 01:48:35 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2015/01/19 13:48:31 -0500 JUSTIN-PC Kaci MESSAGE IP Protection stopped successfully

Error: (01/19/2015 01:48:31 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2015/01/19 13:48:28 -0500 JUSTIN-PC Kaci MESSAGE Stopping IP protection

Error: (01/18/2015 10:57:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (01/13/2015 10:14:23 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2015/01/13 22:14:20 -0500 JUSTIN-PC (null) MESSAGE IP Protection stopped successfully

Error: (01/13/2015 10:14:19 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2015/01/13 22:14:16 -0500 JUSTIN-PC (null) MESSAGE Stopping IP protection

Error: (01/13/2015 10:14:16 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2015/01/13 22:14:13 -0500 JUSTIN-PC (null) MESSAGE Starting database refresh

Error: (01/07/2015 05:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 10.0.168.192.in-addr.arpa. PTR Justin-PC.local.

Error: (01/07/2015 05:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 19 10.0.168.192.in-addr.arpa. PTR Justin-PC-2.local.

Error: (01/07/2015 02:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 10.0.168.192.in-addr.arpa. PTR Justin-PC.local.

Error: (01/07/2015 02:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 19 10.0.168.192.in-addr.arpa. PTR Justin-PC-2.local.


System errors:
=============
Error: (01/19/2015 08:49:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/19/2015 08:49:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/19/2015 08:49:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/19/2015 08:47:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/19/2015 08:47:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/19/2015 01:48:35 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2015/01/19 13:48:31 -0500 JUSTIN-PC Kaci MESSAGE IP Protection stopped successfully

Error: (01/19/2015 01:48:31 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2015/01/19 13:48:28 -0500 JUSTIN-PC Kaci MESSAGE Stopping IP protection

Error: (01/18/2015 10:57:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (01/13/2015 10:14:23 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2015/01/13 22:14:20 -0500 JUSTIN-PC (null) MESSAGE IP Protection stopped successfully

Error: (01/13/2015 10:14:19 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2015/01/13 22:14:16 -0500 JUSTIN-PC (null) MESSAGE Stopping IP protection

Error: (01/13/2015 10:14:16 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2015/01/13 22:14:13 -0500 JUSTIN-PC (null) MESSAGE Starting database refresh

Error: (01/07/2015 05:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 10.0.168.192.in-addr.arpa. PTR Justin-PC.local.

Error: (01/07/2015 05:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 19 10.0.168.192.in-addr.arpa. PTR Justin-PC-2.local.

Error: (01/07/2015 02:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 10.0.168.192.in-addr.arpa. PTR Justin-PC.local.

Error: (01/07/2015 02:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 19 10.0.168.192.in-addr.arpa. PTR Justin-PC-2.local.


CodeIntegrity Errors:
===================================
Date: 2015-01-18 19:31:16.289
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-18 19:31:16.289
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-18 19:31:16.289
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-18 19:15:06.966
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-18 19:15:06.950
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-18 19:15:06.950
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-14 16:04:31.975
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-14 16:04:31.959
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-14 16:04:31.959
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-14 15:44:33.393
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 25%
Total physical RAM: 4085.18 MB
Available physical RAM: 3039.28 MB
Total Pagefile: 8168.54 MB
Available Pagefile: 7190.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:584.25 GB) (Free:434.34 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.83 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Install_Wizard) (CDROM) (Total:0.42 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

jb23

Thread Starter
Joined
Jun 28, 2013
Messages
27
Users shortcut scan result (x64) Version: 19-01-2015
Ran by Justin at 2015-01-19 20:53:54
Running from C:\Users\Justin\Downloads
Boot Mode: Safe Mode (with Networking)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Cisco AnyConnect VPN Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk -> C:\Program Files (x86)\Adobe\Acrobat_com\Acrobat_com.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk -> C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\PowerStarter.exe (CyberLink)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\ConvertXtoDVD 4.lnk -> C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\l glp license.lnk -> C:\Program Files (x86)\VSO\ConvertX\4\lgpl-2.1.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\Uninstall ConvertXToDVD.lnk -> C:\Program Files (x86)\VSO\ConvertX\4\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware View Client.lnk -> C:\Program Files\VMware\VMware View\Client\bin\wswc.exe (VMware, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Regulatory and Safety Information.lnk -> C:\hp\documentation\Regulatory_EN.xps ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Safety & Comfort Guide.lnk -> C:\hp\documentation\SCG_en-US.xps ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Upgrading and Servicing Guide.lnk -> C:\hp\documentation\usglgt_EN.xps ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Check for Updates Online.lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\FMSUpdate.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Font Management System Help File.lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\FontManagementSystemM.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Font Management System.lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\FontManagementSystem.exe (Summitsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Product Showcase.lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\Summitsoft Products.exe (Macromedia, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Register Online....lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\FRegister.exe (Summitsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer Converter.lnk -> C:\Program Files (x86)\Real\RealPlayer\realconverter.exe (RealNetworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer Trimmer.lnk -> C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe (RealNetworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012\Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012\Quicken 2012.lnk -> C:\Program Files (x86)\Quicken\qw.exe (Intuit Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012\Quicken Online Backup.lnk -> C:\Program Files (x86)\Quicken\QuickenOLBackupLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Hardware Diagnostic Tools.lnk -> C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe (PC-Doctor, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\HP support information.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Information\HPSysInfo.exe (Hewlett-Packard Development Company, L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Skype.lnk -> C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Juno Dial-up.lnk -> C:\Program Files (x86)\JunoPreloader\Juno Offer!.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\MSN.lnk -> C:\Program Files (x86)\Online Services\MSN90\msnsusii.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\United States\Netzero Dial-up.lnk -> C:\Program Files (x86)\NetZeroPreloader\NetZero Offer!.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan\Norton Security Scan.lnk -> C:\Program Files (x86)\Norton Security Scan\Engine\3.5.1.6\Nss.exe (Symantec Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan\Uninstall Norton Security Scan.lnk -> C:\Program Files (x86)\Norton Security Scan\Engine\3.5.1.6\InstWrap.exe (Symantec Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Simple Labeler.lnk -> C:\Program Files (x86)\LightScribe\SimpleLabeler\SimpleLabeler.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk -> C:\Program Files (x86)\Common Files\LightScribe\shortcuts\LightScribe Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk -> C:\Program Files (x86)\Common Files\LightScribe\shortcuts\Quick Demo.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect\LeapFrog Connect.lnk -> C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe (LeapFrog Enterprises, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect\Uninstall LeapFrog Connect.lnk -> C:\Program Files (x86)\LeapFrog\LeapFrog Connect\uninst.exe (LeapFrog Enterprises, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\End User License Agreement.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Doc\en\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security Help.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Doc\en\kis\context.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Visit Kaspersky Lab on the Web.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kl.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP MediaSmart Demo\HP MediaSmart Demo.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart Demo\Project Files\HP MediaSmart Demo.exe (HP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\hp\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart DVD.lnk -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart.lnk -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Help.lnk -> C:\Program Files (x86)\hp\HP Deskjet 3050A J611 series\bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\HP Scan.lnk -> C:\Program Files (x86)\hp\HP Deskjet 3050A J611 series\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetupLauncher.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Product Support Website.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\ProductSupportShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Shop for Supplies.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Wireless Printing Online Help.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\WirelessEasyShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\AdvisorVideo.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\AdvisorVideo\Doc.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\WebUpdater.lnk -> C:\Program Files (x86)\Garmin\WebUpdater\WebUpdater.exe (GARMIN Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN\FileASSASSIN.lnk -> C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN\Uninstall.lnk -> C:\Program Files (x86)\FileASSASSIN\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative Memories\Storybook Creator 4\Storybook Creator 4.lnk -> C:\Program Files\Creative Memories\StoryBook Creator 4.0\StorybookCreator4.exe (Creative Memories)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative Memories\StoryBook Creator 3\Storybook Creator 3.0.lnk -> C:\Program Files (x86)\Creative Memories\StoryBook Creator 3\CDMPublisher.exe (Caspedia Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative Memories\StoryBook Creator 3\Storybook Creator Help.lnk -> C:\Program Files (x86)\Creative Memories\StoryBook Creator 3\CDMPublisher.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative Memories\StoryBook Creator 3\User's Guide.lnk -> C:\Program Files (x86)\Creative Memories\StoryBook Creator 3\UserGuide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco AnyConnect VPN Client\Cisco AnyConnect VPN Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Hewlett-Packard\Recovery\Links\RM.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
Shortcut: C:\ProgramData\Hewlett-Packard\Netzero\launchnz.lnk -> C:\Program Files (x86)\NetZeroPreloader\NetZero Offer!.exe ()
Shortcut: C:\ProgramData\Hewlett-Packard\msn\launchmsn.lnk -> C:\Program Files (x86)\Online Services\MSN90\msnsusii.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Hewlett-Packard\Juno\launchjuno.lnk -> C:\Program Files (x86)\JunoPreloader\Juno Offer!.exe ()
Shortcut: C:\ProgramData\Hewlett-Packard\HP Advisor\HP Advisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\Links\Desktop.lnk -> C:\Users\Justin\Desktop ()
Shortcut: C:\Users\Justin\Links\Downloads.lnk -> C:\Users\Justin\Downloads ()
Shortcut: C:\Users\Justin\Desktop\Cisco AnyConnect VPN Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
Shortcut: C:\Users\Justin\Desktop\Google Chrome.lnk -> C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Justin\Desktop\updated\P1060529 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060529.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\updated\P1060566 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060566.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\updated\P1060569 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060569.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\updated\P1060570 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060570.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\updated\P1060571 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060571.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\updated\P1060573 - Shortcut.lnk -> F:\DCIM\106_PANA\P1060573.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\IMG_2560 - Shortcut.lnk -> G:\2014 - April\IMG_2560.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\IMG_2624 - Shortcut.lnk -> G:\2014 - April\IMG_2624.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\IMG_2651 - Shortcut.lnk -> G:\2014 - April\IMG_2651.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050867 - Shortcut.lnk -> G:\2014 - April\P1050867.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050888 - Shortcut.lnk -> G:\2014 - April\P1050888.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050889 - Shortcut.lnk -> G:\2014 - April\P1050889.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050899 - Shortcut.lnk -> G:\2014 - April\P1050899.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050902 - Shortcut.lnk -> G:\2014 - April\P1050902.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050908 - Copy - Shortcut.lnk -> G:\2014 - April\P1050908 - Copy.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050913 - Shortcut.lnk -> G:\2014 - April\P1050913.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050915 - Shortcut.lnk -> G:\2014 - April\P1050915.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050920 - Shortcut.lnk -> G:\2014 - April\P1050920.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050956 - Shortcut.lnk -> G:\2014 - April\P1050956.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050957 - Shortcut.lnk -> G:\2014 - April\P1050957.JPG (No File)
Shortcut: C:\Users\Justin\Desktop\Shutter\P1050973 - Shortcut.lnk -> G:\2014 - April\P1050973.JPG (No File)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk -> C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\Links\Desktop.lnk -> C:\Users\Justin\Desktop ()
Shortcut: C:\Users\Kaci\Links\Downloads.lnk -> C:\Users\Justin\Downloads ()
Shortcut: C:\Users\Kaci\Desktop\ConvertXtoDVD 4.lnk -> C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\Users\Kaci\Desktop\Google Chrome.lnk -> C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Kaci\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Kaci\Desktop\iLivid.lnk -> C:\Users\Justin\AppData\Local\iLivid\iLivid.exe (No File)
Shortcut: C:\Users\Kaci\Desktop\Home\Inspection Response - Shortcut.lnk -> C:\Users\Kaci\Documents\Inspection Response.pdf ()
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk -> C:\Users\Justin\AppData\Local\iLivid\iLivid.exe (No File)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk -> C:\Users\Justin\AppData\Local\iLivid\iLivid.exe (No File)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Kaci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\FileASSASSIN.lnk -> C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Font Management System.lnk -> C:\Program Files (x86)\Summitsoft\Font Management System\FontManagementSystem.exe (Summitsoft Corporation)
Shortcut: C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\ePrintCenterShortcut.url ()
Shortcut: C:\Users\Public\Desktop\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\Users\Public\Desktop\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO)
Shortcut: C:\Users\Public\Desktop\LeapFrog Connect.lnk -> C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe (LeapFrog Enterprises, Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\NETGEAR Genie.lnk -> C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
Shortcut: C:\Users\Public\Desktop\Quicken Deluxe 2012.lnk -> C:\Program Files (x86)\Quicken\qw.exe (Intuit Inc.)
Shortcut: C:\Users\Public\Desktop\Storybook Creator 3.0.lnk -> C:\Program Files (x86)\Creative Memories\StoryBook Creator 3\CDMPublisher.exe (Caspedia Corporation)
Shortcut: C:\Users\Public\Desktop\Storybook Creator 4.lnk -> C:\Program Files\Creative Memories\StoryBook Creator 4.0\StorybookCreator4.exe (Creative Memories)
Shortcut: C:\Users\Public\Desktop\VMware View Client.lnk -> C:\Program Files\VMware\VMware View\Client\bin\wswc.exe (VMware, Inc.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=quickenfc&pf=cndt&locale=en_us&bd=pavilion&c=94
ShortcutWithArgument: C:\Users\Kaci\AppData\Roaming\Real\RealPlayer\History\http---www.real.com-realplayer-startup.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://www.real.com/realplayer/startup


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\Drivers\Remove Driver (Compatibility Mode).lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (VSO Software SARL) -> /remove /removeatip "Run compatibility mode for burning... Please reboot aftwerwards!"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft\Font Management System\Uninstall Font Management System.lnk -> C:\Windows\Font Management System\uninstall.exe () -> "/U:C:\Program Files (x86)\Summitsoft\Font Management System\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) -> -det
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer.lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.) -> /launch:start_menu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\Sound Troubleshooter.lnk -> C:\Program Files\PC-Doctor for Windows\troubleshooter\RunTroubleshooter.exe () -> audio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\getonline.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP TCS\hptcs.exe (Hewlett-Packard Company) -> MODE=GETONLINE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe () -> /design
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk -> C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe (Hewlett-Packard Company) -> 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Remove Kaspersky Internet Security.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i{6F6873E3-5C92-4049-B511-231A138DD090} REMOVE=ALL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> notes
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> reminders
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\- HP Game Console -.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Blasterball 2 Revolution.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\bb2-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Bob the Builder Can-Do-Zoo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bob the Builder Can-Do-Zoo\BobTheBuilder Zoo-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Build-a-lot 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Build-a-lot 3\Buildalot3-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Eighteen Wheels of Steel Haulin'.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Eighteen Wheels of Steel Haulin'\haulin-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Family Feud 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Family Feud 3\FamilyFeud3-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Farm Frenzy - Pizza Party.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\FarmFrenzyPizzaParty-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\FATE Undiscovered Realms.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE Undiscovered Realms\Fate-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\John Deere Drive Green.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\John Deere Drive Green\DriveGreen1-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Liong - The Lost Amulets.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Liong - The Lost Amulets\liong2-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Mortimer Beckett and the Time Paradox.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mortimer Beckett and the Time Paradox\MortimerTimeParadox-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Mystery P.I. - The New York Fortune.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune\MysteryPINewYork-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Mystery P.I. - The Vegas Heist.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\MysteryPIVegas-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Peggle.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Peggle\Peggle-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Scrabble.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Scrabble\GHScrabble-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Slingo Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Slingo Deluxe\Slingo-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\The Hidden Object Game Show.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\The Hidden Object Game Show\THOS-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Totem Tribe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Totem Tribe\Totem Tribe-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\World of Goo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\World of Goo\WorldOfGoo-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /src startmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HP Deskjet 3050A J611 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 9.5 /DDV 0x0900
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /qb /x {1B77E249-B8D5-4E5E-8848-693ACEF84E6D}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3050A J611 series\Update IP Address.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett-Packard Co.) -> /changeip ""
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\HPAdvisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=DOCKVIEW,SYSTRAY
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCAlerts.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=PC_ACTION_CENTER TOUCHPOINT=STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDashboard.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=PC_HEALTH_SECURITY TOUCHPOINT=STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDiscovery.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=ECENTER TOUCHPOINT=STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDock.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=DOCKVIEW,SYSTRAY
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard\HP Setup.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP TCS\hptcs.exe (Hewlett-Packard Company) -> DESKTOP
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- HP Game Console -.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blasterball 2 Revolution.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\bb2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bob the Builder Can-Do-Zoo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bob the Builder Can-Do-Zoo\BobTheBuilder Zoo-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Build-a-lot 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Build-a-lot 3\Buildalot3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Eighteen Wheels of Steel Haulin'.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Eighteen Wheels of Steel Haulin'\haulin-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Family Feud 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Family Feud 3\FamilyFeud3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Farm Frenzy - Pizza Party.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\FarmFrenzyPizzaParty-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE Undiscovered Realms.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE Undiscovered Realms\Fate-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\House of Cards.lnk -> C:\Program Files (x86)\HP Games\House of Cards\House of Cards Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\John Deere Drive Green.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\John Deere Drive Green\DriveGreen1-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Liong - The Lost Amulets.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Liong - The Lost Amulets\liong2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from HP Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mortimer Beckett and the Time Paradox.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mortimer Beckett and the Time Paradox\MortimerTimeParadox-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mystery P.I. - The New York Fortune.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune\MysteryPINewYork-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mystery P.I. - The Vegas Heist.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\MysteryPIVegas-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Peggle.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Peggle\Peggle-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Pizza Chef.lnk -> C:\Program Files (x86)\HP Games\Pizza Chef\PizzaChef-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Scrabble.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Scrabble\GHScrabble-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Slingo Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Slingo Deluxe\Slingo-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\The Hidden Object Game Show.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\The Hidden Object Game Show\THOS-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Totem Tribe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Totem Tribe\Totem Tribe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Goo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\World of Goo\WorldOfGoo-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{dca1986f-ee34-41f3-a1d0-41885134c622}\PlayTasks\0\House of Cards.lnk -> C:\Program Files (x86)\HP Games\House of Cards\House of Cards Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{db99c2dc-ace4-4f72-aea0-be38b40c0540}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d8201099-7318-4611-910a-78b4e5a8bcbd}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d63c8f23-b235-41a1-999d-c7d8ea1a7c80}\PlayTasks\0\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d5396f9a-d968-4717-a850-6e1fb9eebb00}\PlayTasks\0\Blasterball 2 Revolution.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\bb2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d4db71bf-5157-4a48-ae2d-0f87a09662f8}\PlayTasks\0\Scrabble.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Scrabble\GHScrabble-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d1ca6a92-4cb1-4fc3-855f-abcf7338c07f}\PlayTasks\0\Family Feud 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Family Feud 3\FamilyFeud3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c4214208-dae1-4741-81f3-a33e5789871d}\PlayTasks\0\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c1d16e94-defe-4995-ac31-0c3605c3bd6a}\PlayTasks\0\Mystery P.I. - The Vegas Heist.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\MysteryPIVegas-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b6602113-b3c7-45a1-a9f3-d54cfd381d30}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b2a0720f-164e-4de1-ba1e-9f9ef1af828f}\PlayTasks\0\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b03b05fa-e678-49c4-8911-14bb1ffb93a4}\PlayTasks\0\FATE Undiscovered Realms.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE Undiscovered Realms\Fate-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{aacdcf98-5492-455c-860e-81f724b5d1c8}\PlayTasks\0\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{95dd4657-16e4-4196-af57-4b232798c304}\PlayTasks\0\Bob the Builder Can-Do-Zoo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bob the Builder Can-Do-Zoo\BobTheBuilder Zoo-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{92cf6136-d411-4c68-90a2-d5cd990b28df}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{8d5e214b-2900-42fb-9c52-4e969eaf0724}\PlayTasks\0\The Hidden Object Game Show.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\The Hidden Object Game Show\THOS-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{818653a5-8b98-4557-9b27-c5b8ddb2e5bf}\PlayTasks\0\Slingo Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Slingo Deluxe\Slingo-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{76d22521-9769-45ec-96be-443fba84dfe3}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ecf0829-012e-4d51-942e-0db591aa7769}\PlayTasks\0\Pizza Chef.lnk -> C:\Program Files (x86)\HP Games\Pizza Chef\PizzaChef-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{594df207-8e5f-4fbe-b9b3-192e148488e7}\PlayTasks\0\Liong - The Lost Amulets.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Liong - The Lost Amulets\liong2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{51941625-bded-4dcd-bea7-a123606ce41c}\PlayTasks\0\Mystery P.I. - The New York Fortune.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune\MysteryPINewYork-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4d9b912b-2ccd-47a4-be64-0457d0223236}\PlayTasks\0\Build-a-lot 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Build-a-lot 3\Buildalot3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3d575eb6-89ab-4fad-8221-5cba8974c31d}\PlayTasks\0\Totem Tribe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Totem Tribe\Totem Tribe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{39937aab-1cce-4767-8ab7-7fc855bf0068}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2faf760b-5d2c-4ae8-a546-8b5b9621e8cb}\PlayTasks\0\Mortimer Beckett and the Time Paradox.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mortimer Beckett and the Time Paradox\MortimerTimeParadox-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2e90e3c5-229c-4672-93aa-f0d111356749}\PlayTasks\0\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2d41118d-a406-44a4-af44-1ac89665bde6}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2d1d6a5e-af2b-4e7d-9da2-b7447e942fe5}\PlayTasks\0\John Deere Drive Green.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\John Deere Drive Green\DriveGreen1-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2a8d90cf-9553-41e5-876f-2bdb163c1757}\PlayTasks\0\Farm Frenzy - Pizza Party.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\FarmFrenzyPizzaParty-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1c5d3cd4-c3b4-49de-924b-b81e80af47f1}\PlayTasks\0\World of Goo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\World of Goo\WorldOfGoo-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1a097108-4d65-46f0-b3d3-12c91ea56fdd}\PlayTasks\0\Peggle.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Peggle\Peggle-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{11d01edd-046f-4922-8502-8eefb0480bc8}\PlayTasks\0\Eighteen Wheels of Steel Haulin'.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Eighteen Wheels of Steel Haulin'\haulin-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\SDP\launchreg.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP TCS\hptcs.exe (Hewlett-Packard Company) -> MODE=REGISTRATION
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Apps.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallApp
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\DelRP.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /DelRP
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Driver.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallDriver
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Report.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /RecoveryReport
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\RMC.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /CDCreator
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\base\launch_base.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP TCS\hptcs.exe (Hewlett-Packard Company) -> MODE=GETONLINE
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Justin\Desktop\Safe Money.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO) -> -safebanking
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=DOCKVIEW,SYSTRAY
ShortcutWithArgument: C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Justin\AppData\Local\Microsoft\Windows\GameExplorer\{5ecf0829-012e-4d51-942e-0db591aa7769}\PlayTasks\0\Pizza Chef.lnk -> C:\Program Files (x86)\HP Games\Pizza Chef\PizzaChef-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\Users\Justin\AppData\Local\Microsoft\Windows\GameExplorer\{2a8d90cf-9553-41e5-876f-2bdb163c1757}\PlayTasks\0\Farm Frenzy - Pizza Party.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\FarmFrenzyPizzaParty-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\Justin\AppData\Local\Microsoft\Windows\GameExplorer\{11d01edd-046f-4922-8502-8eefb0480bc8}\PlayTasks\0\Eighteen Wheels of Steel Haulin'.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Eighteen Wheels of Steel Haulin'\haulin-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\Kaci\Desktop\Safe Money.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO) -> -safebanking
ShortcutWithArgument: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\HP ePrint\Uninstall Product Software.lnk -> C:\Program Files (x86)\hp\csiInstaller\2794875B-6CCF-48B8-84A5-5B10DB98BEE6\Setup.exe (Hewlett-Packard) -> /Uninstall
ShortcutWithArgument: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Kaci\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HP Deskjet 3050A J611 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\Users\Public\Desktop\Play HP Games.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem
ShortcutWithArgument: C:\Users\Public\Desktop\RealPlayer.lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.) -> /launch:desktop


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=pandora&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\RPM\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2012/07-ot-50
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Premier\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2012/07-ot-50
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Hab\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2012/07-ot-50
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Deluxe\Custom\icons\Experian.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2012/07-ot-50
InternetURL: C:\Users\Default\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cndt&locale=en_US&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pandora&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Default\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\Encore.url -> https://asp.spectrumk12.com/IN/WCJS/Encore/EncoreCBLWebUI/Login.aspx
InternetURL: C:\Users\Justin\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Justin\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Justin\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Justin\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Justin\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Justin\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Justin\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Justin\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Justin\Favorites\Links\AOL.com - News, Sports, Weather, Entertainment, Stocks & Local.url -> hxxp://hp-desktop.aol.com/
InternetURL: C:\Users\Justin\Favorites\Links\HP - See What's Hot.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=webslice&tp=iefavbar&pf=cndt&locale=en_us&bd=pavilion&c=94
InternetURL: C:\Users\Justin\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Justin\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Justin\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cndt&locale=en_US&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pandora&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Justin\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\Spectrum K12 School Solutions - Login.url -> https://asp.spectrumk12.com/IN/WCJS/Encore/EncoreCBLWebUI/Login.aspx
InternetURL: C:\Users\Kaci\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Kaci\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Kaci\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Kaci\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Kaci\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Kaci\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Kaci\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Kaci\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Kaci\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Kaci\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Kaci\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Kaci\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Kaci\Favorites\Links\HP - See What's Hot.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=webslice&tp=iefavbar&pf=cndt&locale=en_us&bd=pavilion&c=94
InternetURL: C:\Users\Kaci\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Kaci\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Kaci\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cndt&locale=en_US&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pandora&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cndt&locale=en_us&bd=all&c=94
InternetURL: C:\Users\Kaci\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cndt&locale=en_us&bd=all&c=94

==================== End of log =============================
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
At the black screen, press Ctrl+Alt+Delete. Bring the task manager and run Explorer.exe as a new task. Does it bring the user graphic interface?

Download the enclosed file. (see below) Save it in the same location FRST is saved. Launch FRST and click on the Fix button. The tool will produce a log, fixlog.txt. Please post it in your next reply.
 

Attachments

jb23

Thread Starter
Joined
Jun 28, 2013
Messages
27
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Justin at 2015-01-20 20:28:21 Run:1
Running from C:\Users\Justin\Downloads
Loaded Profiles: Justin (Available profiles: Justin & Kaci)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
start
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE [x]
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll [2260480 2009-03-05] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll [2260480 2009-03-05] ()
SearchScopes: HKLM - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
2013-06-06 16:21 - 2013-06-06 16:21 - 00017319 ____H C:\Users\Kaci\Downloads\~WRL0005.tmp
C:\Users\Kaci\Downloads\~WRL0005.tmp
end
*****************

HKU\HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found.
HKU\HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE [x] => Value not found.
"AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll [2260480 2009-03-05] ()" => Value Data not found.
"AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll [2260480 2009-03-05] ()" => Value Data not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM-x32 - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd => Value not found.
\\SearchScopes: HKCU - {63BBAC8D-8930-4C18-B2E8-65A75711BAF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File => Key not found.
HKCR\Wow6432Node\CLSID\BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File => Key not found.
\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value not found.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Value not found.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
"C:\Users\Kaci\Downloads\~WRL0005.tmp" => File/Directory not found.
"C:\Users\Kaci\Downloads\~WRL0005.tmp" => File/Directory not found.

==== End of Fixlog 20:28:22 ====
 

jb23

Thread Starter
Joined
Jun 28, 2013
Messages
27
In regards to your last question "At the black screen, press Ctrl+Alt+Delete. Bring the task manager and run Explorer.exe as a new task. Does it bring the user graphic interface?", do you mean to restart the computer and log on normally without going through safe mode? If so, what do you mean by bringing the user graphic interface?
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Yes. In normal mode, at the black screen, try this hint. When Explorer.exe is ran, the Graphic Interface should engaged, meaning, your desktop and icons should appear.
 

jb23

Thread Starter
Joined
Jun 28, 2013
Messages
27
When I hit Ctrl+Alt+Del, it shoes Explorer.exe as a process already running.
The desktop came up, yet no icons. For what it's worth,this process of getting to the desktop seemed very slow.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
I don't see any shortcuts under justin. Lets try Combofix.

Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
-----------------------------------------------------------​
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------​
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    -----------------------------------------------------------​
  4. Close any open browsers.
  5. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  6. Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  7. If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • Install the Recovery Console if prompted.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" .
    • **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
 

jb23

Thread Starter
Joined
Jun 28, 2013
Messages
27
ComboFix 15-01-18.01 - Justin 01/21/2015 18:28:50.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.3349 [GMT -5:00]
Running from: c:\users\Justin\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\6D59.tmp
c:\users\Justin\AppData\Roaming\.#
c:\users\Kaci\AppData\Roaming\inst.exe
c:\users\Kaci\AppData\Roaming\vso_ts_preview.xml
c:\users\Kaci\Documents\C5B8658E.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Service_pcCMService
.
.
((((((((((((((((((((((((( Files Created from 2014-12-21 to 2015-01-21 )))))))))))))))))))))))))))))))
.
.
2015-01-20 01:50 . 2015-01-21 01:28 -------- d-----w- C:\FRST
2014-12-31 15:09 . 2014-12-31 15:09 -------- d-----w- c:\windows\A6F7860A7B9E44F68EFD6D9BEB98F556.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-07 16:02 . 2014-07-22 01:38 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-12-14 08:06 . 2009-11-03 01:58 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-14 00:13 . 2013-07-10 17:26 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-14 00:13 . 2013-07-10 17:26 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-13 05:09 . 2014-12-17 20:29 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-17 20:29 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-13 23:59 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-13 23:59 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-13 23:59 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-13 23:59 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-13 23:59 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-13 23:59 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-13 23:59 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-13 23:59 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-13 23:59 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-13 23:59 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-13 23:59 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-13 23:59 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-13 23:59 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-13 23:59 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-13 23:59 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-13 23:59 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-13 23:59 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-13 23:59 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-13 23:59 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-13 23:59 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-13 23:59 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-13 23:59 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-13 23:59 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-13 23:59 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-13 23:59 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-13 23:59 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-13 23:59 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-13 23:59 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-13 23:59 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-13 23:59 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-13 23:59 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-13 23:59 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-13 23:59 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-13 23:59 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-13 23:59 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-13 23:59 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-13 23:59 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-13 23:59 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-13 23:59 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-13 23:59 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-13 23:59 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-13 23:59 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-13 23:59 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-13 23:59 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-13 23:59 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-13 23:59 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-13 23:59 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-13 23:59 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-19 09:31 . 2014-11-19 09:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-13 23:59 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-21 22:55 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-21 22:55 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-13 23:59 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-21 22:55 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-21 22:55 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-13 23:59 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-13 23:55 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-13 23:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-13 23:55 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-13 23:55 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-13 04:27 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-13 04:27 67584 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2014-06-11 596480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-03 296056]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2014-07-11 118272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTMouseFilterx64.sys [x]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVTabletPCx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
R4 vmware-view-usbd;VMware View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [x]
R4 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-10 00:13]
.
2015-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000Core.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-06 07:03]
.
2015-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-06 07:03]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001Core.job
- c:\users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-27 19:29]
.
2015-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001UA.job
- c:\users\Kaci\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-27 19:29]
.
2015-01-05 c:\windows\Tasks\HPCeeScheduleForJustin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-24 363544]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-WinPatrol - c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-42803227.sys
SafeBoot-87485735.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Secunia\PSI\psi.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2015-01-21 18:45:04 - machine was rebooted
ComboFix-quarantined-files.txt 2015-01-21 23:45
.
Pre-Run: 466,629,562,368 bytes free
Post-Run: 467,144,278,016 bytes free
.
- - End Of File - - 890470CBC299A78DAEA4F9D2499F3338
D8A52EE1AA79BECDEFE158CAD368052E
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Still unable to load in Normal Mode?

Please rescan with FRST and post its reports.
 

jb23

Thread Starter
Joined
Jun 28, 2013
Messages
27
It did load this last time after the automatic restart from Combofix.
 

jb23

Thread Starter
Joined
Jun 28, 2013
Messages
27
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Justin (administrator) on JUSTIN-PC on 21-01-2015 20:28:43
Running from C:\Users\Justin\Downloads
Loaded Profiles: Justin (Available profiles: Justin & Kaci)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2011-12-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-29] (Hewlett-Packard)
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
HKU\S-1-5-21-3521969671-2636067396-303416300-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {E5AE975A-DDB2-4086-80FC-E566E6976F24} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {C70A4FFC-0A59-41D5-B476-AAB000E6FF73} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> DefaultScope {5438DE99-F3B1-427C-BE98-1CA335776A80} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> {5438DE99-F3B1-427C-BE98-1CA335776A80} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> {5AF511D0-E2C2-4D2F-BFEB-AA6C5CAD4DAD} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3521969671-2636067396-303416300-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.666 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3521969671-2636067396-303416300-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3521969671-2636067396-303416300-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-20]
FF Extension: Ghostery - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\[email protected] [2013-08-02]
FF Extension: NoScript - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-07]
FF Extension: Adblock Plus - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\qy3lwmgj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-01-19]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-01-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: &#1052;&#1086;&#1076;&#1091;&#1083;&#1100; &#1087;&#1077;&#1088;&#1077;&#1074;&#1110;&#1088;&#1082;&#1080; &#1087;&#1086;&#1089;&#1080;&#1083;&#1072;&#1085;&#1100; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: &#1042;&#1110;&#1088;&#1090;&#1091;&#1072;&#1083;&#1100;&#1085;&#1072; &#1082;&#1083;&#1072;&#1074;&#1110;&#1072;&#1090;&#1091;&#1088;&#1072; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: &#1052;&#1086;&#1076;&#1091;&#1083;&#1100; &#1073;&#1083;&#1086;&#1082;&#1091;&#1074;&#1072;&#1085;&#1085;&#1103; &#1085;&#1077;&#1073;&#1077;&#1079;&#1087;&#1077;&#1095;&#1085;&#1080;&#1093; &#1074;&#1077;&#1073;-&#1089;&#1072;&#1081;&#1090;&#1110;&#1074; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Ch&#7863;n qu&#7843;ng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: &#1041;&#1077;&#1079;&#1087;&#1077;&#1095;&#1085;&#1110; &#1087;&#1083;&#1072;&#1090;&#1077;&#1078;&#1110; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013-11-20]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Justin\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Justin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]
CHR Extension: (Kaspersky Protection) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-08-18]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-25]
CHR Extension: (Motive Extension) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-07-06]
CHR Extension: (SiteAdvisor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-07-06]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-07-06]
CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Anti-Banner) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-25]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-04-03]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-04-03]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-09-25]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]
CHR StartMenuInternet: Google Chrome - C:\Users\Justin\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-10-16] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2012-12-03] (VMware, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [X]
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2014-07-11] (LeapFrog)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-20] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15208 2009-06-17] (Secunia) [File not signed]
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [12584 2010-06-15] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [15784 2010-06-15] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [18432 2010-06-15] (SMART Technologies ULC) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 18:45 - 2015-01-21 18:45 - 00024884 _____ () C:\ComboFix.txt
2015-01-21 18:26 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-21 18:26 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-21 18:26 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-21 18:26 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-21 18:26 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-21 18:26 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-21 18:26 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-21 18:26 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-21 18:21 - 2015-01-21 18:45 - 00000000 ____D () C:\Qoobox
2015-01-21 18:21 - 2015-01-21 18:42 - 00000000 ____D () C:\Windows\erdnt
2015-01-21 18:20 - 2015-01-21 18:20 - 00001434 _____ () C:\Users\Justin\Desktop\ComboFix - Shortcut.lnk
2015-01-21 18:18 - 2015-01-21 18:18 - 05608785 ____R (Swearware) C:\Users\Justin\Downloads\ComboFix.exe
2015-01-21 18:12 - 2015-01-21 18:12 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2015-01-20 20:33 - 2015-01-20 20:33 - 00001414 _____ () C:\Users\Justin\Desktop\FRST64 - Shortcut.lnk
2015-01-19 21:58 - 2015-01-19 21:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 20:53 - 2015-01-19 20:53 - 00096627 _____ () C:\Users\Justin\Downloads\Shortcut.txt
2015-01-19 20:51 - 2015-01-21 20:29 - 00029893 _____ () C:\Users\Justin\Downloads\FRST.txt
2015-01-19 20:50 - 2015-01-21 20:28 - 00000000 ____D () C:\FRST
2015-01-19 20:50 - 2015-01-19 20:50 - 02126848 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
2015-01-19 20:50 - 2015-01-19 20:50 - 02126848 _____ (Farbar) C:\Users\Justin\Downloads\FRST64(1).exe
2015-01-18 21:13 - 2015-01-18 21:13 - 00509440 _____ (Tech Support Guy System) C:\Users\Justin\Downloads\SysInfo.exe
2015-01-07 17:34 - 2015-01-07 17:34 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-06 22:05 - 2015-01-06 22:05 - 02428928 _____ () C:\Users\Justin\Downloads\image (16).jpeg
2015-01-06 21:58 - 2015-01-06 21:58 - 00143360 _____ () C:\Users\Justin\Downloads\image (15).jpeg
2015-01-06 21:58 - 2015-01-06 21:58 - 00143360 _____ () C:\Users\Justin\Downloads\image (14).jpeg
2014-12-31 10:09 - 2014-12-31 10:09 - 00000000 ____D () C:\Windows\A6F7860A7B9E44F68EFD6D9BEB98F556.TMP
2014-12-31 10:07 - 2014-12-31 10:08 - 11873400 _____ (LeapFrog Enterprises, Inc.) C:\Users\Justin\Downloads\LeapFrogConnectSetup_TagJunior.exe
2014-12-30 21:40 - 2014-12-30 21:41 - 03850458 _____ () C:\Users\Justin\Downloads\NewJewelryIsHere_S15_4up

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 20:27 - 2010-01-06 16:22 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000UA.job
2015-01-21 20:13 - 2013-07-10 12:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-21 20:13 - 2013-07-10 12:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 20:13 - 2013-07-10 12:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 20:13 - 2013-07-10 12:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 19:50 - 2009-09-17 23:18 - 01330085 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 19:35 - 2010-01-26 19:30 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1001UA.job
2015-01-21 18:48 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 18:48 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 18:45 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-21 18:38 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-21 18:37 - 2013-11-20 16:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-21 18:36 - 2009-11-18 03:20 - 01594468 _____ () C:\Windows\PFRO.log
2015-01-21 18:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 18:36 - 2009-07-13 23:51 - 00047185 _____ () C:\Windows\setupact.log
2015-01-21 18:34 - 2009-07-13 21:34 - 20447232 _____ () C:\Windows\system32\config\system.bak
2015-01-21 18:34 - 2009-07-13 21:34 - 100925440 _____ () C:\Windows\system32\config\software.bak
2015-01-21 18:34 - 2009-07-13 21:34 - 05767168 _____ () C:\Windows\system32\config\default.bak
2015-01-21 18:34 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-01-21 18:34 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-01-19 20:53 - 2013-07-01 18:20 - 00038744 _____ () C:\Users\Justin\Downloads\Addition.txt
2015-01-19 20:47 - 2013-07-07 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-07 17:31 - 2014-10-22 17:59 - 00000000 ____D () C:\Users\Justin\AppData\Local\NETGEARGenie
2015-01-06 20:28 - 2010-01-06 16:22 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521969671-2636067396-303416300-1000Core.job
2015-01-05 12:54 - 2011-10-31 14:12 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-05 12:54 - 2009-11-02 11:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-04 21:32 - 2014-08-25 18:55 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJustin
2015-01-04 21:32 - 2014-08-25 18:55 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForJustin.job
2015-01-04 20:24 - 2012-07-06 14:10 - 00000000 ____D () C:\Users\Justin\Documents\StoryBook Creator Projects
2014-12-31 10:21 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 10:10 - 2010-12-05 23:06 - 00036976 _____ () C:\Windows\DPINST.LOG
2014-12-31 10:02 - 2009-11-02 11:49 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-12-30 12:50 - 2013-12-25 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect

==================== Files in the root of some directories =======
2011-05-12 20:33 - 2011-08-22 18:12 - 0001854 _____ () C:\Users\Justin\AppData\Roaming\GhostObjGAFix.xml
2009-11-01 22:13 - 2009-11-01 22:13 - 2925193 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 041.0
2009-11-01 22:13 - 2009-11-01 22:13 - 0846608 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 041.JPG
2009-11-01 22:13 - 2009-11-01 22:13 - 3150367 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 050.0
2009-11-01 22:13 - 2009-11-01 22:13 - 0903122 _____ () C:\Users\Justin\AppData\Local\tmpAWAITING BABY BECKER 050.JPG
2009-11-11 18:29 - 2009-11-11 18:29 - 2654292 _____ () C:\Users\Justin\AppData\Local\tmpDSC01701.0
2009-11-11 18:29 - 2009-11-11 18:29 - 0554658 _____ () C:\Users\Justin\AppData\Local\tmpDSC01701.JPG
2012-09-08 15:54 - 2012-09-08 15:54 - 0170225 _____ () C:\Users\Justin\AppData\Local\tmpSCAN0002.0
2012-09-08 15:54 - 2012-09-08 15:54 - 0173790 _____ () C:\Users\Justin\AppData\Local\tmpSCAN0002.JPG
2011-12-22 21:43 - 2011-12-22 21:43 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-09-15 22:18 - 2010-10-18 22:08 - 0006211 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-21 19:24

==================== End Of Log ============================
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top